* bug#37569: Mount does not honor 'user' option.
@ 2019-10-01 13:41 Diego Nicola Barbato
2019-10-01 19:27 ` Danny Milosavljevic
0 siblings, 1 reply; 5+ messages in thread
From: Diego Nicola Barbato @ 2019-10-01 13:41 UTC (permalink / raw)
To: 37569
Hey Guix,
I have added the following to `file-systems' in my operating-system
config:
--8<---------------cut here---------------start------------->8---
(file-system
(device "127.0.0.1")
(mount-point "/home/diego/inf")
(type "9p")
(options "noextend,trans=tcp,dfltuid=1000,dfltgid=998,port=9001,user,nofail")
(mount? #f))
--8<---------------cut here---------------end--------------->8---
It works almost as expected except that when I try to mount the file
system as a regular user (which is what the option 'user' is supposed to
allow) I get:
$ LC_ALL=C mount inf
mount: /home/diego/inf: must be superuser to use mount.
The command succeeds if I run it as root.
The following steps reproduce the issue without using a 9p file system:
1. Prepare a file system on a loopback device:
$ dd if=/dev/zero of=foo.img bs=1024 count=524288
$ udisksctl loop-setup --file foo.img
Mapped file foo.img as /dev/loop0.
$ sudo mkfs.ext4 -L foofs /dev/loop0
2. Add the following line to /etc/fstab replacing <name> with something
more appropriate:
LABEL=foofs /home/<name>/foofs ext4 defaults,user
3. Try to mount the filesystem as an unprivileged user (This should work
and does work on e.g. Debian 10):
$ mkdir foofs
$ LC_ALL=C mount foofs
mount: /home/<name>/foofs: must be superuser to use mount.
4. Try it with sudo to confirm that everything else works as expected:
$ sudo mount foofs
$ ls foofs
lost+found/
Regards,
Diego
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#37569: Mount does not honor 'user' option.
2019-10-01 13:41 bug#37569: Mount does not honor 'user' option Diego Nicola Barbato
@ 2019-10-01 19:27 ` Danny Milosavljevic
2019-10-01 21:43 ` Diego Nicola Barbato
0 siblings, 1 reply; 5+ messages in thread
From: Danny Milosavljevic @ 2019-10-01 19:27 UTC (permalink / raw)
To: Diego Nicola Barbato; +Cc: 37569
[-- Attachment #1: Type: text/plain, Size: 80 bytes --]
Hmm, how is that solved with other distributions? Is "mount" suid root there?
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#37569: Mount does not honor 'user' option.
2019-10-01 19:27 ` Danny Milosavljevic
@ 2019-10-01 21:43 ` Diego Nicola Barbato
2019-10-04 6:59 ` Diego Nicola Barbato
0 siblings, 1 reply; 5+ messages in thread
From: Diego Nicola Barbato @ 2019-10-01 21:43 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: 37569
Hello Danny,
Danny Milosavljevic <dannym@scratchpost.org> writes:
> Hmm, how is that solved with other distributions? Is "mount" suid root there?
Indeed, in Debian both mount and umount are suid root:
$ stat -c "%a %U:%G %n" /bin/*mount
4755 root:root /bin/fusermount
4755 root:root /bin/mount
4755 root:root /bin/umount
Thanks,
Diego
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#37569: Mount does not honor 'user' option.
2019-10-01 21:43 ` Diego Nicola Barbato
@ 2019-10-04 6:59 ` Diego Nicola Barbato
2019-10-06 12:46 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Diego Nicola Barbato @ 2019-10-04 6:59 UTC (permalink / raw)
To: Danny Milosavljevic; +Cc: 37569
Diego Nicola Barbato <dnbarbato@posteo.de> writes:
> Hello Danny,
>
> Danny Milosavljevic <dannym@scratchpost.org> writes:
>
>> Hmm, how is that solved with other distributions? Is "mount" suid root there?
>
> Indeed, in Debian both mount and umount are suid root:
>
> $ stat -c "%a %U:%G %n" /bin/*mount
> 4755 root:root /bin/fusermount
> 4755 root:root /bin/mount
> 4755 root:root /bin/umount
I've tried adding "mount" and "umount" to `setuid-programs' in my
operating-system config:
--8<---------------cut here---------------start------------->8---
(setuid-programs (cons*
#~(string-append #$util-linux "/bin/mount")
#~(string-append #$util-linux "/bin/umount")
%setuid-programs))
--8<---------------cut here---------------end--------------->8---
Mounting as an unprivileged user now works as expected (even the fancy
9p stuff). Is there any rationale for not adding "mount" and "umount"
to `%setuid-programs' by default?
Thanks,
Diego
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#37569: Mount does not honor 'user' option.
2019-10-04 6:59 ` Diego Nicola Barbato
@ 2019-10-06 12:46 ` Ludovic Courtès
0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2019-10-06 12:46 UTC (permalink / raw)
To: Diego Nicola Barbato; +Cc: 37569-done
Hi,
Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
> I've tried adding "mount" and "umount" to `setuid-programs' in my
> operating-system config:
>
> (setuid-programs (cons*
> #~(string-append #$util-linux "/bin/mount")
> #~(string-append #$util-linux "/bin/umount")
> %setuid-programs))
>
> Mounting as an unprivileged user now works as expected (even the fancy
> 9p stuff).
Cool!
> Is there any rationale for not adding "mount" and "umount" to
> `%setuid-programs' by default?
No, especially since they perform the right checks and error out with
“only root can do that” when needed.
I added them in commit 19944227528502e3619a6d1557bc735224f6fef6.
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-06 12:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-01 13:41 bug#37569: Mount does not honor 'user' option Diego Nicola Barbato
2019-10-01 19:27 ` Danny Milosavljevic
2019-10-01 21:43 ` Diego Nicola Barbato
2019-10-04 6:59 ` Diego Nicola Barbato
2019-10-06 12:46 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).