[bug#43604] [PATCH] services: %desktop-services: Setuid root NTFS and NFS mount helpers.

[bug#43604] [PATCH] services: %desktop-services: Setuid root NTFS and NFS mount helpers.

[Maxim Cournoyer]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=yes, Size: 2073 bytes --]

Combined with commit def6e2ae46, this allows unprivileged users to mount file
systems marked with the "user" option.  It adds less than 4 MiB to the closure
of the lightweight-desktop.tmpl operating system template.

* gnu/services/desktop.scm (%desktop-services): Extend the
setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
programs.
---
 gnu/services/desktop.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 1dcf71d359..f9f666e791 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
-;;; Copyright © 2017 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2017, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2017 Nikita <nikita@n0.is>
 ;;; Copyright © 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
@@ -54,6 +54,7 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages mate)
+  #:use-module (gnu packages nfs)
   #:use-module (gnu packages enlightenment)
   #:use-module (guix deprecation)
   #:use-module (guix records)
@@ -1203,6 +1204,12 @@ or setting its password with passwd.")))
          ;; perform administrative tasks (similar to "sudo").
          polkit-wheel-service
 
+         ;; Allow desktop users to also mount NTFS and NFS file systems
+         ;; without root.
+         (simple-service 'mount-setuid-helpers setuid-program-service-type
+                         (list (file-append nfs-utils "/sbin/mount.nfs")
+                               (file-append ntfs-3g "/sbin/mount.ntfs-3g")))
+
          ;; The global fontconfig cache directory can sometimes contain
          ;; stale entries, possibly referencing fonts that have been GC'd,
          ;; so mount it read-only.
-- 
2.28.0

[bug#43604] [PATCH] services: %desktop-services: Setuid root NTFS and NFS mount helpers.

[Ludovic Courtès]

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

> Combined with commit def6e2ae46, this allows unprivileged users to mount file
> systems marked with the "user" option.  It adds less than 4 MiB to the closure
> of the lightweight-desktop.tmpl operating system template.
>
> * gnu/services/desktop.scm (%desktop-services): Extend the
> setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
> programs.

Looks reasonable to me.

Thank you!

Ludo’.

bug#43604: [PATCH] services: %desktop-services: Setuid root NTFS and NFS mount helpers.

[Maxim Cournoyer]

Hello,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> Combined with commit def6e2ae46, this allows unprivileged users to mount file
>> systems marked with the "user" option.  It adds less than 4 MiB to the closure
>> of the lightweight-desktop.tmpl operating system template.
>>
>> * gnu/services/desktop.scm (%desktop-services): Extend the
>> setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
>> programs.
>
> Looks reasonable to me.
>
> Thank you!

Thanks for the review!  Pushed as commit d40c9f6c85.

Maxim