unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: Nathan Dehnel <ncdehnel@gmail.com>
Cc: 39670@debbugs.gnu.org
Subject: bug#39670: Cannot mount NFS share as user or root
Date: Thu, 24 Sep 2020 21:53:10 -0400	[thread overview]
Message-ID: <878scyvczd.fsf@gmail.com> (raw)
In-Reply-To: <CAEEhgEtAeoxDcNQdR4BHx+9BCZq=9w5-A+Y0-J1L6Jf8rfFKkA@mail.gmail.com> (Nathan Dehnel's message of "Thu, 24 Sep 2020 02:19:29 -0500")

Hi,

Nathan Dehnel <ncdehnel@gmail.com> writes:

> Right, but it's more inconvenient than just clicking the share in thunar
> and it mounting. Actually, I can't mount it without doing "sudo" first,
> despite having the "user" fstab flag set. This actually might be a separate
> issue, but I'm not sure.

That's a good point.  We should try to make this simpler.  The mount.nfs
binary needs to be setuid root to allow unprivileged users to mount NFS
file systems.  Unfortunately, the mount command (which we already define
as setuid-root) only looked for helpers under /run/current/profile/sbin.
This is now fixed in commit def6e2ae4619587114383b3f8fd9f3cf8310b4b9
(which had to be made on core-updates).

> Why doesn't the regular "mount" command work, again? Some sort of
> dependency loop because of the functional package manager? And this is
> deemed "not guix-specific"?

For some file systems, 'mount' requires helper to be found in its PATH
(see: "man mount").  That is true on any systems (not Guix-specific).
These helpers are not installed out-of-the-box on Guix System, so you
need to add them yourself to the 'packages' operating system field.

If you also want to be able to use mount as an unprivileged user, the
mount command as well as its helpers must all be setuid-root.  Again,
this is something (for the helpers) that must currently done manually by
adding, for example:

--8<---------------cut here---------------start------------->8---
(setuid-programs (cons*
                   (file-append nfs-utils "/sbin/mount.nfs")
                   (file-append ntfs-3g "/sbin/mount.ntfs-3g")
                   %setuid-programs))
--8<---------------cut here---------------end--------------->8---

I've sent a patch for review which proposes to add these setuid-root binaries for
desktop users out-of-the-box on Guix System, which only adds about 4 MiB
to the almost 3 GiB closure of the lightweight-desktop.tmpl system [0].

As mentioned before, it depends on a change to util-linux that had to be
made on the core-updates branch, so it won't be usable until the next
core-updates merge.

Maxim

[0]  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43604




  parent reply	other threads:[~2020-09-25  1:52 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAEEhgEsz+aka+h8P8RN56ochGf_fBeSegj6LOPVkxdwoSHB6oQ@mail.gmail.com>
2020-02-18 21:33 ` bug#39670: Cannot mount NFS share as user or root Maxim Cournoyer
2020-02-18 21:43   ` Nathan Dehnel
2020-02-18 22:43     ` Maxim Cournoyer
2020-02-20 16:25   ` maxim.cournoyer
2020-05-28  3:11     ` Maxim Cournoyer
     [not found]       ` <CAEEhgEt109hcO1STeYv8rWT1hcn+K+JK-AO_1jvP6hJv8etf5w@mail.gmail.com>
     [not found]         ` <87y2kzvmc2.fsf@gmail.com>
     [not found]           ` <CAEEhgEtAeoxDcNQdR4BHx+9BCZq=9w5-A+Y0-J1L6Jf8rfFKkA@mail.gmail.com>
2020-09-25  1:53             ` Maxim Cournoyer [this message]
2020-10-01 19:49               ` Maxim Cournoyer
2020-10-02 23:08                 ` Nathan Dehnel
2020-10-13  3:22                   ` Maxim Cournoyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878scyvczd.fsf@gmail.com \
    --to=maxim.cournoyer@gmail.com \
    --cc=39670@debbugs.gnu.org \
    --cc=ncdehnel@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).