Re: autofs RFE

Re: autofs RFE

[Ian Kent]

On Sat, 6 Dec 2003, Gerald Teschl wrote:

>
> Hi Ian,
>
> I saw your recent work on autofs and wondered if it would be possible to
> add
> a small but IMHO useful feature to autofs:
>
> I'd like to use autofs for my floppy. pam_console sets the permissiond on,
> e.g., /dev/fd0, such that is owned by the console user and hence,
> when mounting /mnt/floppy it is mounted with the permissions of the owner.
> But this won't help with autofs, since autofs runs as root and hence a
> floppy
> is mounted with owner root.
>
> Would it be possible to make autofs honor the "owner" option for mount and
> mount a dev with the permissions of the owner if this option is present?

I've been thinking about this for a while.

At the moment the userspace daemon has no way of knowing who the owner is.
To change that would break backward compatability. So I'm not sure it's
such a good idea.

How is this handled in v3 Peter?

One way to deal with this is to use groups. The floppy group exists in
RedHat and if you are a member and you allow group write you should have
what you need. The cdrom is a little different. You may wish to create a
new group called, say cdrom, and do the same thing with it.

-- 

   ,-._|\    Ian Kent
  /      \   Perth, Western Australia
  *_.--._/   E-mail: raven@themaw.net
        v    Web: http://themaw.net/

Re: autofs RFE

[Gerald Teschl]

On Mon, 8 Dec 2003, Ian Kent wrote:

> I've been thinking about this for a while.
> 
> At the moment the userspace daemon has no way of knowing who the owner is.
> To change that would break backward compatability. So I'm not sure it's
> such a good idea.

OK, let me provide more details (this refers to RedHat/Fedora):

After login as console user I own the floppy dev:

brw-rw----    1 gerald   floppy     2,   0 Sep 15 15:40 /dev/fd0

The default fstab entry on RedHat/Fedora looks like

/dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0 

and due to the "owner" option I (gerald) can say mount /mnt/floppy and a 
dos floppy will be mounted and all files are owned by me. If I say mount
/mnt/floppy as root, the files will be owned by root.

Now if I use autofs to mount the floppy the mount call will be done as 
root and the files will be owned by root (no matter if the owner option is
present or not). 

The ideal solution would be to make the mount call as the user requesting
the mount, but if I understand you right, this is to complex to find out.
So the solution to this problem should be the following:
If the "owner" option is present, do the mount call as the user owning
the device file.


> One way to deal with this is to use groups. The floppy group exists in
> RedHat and if you are a member and you allow group write you should have
> what you need. The cdrom is a little different. You may wish to create a
> new group called, say cdrom, and do the same thing with it.

This is not an option for us. Or system has about 200 guest accounts. The
guests need to have access to the floppy drive, but *only* to the drive
in the computer they are sitting in front of!

Thanks for considering this!

Gerald

Re: Re: autofs RFE

[H. Peter Anvin]

Gerald Teschl wrote:
> 
> The ideal solution would be to make the mount call as the user requesting
> the mount, but if I understand you right, this is to complex to find out.
> 

Absolutely not!  It would let a remote user "hijack" your media!

	-hpa

Re: Re: autofs RFE

[Gerald Teschl]

H. Peter Anvin wrote:

> Gerald Teschl wrote:
>
>>
>> The ideal solution would be to make the mount call as the user 
>> requesting
>> the mount, but if I understand you right, this is to complex to find 
>> out.
>>
>
> Absolutely not!  It would let a remote user "hijack" your media! 

No, because mount would not allow the command to succeed in this case
(otherwise the user could do an ordinary mount as well).

Gerald

Re: Re: autofs RFE

[H. Peter Anvin]

Ian Kent wrote:
>>
>>Would it be possible to make autofs honor the "owner" option for mount and
>>mount a dev with the permissions of the owner if this option is present?
> 
> I've been thinking about this for a while.
> 
> At the moment the userspace daemon has no way of knowing who the owner is.
> To change that would break backward compatability. So I'm not sure it's
> such a good idea.
> 
> How is this handled in v3 Peter?
> 

Actually, it's handled just fine by mount(8); the autofs daemon doesn't 
need to do anything special.

Just pass the -owner filesystem option and mount(8) will use the 
ownership of the device node.

	-hpa

Re: Re: autofs RFE

[Gerald Teschl]

H. Peter Anvin wrote:

> Ian Kent wrote:
>
>>>
>>> Would it be possible to make autofs honor the "owner" option for 
>>> mount and
>>> mount a dev with the permissions of the owner if this option is 
>>> present?
>>
>>
>> I've been thinking about this for a while.
>>
>> At the moment the userspace daemon has no way of knowing who the 
>> owner is.
>> To change that would break backward compatability. So I'm not sure it's
>> such a good idea.
>>
>> How is this handled in v3 Peter?
>>
>
> Actually, it's handled just fine by mount(8); the autofs daemon 
> doesn't need to do anything special.
>
> Just pass the -owner filesystem option and mount(8) will use the 
> ownership of the device node.

Not sure if I understand you right, but just adding the owner option to 
the list of options in the
autofs config file does not work right now.

So IMHO the autofs daemon needs to change uid
(to the uid owning the device) before doing the mount call if the owner 
option is present.


Gerald

Re: Re: autofs RFE

[Ian Kent]

On Wed, 10 Dec 2003, Gerald Teschl wrote:

> H. Peter Anvin wrote:
> >
> > Actually, it's handled just fine by mount(8); the autofs daemon 
> > doesn't need to do anything special.
> >
> > Just pass the -owner filesystem option and mount(8) will use the 
> > ownership of the device node.
> 
> Not sure if I understand you right, but just adding the owner option to 
> the list of options in the
> autofs config file does not work right now.
> 
> So IMHO the autofs daemon needs to change uid
> (to the uid owning the device) before doing the mount call if the owner 
> option is present.

Looking at the mount source it appears the 'owner' option is fstab only.

I can't make this work in testing either.

It looks like, if we use the device file owner, we need to change 
option 'owner' to 'uid=<dev owner>' for this to work. We probably need to 
force 'nodev' and 'nosuid' as well as does mount.

What badness does this bring to us.

-- 

   ,-._|\    Ian Kent
  /      \   Perth, Western Australia
  *_.--._/   E-mail: raven@themaw.net
        v    Web: http://themaw.net/

Re: Re: autofs RFE

[H. Peter Anvin]

Ian Kent wrote:
> 
> Looking at the mount source it appears the 'owner' option is fstab only.
> 

Well, then, then that's probably the place where it should be fixed.

	-hpa

Re: Re: autofs RFE

[Ian Kent]

On Wed, 10 Dec 2003, H. Peter Anvin wrote:

> Ian Kent wrote:
> >
> > Looking at the mount source it appears the 'owner' option is fstab only.
> >
>
> Well, then, then that's probably the place where it should be fixed.
>

I'll follow up on it.
I have the rapid mounts fail issue to raise as well.

-- 

   ,-._|\    Ian Kent
  /      \   Perth, Western Australia
  *_.--._/   E-mail: raven@themaw.net
        v    Web: http://themaw.net/

Re: Re: autofs RFE

[H. Peter Anvin]

Ian Kent wrote:
> On Wed, 10 Dec 2003, H. Peter Anvin wrote:
> 
> 
>>Ian Kent wrote:
>>
>>>Looking at the mount source it appears the 'owner' option is fstab only.
>>>
>>
>>Well, then, then that's probably the place where it should be fixed.
>>
> I'll follow up on it.
> I have the rapid mounts fail issue to raise as well.
> 

By the way, autofs is quite the stress test for mount(8).  It has found
a huge number of bugs over the years.

	-hpa