From: Steve French <smfrench@austin.rr.com>
To: Dave Kleikamp <shaggy@austin.ibm.com>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"
Date: Tue, 29 Nov 2005 14:51:45 -0600 [thread overview]
Message-ID: <438CBF61.7060308@austin.rr.com> (raw)
In-Reply-To: <1133295480.8944.48.camel@kleikamp.austin.ibm.com>
Dave Kleikamp wrote:
>On Thu, 2005-11-24 at 20:11 -0600, Steve French wrote:
>
>
>>Should a non-root user always be able to mount on a directory they do
>>not own if /etc/fstab entry is marked "user"?
>>
>>
>
>That's the usual behavior. For instance, user mounts are allowed
>on /mnt/cdrom or /mnt/floppy, which are usually owned by root.
>
>
>
>> Are there other
>>restrictions that I should check?
>>
>>
>
>Mounts by non-root are not allowed to specify any additional mount
>options. Only the options in /etc/fstab are used.
>
>
>
>>In particular, bug
>> https://bugzilla.samba.org/show_bug.cgi?id=1617
>>asks the cifs vfs allow that a user can mount over a directory owned by
>>root if /etc/fstab says "user" on the matching line.
>>If there are not other security problems, I was planning to follow the
>>suggestion in the bug? I noticed that at least for this version of
>>SuSE smbfs no longer can do setuid mounts, so I could not compare with
>>that, but presumably nfs has no particular security checks in mount
>>beyond what is already there in mount.cifs.c (with the suggested
>>modification)
>>
>>
What has been a little puzzling to me is that I don't see where smbfs
checks the fstab in its mount helper - and so presumably the user is
comparing with nfs where he was used to being able to do this.
next prev parent reply other threads:[~2005-11-29 20:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-25 2:11 Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user" Steve French
2005-11-29 20:18 ` Dave Kleikamp
2005-11-29 20:51 ` Steve French [this message]
2005-11-29 21:55 ` Dave Kleikamp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=438CBF61.7060308@austin.rr.com \
--to=smfrench@austin.rr.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=shaggy@austin.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.