unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* mount.davfs: program is not setuid root
@ 2021-04-16 13:31 Simon Streit
  2021-04-16 16:34 ` Leo Famulari
  0 siblings, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-04-16 13:31 UTC (permalink / raw)
  To: help-guix

Hello!

I set up davfs2 as per the manual to be setuid:

--8<---------------cut here---------------start------------->8---
(setuid-programs
 (cons* (file-append davfs2 "/sbin/mount.davfs")
        %setuid-programs))
--8<---------------cut here---------------end--------------->8---


But after rebooting, and trying to mount a webdav share as user, I only
get:

--8<---------------cut here---------------start------------->8---
/run/current-system/profile/sbin/mount.davfs: program is not setuid root
--8<---------------cut here---------------end--------------->8---

mount.davfs is listed in /run/setuid-programms though.

Any ideas? Did I miss something?


Greetings
Simon


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-16 13:31 mount.davfs: program is not setuid root Simon Streit
@ 2021-04-16 16:34 ` Leo Famulari
  2021-04-18 13:36   ` Simon Streit
                     ` (2 more replies)
  0 siblings, 3 replies; 20+ messages in thread
From: Leo Famulari @ 2021-04-16 16:34 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Fri, Apr 16, 2021 at 03:31:35PM +0200, Simon Streit wrote:
> But after rebooting, and trying to mount a webdav share as user, I only
> get:
> 
> --8<---------------cut here---------------start------------->8---
> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> --8<---------------cut here---------------end--------------->8---
> 
> mount.davfs is listed in /run/setuid-programms though.

On Guix System, /run/setuid-programs [0] always comes before
/run/current-system on PATH.

But in your case, the non-setuid location is being invoked.

Did you invoke `mount.davfs`, so it would be looked up on PATH?

Or did you invoke `/run/current-system/profile/sbin/mount.davfs`?

[0] https://guix.gnu.org/manual/en/html_node/Setuid-Programs.html


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-16 16:34 ` Leo Famulari
@ 2021-04-18 13:36   ` Simon Streit
  2021-04-18 23:01     ` Leo Famulari
  2021-04-18 13:36   ` Simon Streit
  2021-04-18 20:07   ` Simon Streit
  2 siblings, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-04-18 13:36 UTC (permalink / raw)
  To: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 16, 2021 at 03:31:35PM +0200, Simon Streit wrote:
>> But after rebooting, and trying to mount a webdav share as user, I only
>> get:
>>
>> --8<---------------cut here---------------start------------->8---
>> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
>> --8<---------------cut here---------------end--------------->8---
>>
>> mount.davfs is listed in /run/setuid-programms though.
>
> On Guix System, /run/setuid-programs [0] always comes before
> /run/current-system on PATH.
>
> But in your case, the non-setuid location is being invoked.

Somehow it is.  I invoked it with:
--8<---------------cut here---------------start------------->8---
$ mount -t davfs URL moint_point
--8<---------------cut here---------------end--------------->8---

Looking at the whereabouts of mount:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---
and mount.davfs:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---

It does seem that the binaries are setuid first.  But then looking at my
own $PATH I see the setuid paths are not first in the list.  So do they
have to go to the front of the list?  I just tested this on a clean user
account where setuid are set first, but it fails there too.

I also temporarily added the mount point to /etc/fstab.  Mounting this
mount point as root works.  It fails as user too.  There is a
possibility that I did not get mount flags right there, but that will be
a different issue.  The next will be to add this do system declaration
as well.  But first when user can mount it.

>
> Did you invoke `mount.davfs`, so it would be looked up on PATH?

Even when calling the binary from /run/setuid-programs will fail
as well.
>
> Or did you invoke `/run/current-system/profile/sbin/mount.davfs`?
>
> [0] https://guix.gnu.org/manual/en/html_node/Setuid-Programs.html


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-16 16:34 ` Leo Famulari
  2021-04-18 13:36   ` Simon Streit
@ 2021-04-18 13:36   ` Simon Streit
  2021-04-18 20:07   ` Simon Streit
  2 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-04-18 13:36 UTC (permalink / raw)
  To: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 16, 2021 at 03:31:35PM +0200, Simon Streit wrote:
>> But after rebooting, and trying to mount a webdav share as user, I only
>> get:
>>
>> --8<---------------cut here---------------start------------->8---
>> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
>> --8<---------------cut here---------------end--------------->8---
>>
>> mount.davfs is listed in /run/setuid-programms though.
>
> On Guix System, /run/setuid-programs [0] always comes before
> /run/current-system on PATH.
>
> But in your case, the non-setuid location is being invoked.

Somehow it is.  I invoked it with:
--8<---------------cut here---------------start------------->8---
$ mount -t davfs URL moint_point
--8<---------------cut here---------------end--------------->8---

Looking at the whereabouts of mount:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---
and mount.davfs:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---

It does seem that the binaries are setuid first.  But then looking at my
own $PATH I see the setuid paths are not first in the list.  So do they
have to go to the front of the list?  I just tested this on a clean user
account where setuid are set first, but it fails there too.

I also temporarily added the mount point to /etc/fstab.  Mounting this
mount point as root works.  It fails as user too.  There is a
possibility that I did not get mount flags right there, but that will be
a different issue.  The next will be to add this do system declaration
as well.  But first when user can mount it.

>
> Did you invoke `mount.davfs`, so it would be looked up on PATH?

Even when calling the binary from /run/setuid-programs will fail
as well.
>
> Or did you invoke `/run/current-system/profile/sbin/mount.davfs`?
>
> [0] https://guix.gnu.org/manual/en/html_node/Setuid-Programs.html


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-16 16:34 ` Leo Famulari
  2021-04-18 13:36   ` Simon Streit
  2021-04-18 13:36   ` Simon Streit
@ 2021-04-18 20:07   ` Simon Streit
  2 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-04-18 20:07 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Fri, Apr 16, 2021 at 03:31:35PM +0200, Simon Streit wrote:
>> But after rebooting, and trying to mount a webdav share as user, I only
>> get:
>>
>> --8<---------------cut here---------------start------------->8---
>> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
>> --8<---------------cut here---------------end--------------->8---
>>
>> mount.davfs is listed in /run/setuid-programms though.
>
> On Guix System, /run/setuid-programs [0] always comes before
> /run/current-system on PATH.
>
> But in your case, the non-setuid location is being invoked.

Somehow it is.  I invoked it with:
--8<---------------cut here---------------start------------->8---
$ mount -t davfs URL moint_point
--8<---------------cut here---------------end--------------->8---

Looking at the whereabouts of mount:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---
and mount.davfs:
--8<---------------cut here---------------start------------->8---
mount: /run/setuid-programs/mount.davfs /run/setuid-programs/mount /run/setuid-programs/mount.ntfs-3g /run/setuid-programs/mount.nfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/bin/mount /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.davfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.lowntfs-3g /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs /gnu/store/b01q3awvrfzaj8n8hx73qqfyf59przh8-profile/sbin/mount.ntfs-3g
--8<---------------cut here---------------end--------------->8---

My $PATH:
--8<---------------cut here---------------start------------->8---
/home/sstreet/.local/bin:/home/sstreet/.guix-extra-profiles/texlive/texlive/bin:/home/sstreet/.config/guix/current/bin:/home/sstreet/.guix-profile/bin:/home/sstreet/.guix-profile/sbin:/home/sstreet/.local/bin:/home/sstreet/.local/bin:/run/setuid-programs:/home/sstreet/.config/guix/current/bin:/home/sstreet/.guix-profile/bin:/home/sstreet/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
--8<---------------cut here---------------end--------------->8---


It does seem that the binaries are setuid first.  But then looking at my
own $PATH I see the setuid paths are not first in the list.  So do they
have to go to the front of the list?  I just tested this on a clean user
account where setuid are set first, but it fails there too.

I also temporarily added the mount point to /etc/fstab.  Mounting this
mount point as root works.  It fails as user too.  There is a
possibility that I did not get mount flags right there, but that will be
a different issue.  The next will be to add this do system declaration
as well.  But first when user can mount it.

>
> Did you invoke `mount.davfs`, so it would be looked up on PATH?

Even when calling the binary from /run/setuid-programs will fail
as well.
>
> Or did you invoke `/run/current-system/profile/sbin/mount.davfs`?
>
> [0] https://guix.gnu.org/manual/en/html_node/Setuid-Programs.html


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-18 13:36   ` Simon Streit
@ 2021-04-18 23:01     ` Leo Famulari
  2021-04-19 10:50       ` Simon Streit
  2021-04-19 20:30       ` Simon Streit
  0 siblings, 2 replies; 20+ messages in thread
From: Leo Famulari @ 2021-04-18 23:01 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Sun, Apr 18, 2021 at 03:36:12PM +0200, Simon Streit wrote:
> Even when calling the binary from /run/setuid-programs will fail
> as well.

Okay, but how? You haven't told us that yet.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-18 23:01     ` Leo Famulari
@ 2021-04-19 10:50       ` Simon Streit
  2021-04-19 17:18         ` Leo Famulari
  2021-04-19 20:30       ` Simon Streit
  1 sibling, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-04-19 10:50 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Sun, Apr 18, 2021 at 03:36:12PM +0200, Simon Streit wrote:
>> Even when calling the binary from /run/setuid-programs will fail
>> as well.
>
> Okay, but how? You haven't told us that yet.

Sorry, hope there is no confusion now. I think I did in a previous
message:

$ mount -t davfs URL moint_point


Chears


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-19 10:50       ` Simon Streit
@ 2021-04-19 17:18         ` Leo Famulari
  2021-04-21 21:46           ` Simon Streit
  0 siblings, 1 reply; 20+ messages in thread
From: Leo Famulari @ 2021-04-19 17:18 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Mon, Apr 19, 2021 at 12:50:53PM +0200, Simon Streit wrote:
> Sorry, hope there is no confusion now. I think I did in a previous
> message:
> 
> $ mount -t davfs URL moint_point

Sorry, I was unclear.

I'm asking you to run the binary using the absolute path from
/run/setuid-programs, and then include the full output, including all
the error messages.

So, something like this:

$ /run/setuid-programs/mount.davfs ...
[... every line of output ...]


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-18 23:01     ` Leo Famulari
  2021-04-19 10:50       ` Simon Streit
@ 2021-04-19 20:30       ` Simon Streit
  2021-04-20  0:47         ` Leo Famulari
  1 sibling, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-04-19 20:30 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Sun, Apr 18, 2021 at 03:36:12PM +0200, Simon Streit wrote:
>> Even when calling the binary from /run/setuid-programs will fail
>> as well.
>
> Okay, but how? You haven't told us that yet.

I just tried again, and called mount as:
--8<---------------cut here---------------start------------->8---
/run/setuid-programs/mount -t <URL> ~/test/
--8<---------------cut here---------------end--------------->8---
where URL is my remote URL share trying to mount it to local test dir,
where it fails with:
--8<---------------cut here---------------start------------->8---
/run/current-system/profile/sbin/mount.davfs: program is not setuid root
--8<---------------cut here---------------end--------------->8---


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-19 20:30       ` Simon Streit
@ 2021-04-20  0:47         ` Leo Famulari
  2021-04-20  6:57           ` Efraim Flashner
  2021-04-20  7:20           ` Efraim Flashner
  0 siblings, 2 replies; 20+ messages in thread
From: Leo Famulari @ 2021-04-20  0:47 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> I just tried again, and called mount as:
> --8<---------------cut here---------------start------------->8---
> /run/setuid-programs/mount -t <URL> ~/test/
> --8<---------------cut here---------------end--------------->8---
> where URL is my remote URL share trying to mount it to local test dir,
> where it fails with:
> --8<---------------cut here---------------start------------->8---
> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> --8<---------------cut here---------------end--------------->8---

So, '/run/setuid-programs/mount' is somehow resolving to
'/run/current-system/profile/sbin/mount.davfs'?

The executables in /run/setuid-programs are not supposed to be links.

They are created while "activating" Guix System by copying the programs
listed in the (setuid-programs) field of config.scm into
/run/setuid-programs and making these copies setuid.

Documentation on that:
https://guix.gnu.org/manual/devel/en/html_node/Setuid-Programs.html

And the code:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/build/activation.scm?h=v1.2.0#n229

Can you do `ls -la /run/setuid-programs`, and share the entire output of
that command?

By the way, regarding the default order of $PATH, here is my path from a
VM image created with the "bare bones" template [0] from the Guix source
code:

------
$ `guix system vm gnu/system/examples/bare-bones.tmpl`
[ ... QEMU launches the VM and I log in ...]
$ echo $PATH
/run/setuid-programs:/home/alice/.config/guix/current/bin:/home/alice/.guix-profile/bin/:/run/current-system/profile/bin:/run/current-system/profile/sbin
------

So, you could consider that the default order on Guix System. Annotated:

1) programs specified setuid by the system administrator
2) your user's `guix pull` profile
3) your user's profile of installed packages
4) programs provided via the (packages) field of config.scm (and maybe
from system services?)
5) same as 4, but programs contained in an 'sbin/' directory

[0] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/examples/bare-bones.tmpl?h=v1.2.0


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-20  0:47         ` Leo Famulari
@ 2021-04-20  6:57           ` Efraim Flashner
  2021-04-20  7:20           ` Efraim Flashner
  1 sibling, 0 replies; 20+ messages in thread
From: Efraim Flashner @ 2021-04-20  6:57 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 1183 bytes --]

On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
> On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> > I just tried again, and called mount as:
> > --8<---------------cut here---------------start------------->8---
> > /run/setuid-programs/mount -t <URL> ~/test/
> > --8<---------------cut here---------------end--------------->8---
> > where URL is my remote URL share trying to mount it to local test dir,
> > where it fails with:
> > --8<---------------cut here---------------start------------->8---
> > /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> > --8<---------------cut here---------------end--------------->8---
> 
> So, '/run/setuid-programs/mount' is somehow resolving to
> '/run/current-system/profile/sbin/mount.davfs'?
> 
> The executables in /run/setuid-programs are not supposed to be links.
> 

This sounds similar to bug 46980. Is davfs built with an external fuse
or its own?

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-20  0:47         ` Leo Famulari
  2021-04-20  6:57           ` Efraim Flashner
@ 2021-04-20  7:20           ` Efraim Flashner
  2021-04-21 21:43             ` Simon Streit
                               ` (2 more replies)
  1 sibling, 3 replies; 20+ messages in thread
From: Efraim Flashner @ 2021-04-20  7:20 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix


[-- Attachment #1.1: Type: text/plain, Size: 2259 bytes --]

On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
> On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> > I just tried again, and called mount as:
> > --8<---------------cut here---------------start------------->8---
> > /run/setuid-programs/mount -t <URL> ~/test/
> > --8<---------------cut here---------------end--------------->8---
> > where URL is my remote URL share trying to mount it to local test dir,
> > where it fails with:
> > --8<---------------cut here---------------start------------->8---
> > /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> > --8<---------------cut here---------------end--------------->8---
> 
> So, '/run/setuid-programs/mount' is somehow resolving to
> '/run/current-system/profile/sbin/mount.davfs'?
> 
> The executables in /run/setuid-programs are not supposed to be links.
> 

From the ./configure script in davfs2:

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  LIBS        libraries to pass to the linker, e.g. -l<library>
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
              you have headers in a nonstandard directory <include dir>
  CPP         C preprocessor
  dav_user    if invoked by root, mount.davfs runs as this user [davfs2]
  dav_group   the group, the mount.davfs daemon belongs to [davfs2]
  ssbindir    where mount will search for mount-helpers [/sbin]
  dav_localstatedir
              directory to store pid-files in [/var/run]
  dav_syscachedir
              cache directory [/var/cache]
  LINGUAS     select languages for messages and documentation

I've attached a diff against guix and also a davfs.scm for building just
the modified davfs2. Can you try building it with `guix build -f
davfs.scm` and then use the mount.davfs from there to try mounting your
davfs mountpoint?

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #1.2: davfs-adjust-setuid-directory.diff --]
[-- Type: text/plain, Size: 1328 bytes --]

diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index d970fe7198..13da2a54b4 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -212,7 +212,7 @@ another location, similar to @command{mount --bind}.  It can be used for:
        (list "--sysconfdir=/etc"        ; so man pages & binaries contain /etc
              (string-append "--docdir=" (assoc-ref %outputs "out")
                             "/share/doc/" ,name "-" ,version)
-             (string-append "ssbindir=" (assoc-ref %outputs "out") "/sbin")
+             "ssbindir=/run/setuid-programs"
              ;; The default ‘davfs2’ user and group don't exist on most systems.
              "dav_user=nobody"
              "dav_group=nogroup")
@@ -226,6 +226,11 @@ another location, similar to @command{mount --bind}.  It can be used for:
                  _ prefix suffix)
                 (string-append prefix suffix)))
              #t))
+         (add-after 'unpack 'dont-install-to-/run/setuid-programs
+           (lambda _
+             (substitute* "src/Makefile.in"
+               (("ssbindir") "sbindir"))
+             #t))
          (add-after 'unpack 'patch-file-names
            (lambda _
              ;; Don't auto-load the FUSE kernel module.  That's up to root.

[-- Attachment #1.3: davfs.scm --]
[-- Type: text/plain, Size: 974 bytes --]

(use-modules (guix packages)
             (guix utils)
             (gnu packages file-systems))

(package
  (inherit davfs2)
  (name (package-name davfs2))
  (version (package-version davfs2))
  (arguments
   (substitute-keyword-arguments (package-arguments davfs2)
     ((#:configure-flags cf)
      `(list "--sysconfdir=/etc"        ; so man pages & binaries contain /etc
             (string-append "--docdir=" (assoc-ref %outputs "out")
                            "/share/doc/" ,name "-" ,version)
             "ssbindir=/run/setuid-programs"
             ;; The default ‘davfs2’ user and group don't exist on most systems.
             "dav_user=nobody"
             "dav_group=nogroup"))
     ((#:phases phases)
      `(modify-phases ,phases
         (add-after 'unpack 'dont-install-to-/run/setuid-programs
           (lambda _
             (substitute* "src/Makefile.in"
               (("ssbindir") "sbindir"))
             #t)))))))

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-20  7:20           ` Efraim Flashner
@ 2021-04-21 21:43             ` Simon Streit
  2021-05-11 17:42             ` Simon Streit
  2021-05-13 13:25             ` Simon Streit
  2 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-04-21 21:43 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Efraim Flashner <efraim@flashner.co.il> writes:

> On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
>> On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
>> > I just tried again, and called mount as:
>> > --8<---------------cut here---------------start------------->8---
>> > /run/setuid-programs/mount -t <URL> ~/test/
>> > --8<---------------cut here---------------end--------------->8---
>> > where URL is my remote URL share trying to mount it to local test dir,
>> > where it fails with:
>> > --8<---------------cut here---------------start------------->8---
>> > /run/current-system/profile/sbin/mount.davfs: program is not setuid root
>> > --8<---------------cut here---------------end--------------->8---
>> 
>> So, '/run/setuid-programs/mount' is somehow resolving to
>> '/run/current-system/profile/sbin/mount.davfs'?
>> 
>> The executables in /run/setuid-programs are not supposed to be links.
>> 
>
> From the ./configure script in davfs2:
>
> Some influential environment variables:
>   CC          C compiler command
>   CFLAGS      C compiler flags
>   LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
>               nonstandard directory <lib dir>
>   LIBS        libraries to pass to the linker, e.g. -l<library>
>   CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
>               you have headers in a nonstandard directory <include dir>
>   CPP         C preprocessor
>   dav_user    if invoked by root, mount.davfs runs as this user [davfs2]
>   dav_group   the group, the mount.davfs daemon belongs to [davfs2]
>   ssbindir    where mount will search for mount-helpers [/sbin]
>   dav_localstatedir
>               directory to store pid-files in [/var/run]
>   dav_syscachedir
>               cache directory [/var/cache]
>   LINGUAS     select languages for messages and documentation
>
> I've attached a diff against guix and also a davfs.scm for building just
> the modified davfs2. Can you try building it with `guix build -f
> davfs.scm` and then use the mount.davfs from there to try mounting your
> davfs mountpoint?

Thanks for your reply.  I'll come back to this next week.  Hopefully
I can test it before.  Unfortunately, my time is very limited at the
moment.


Cheers
Simon






^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-19 17:18         ` Leo Famulari
@ 2021-04-21 21:46           ` Simon Streit
  0 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-04-21 21:46 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Mon, Apr 19, 2021 at 12:50:53PM +0200, Simon Streit wrote:
>> Sorry, hope there is no confusion now. I think I did in a previous
>> message:
>>
>> $ mount -t davfs URL moint_point
>
> Sorry, I was unclear.
>
> I'm asking you to run the binary using the absolute path from
> /run/setuid-programs, and then include the full output, including all
> the error messages.
>
> So, something like this:
>
> $ /run/setuid-programs/mount.davfs ...
> [... every line of output ...]

Unfortunately, I only ever get the one line I mentioned above:
--8<---------------cut here---------------start------------->8---
/run/current-system/profile/sbin/mount.davfs: program is not setuid root
--8<---------------cut here---------------end--------------->8---


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-20  7:20           ` Efraim Flashner
  2021-04-21 21:43             ` Simon Streit
@ 2021-05-11 17:42             ` Simon Streit
  2021-05-11 18:41               ` Leo Famulari
  2021-05-13 13:25             ` Simon Streit
  2 siblings, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-05-11 17:42 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Efraim Flashner <efraim@flashner.co.il> writes:

> On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
> I've attached a diff against guix and also a davfs.scm for building just
> the modified davfs2. Can you try building it with `guix build -f
> davfs.scm` and then use the mount.davfs from there to try mounting your
> davfs mountpoint?

Thanks for posting the diff.  I did manage to build the package locally,
but that in itself isn't of much use.  I'm afraid I have to ask now, how
to I apply this package into my declaration so that it is available from
my system to test?

Unfortunately my packaging skills aren't that far yet where I can plug
modified system packages.  Is there maybe a part of documentation you
could show me?  I've been looking around, but haven't found this
scenario yet.


Cheers
Simon


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-05-11 17:42             ` Simon Streit
@ 2021-05-11 18:41               ` Leo Famulari
  2021-05-11 19:30                 ` Simon Streit
  0 siblings, 1 reply; 20+ messages in thread
From: Leo Famulari @ 2021-05-11 18:41 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Tue, May 11, 2021 at 07:42:40PM +0200, Simon Streit wrote:
> Thanks for posting the diff.  I did manage to build the package locally,
> but that in itself isn't of much use.  I'm afraid I have to ask now, how
> to I apply this package into my declaration so that it is available from
> my system to test?

If I understand your use case correctly, you can use the built
mount.davfs program directly from /gnu/store, like this:

$(guix build -f davfs2)/sbin/mount.davfs [...]


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-05-11 18:41               ` Leo Famulari
@ 2021-05-11 19:30                 ` Simon Streit
  2021-05-11 19:34                   ` Leo Famulari
  0 siblings, 1 reply; 20+ messages in thread
From: Simon Streit @ 2021-05-11 19:30 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Tue, May 11, 2021 at 07:42:40PM +0200, Simon Streit wrote:
>> Thanks for posting the diff.  I did manage to build the package locally,
>> but that in itself isn't of much use.  I'm afraid I have to ask now, how
>> to I apply this package into my declaration so that it is available from
>> my system to test?
>
> If I understand your use case correctly, you can use the built
> mount.davfs program directly from /gnu/store, like this:
>
> $(guix build -f davfs2)/sbin/mount.davfs [...]

hm.. alright, then I did test that already.  It fails saying:
--8<---------------cut here---------------start------------->8---
./sbin/mount.davfs: program is not setuid root
--8<---------------cut here---------------end--------------->8---
and nothing else. :/


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-05-11 19:30                 ` Simon Streit
@ 2021-05-11 19:34                   ` Leo Famulari
  2021-05-11 20:59                     ` Simon Streit
  0 siblings, 1 reply; 20+ messages in thread
From: Leo Famulari @ 2021-05-11 19:34 UTC (permalink / raw)
  To: Simon Streit; +Cc: help-guix

On Tue, May 11, 2021 at 09:30:56PM +0200, Simon Streit wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > On Tue, May 11, 2021 at 07:42:40PM +0200, Simon Streit wrote:
> >> Thanks for posting the diff.  I did manage to build the package locally,
> >> but that in itself isn't of much use.  I'm afraid I have to ask now, how
> >> to I apply this package into my declaration so that it is available from
> >> my system to test?
> >
> > If I understand your use case correctly, you can use the built
> > mount.davfs program directly from /gnu/store, like this:
> >
> > $(guix build -f davfs2)/sbin/mount.davfs [...]
> 
> hm.. alright, then I did test that already.  It fails saying:
> --8<---------------cut here---------------start------------->8---
> ./sbin/mount.davfs: program is not setuid root
> --8<---------------cut here---------------end--------------->8---
> and nothing else. :/

Sorry, I don't remember the earlier discussion or what you are trying to
accomplish. But it's expected that nothing in /gnu/store is setuid.
You'd have to use sudo or become root.


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-05-11 19:34                   ` Leo Famulari
@ 2021-05-11 20:59                     ` Simon Streit
  0 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-05-11 20:59 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Leo Famulari <leo@famulari.name> writes:

> On Tue, May 11, 2021 at 09:30:56PM +0200, Simon Streit wrote:
>> Leo Famulari <leo@famulari.name> writes:
>> 
>> > On Tue, May 11, 2021 at 07:42:40PM +0200, Simon Streit wrote:
>> >> Thanks for posting the diff.  I did manage to build the package locally,
>> >> but that in itself isn't of much use.  I'm afraid I have to ask now, how
>> >> to I apply this package into my declaration so that it is available from
>> >> my system to test?
>> >
>> > If I understand your use case correctly, you can use the built
>> > mount.davfs program directly from /gnu/store, like this:
>> >
>> > $(guix build -f davfs2)/sbin/mount.davfs [...]
>> 
>> hm.. alright, then I did test that already.  It fails saying:
>> --8<---------------cut here---------------start------------->8---
>> ./sbin/mount.davfs: program is not setuid root
>> --8<---------------cut here---------------end--------------->8---
>> and nothing else. :/
>
> Sorry, I don't remember the earlier discussion or what you are trying to
> accomplish. But it's expected that nothing in /gnu/store is setuid.
> You'd have to use sudo or become root.

The problem is, that davfs2 mount points can't be mounted as user,
despite the binary being setuid.  To make that work I added a line in my
declaration.  But it doesn't work as expected.  Hence Efraim's patch,
that should test if this would make a difference.

Mounting with as root has been working all the time and no errors are
returned.

So the next step would be to have this patched package put into my
system declaration to test and see if setuid has been set now.  My
knowledge is to limited to go this far yet.  Will just leave it as where
it is for now.  I don't need to access this mount point very often.


Cheers,
Simon


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: mount.davfs: program is not setuid root
  2021-04-20  7:20           ` Efraim Flashner
  2021-04-21 21:43             ` Simon Streit
  2021-05-11 17:42             ` Simon Streit
@ 2021-05-13 13:25             ` Simon Streit
  2 siblings, 0 replies; 20+ messages in thread
From: Simon Streit @ 2021-05-13 13:25 UTC (permalink / raw)
  To: Leo Famulari; +Cc: help-guix

Efraim Flashner <efraim@flashner.co.il> writes:

> On Mon, Apr 19, 2021 at 08:47:08PM -0400, Leo Famulari wrote:
>> On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
>> > I just tried again, and called mount as:
>> > --8<---------------cut here---------------start------------->8---
>> > /run/setuid-programs/mount -t <URL> ~/test/
>> > --8<---------------cut here---------------end--------------->8---
>> > where URL is my remote URL share trying to mount it to local test dir,
>> > where it fails with:
>> > --8<---------------cut here---------------start------------->8---
>> > /run/current-system/profile/sbin/mount.davfs: program is not setuid root
>> > --8<---------------cut here---------------end--------------->8---
>>
>> So, '/run/setuid-programs/mount' is somehow resolving to
>> '/run/current-system/profile/sbin/mount.davfs'?
>>
>> The executables in /run/setuid-programs are not supposed to be links.
>>
>
> From the ./configure script in davfs2:
>
> I've attached a diff against guix and also a davfs.scm for building just
> the modified davfs2. Can you try building it with `guix build -f
> davfs.scm` and then use the mount.davfs from there to try mounting your
> davfs mountpoint?

Alright, I finally got your modified file into my system declaration to
test it.  Guix has a steep learning curve, and am glad to be getting
better at hacking on it every now and then. 

Now this error message doesn't appear any more.  While entering
`mount.davfs host ~/foo`, I get a:
--8<---------------cut here---------------start------------->8---
bash: /home/ss2/.guix-profile/sbin/mount.davfs: No such file or directory
--8<---------------cut here---------------end--------------->8---
and trying it with `/run/setuid-programs/mount.davfs host ~/foo`:
--8<---------------cut here---------------start------------->8---
/run/setuid-programs/mount.davfs: no entry for /home/ss2/foo found in /etc/fstab
--8<---------------cut here---------------end--------------->8---

Which has to do with the fact that this mount does not exist in
/etf/fstab.  But so far there is no way to put an URL into system
declaration.  The manual states that there can only be a file system
label, UUID or the name of a /dev node.  So I simply tested it by
manually adding a mount to /etc/fstab, and it didn't work there either.

I'm not really sure what to do now.  Shall I post a bug report?  And if,
it may well be necessary to extend the file-systems module to
accommodate webdav mount points.  I'm not sure if it is high on anyone's
agenda, or if I could make a feature request to have this implemented.

It seems to me, that it doesn't happen that often someone would need to
mount a webdav.


Cheers
Simon


^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2021-05-13 13:25 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-16 13:31 mount.davfs: program is not setuid root Simon Streit
2021-04-16 16:34 ` Leo Famulari
2021-04-18 13:36   ` Simon Streit
2021-04-18 23:01     ` Leo Famulari
2021-04-19 10:50       ` Simon Streit
2021-04-19 17:18         ` Leo Famulari
2021-04-21 21:46           ` Simon Streit
2021-04-19 20:30       ` Simon Streit
2021-04-20  0:47         ` Leo Famulari
2021-04-20  6:57           ` Efraim Flashner
2021-04-20  7:20           ` Efraim Flashner
2021-04-21 21:43             ` Simon Streit
2021-05-11 17:42             ` Simon Streit
2021-05-11 18:41               ` Leo Famulari
2021-05-11 19:30                 ` Simon Streit
2021-05-11 19:34                   ` Leo Famulari
2021-05-11 20:59                     ` Simon Streit
2021-05-13 13:25             ` Simon Streit
2021-04-18 13:36   ` Simon Streit
2021-04-18 20:07   ` Simon Streit

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).