Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"

Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"

[Steve French]

Should a non-root user always be able to mount on a directory they do 
not own if /etc/fstab entry is marked "user"?  Are there other 
restrictions that I should check?

In particular, bug
    https://bugzilla.samba.org/show_bug.cgi?id=1617
asks the cifs vfs allow that a user can mount over a directory owned by 
root if /etc/fstab says "user" on the matching line.
If there are not other security problems, I was planning to follow the 
suggestion in the bug?   I noticed that at least for this version of 
SuSE smbfs no longer can do setuid mounts, so I could not compare with 
that, but presumably nfs has no particular security checks in mount 
beyond what is already there in mount.cifs.c (with the suggested 
modification)

Re: Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"

[Dave Kleikamp]

On Thu, 2005-11-24 at 20:11 -0600, Steve French wrote:
> Should a non-root user always be able to mount on a directory they do 
> not own if /etc/fstab entry is marked "user"?

That's the usual behavior.  For instance, user mounts are allowed
on /mnt/cdrom or /mnt/floppy, which are usually owned by root.

>   Are there other 
> restrictions that I should check?

Mounts by non-root are not allowed to specify any additional mount
options.  Only the options in /etc/fstab are used.

> In particular, bug
>     https://bugzilla.samba.org/show_bug.cgi?id=1617
> asks the cifs vfs allow that a user can mount over a directory owned by 
> root if /etc/fstab says "user" on the matching line.
> If there are not other security problems, I was planning to follow the 
> suggestion in the bug?   I noticed that at least for this version of 
> SuSE smbfs no longer can do setuid mounts, so I could not compare with 
> that, but presumably nfs has no particular security checks in mount 
> beyond what is already there in mount.cifs.c (with the suggested 
> modification)
-- 
David Kleikamp
IBM Linux Technology Center

Re: Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"

[Steve French]

Dave Kleikamp wrote:

>On Thu, 2005-11-24 at 20:11 -0600, Steve French wrote:
>  
>
>>Should a non-root user always be able to mount on a directory they do 
>>not own if /etc/fstab entry is marked "user"?
>>    
>>
>
>That's the usual behavior.  For instance, user mounts are allowed
>on /mnt/cdrom or /mnt/floppy, which are usually owned by root.
>
>  
>
>>  Are there other 
>>restrictions that I should check?
>>    
>>
>
>Mounts by non-root are not allowed to specify any additional mount
>options.  Only the options in /etc/fstab are used.
>
>  
>
>>In particular, bug
>>    https://bugzilla.samba.org/show_bug.cgi?id=1617
>>asks the cifs vfs allow that a user can mount over a directory owned by 
>>root if /etc/fstab says "user" on the matching line.
>>If there are not other security problems, I was planning to follow the 
>>suggestion in the bug?   I noticed that at least for this version of 
>>SuSE smbfs no longer can do setuid mounts, so I could not compare with 
>>that, but presumably nfs has no particular security checks in mount 
>>beyond what is already there in mount.cifs.c (with the suggested 
>>modification)
>>    
>>
What has been a little puzzling to me is that I don't see where smbfs 
checks the fstab in its mount helper - and so presumably the user is 
comparing with nfs where he was used to being able to do this.

Re: Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user"

[Dave Kleikamp]

On Tue, 2005-11-29 at 14:51 -0600, Steve French wrote:
> What has been a little puzzling to me is that I don't see where smbfs 
> checks the fstab in its mount helper - and so presumably the user is 
> comparing with nfs where he was used to being able to do this.

It looks like /bin/mount drops its euid back to the real uid before
calling the helper, so mount.cifs can't take advantage of the checking
that /bin/mount has already done, since mount.cifs can be called
directly.  I don't think mount.smbfs does any better than mount.cifs.

The nfs mount helper is built into /bin/mount, so it's handled about the
same as a file system without a helper.

Definitely, don't make any changes lightly here.  I think the suggested
change would allow user mounts to any directory regardless of what's
in /etc/fstab.
-- 
David Kleikamp
IBM Linux Technology Center