From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve French Subject: Re: Should a non-root user always be able to mount on a directory they do not own if /etc/fstab entry is marked "user" Date: Tue, 29 Nov 2005 14:51:45 -0600 Message-ID: <438CBF61.7060308@austin.rr.com> References: <438672E5.1080202@austin.rr.com> <1133295480.8944.48.camel@kleikamp.austin.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org Return-path: Received: from ms-smtp-01.texas.rr.com ([24.93.47.40]:47020 "EHLO ms-smtp-01-eri0.texas.rr.com") by vger.kernel.org with ESMTP id S932398AbVK2UvK (ORCPT ); Tue, 29 Nov 2005 15:51:10 -0500 To: Dave Kleikamp In-Reply-To: <1133295480.8944.48.camel@kleikamp.austin.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Dave Kleikamp wrote: >On Thu, 2005-11-24 at 20:11 -0600, Steve French wrote: > > >>Should a non-root user always be able to mount on a directory they do >>not own if /etc/fstab entry is marked "user"? >> >> > >That's the usual behavior. For instance, user mounts are allowed >on /mnt/cdrom or /mnt/floppy, which are usually owned by root. > > > >> Are there other >>restrictions that I should check? >> >> > >Mounts by non-root are not allowed to specify any additional mount >options. Only the options in /etc/fstab are used. > > > >>In particular, bug >> https://bugzilla.samba.org/show_bug.cgi?id=1617 >>asks the cifs vfs allow that a user can mount over a directory owned by >>root if /etc/fstab says "user" on the matching line. >>If there are not other security problems, I was planning to follow the >>suggestion in the bug? I noticed that at least for this version of >>SuSE smbfs no longer can do setuid mounts, so I could not compare with >>that, but presumably nfs has no particular security checks in mount >>beyond what is already there in mount.cifs.c (with the suggested >>modification) >> >> What has been a little puzzling to me is that I don't see where smbfs checks the fstab in its mount helper - and so presumably the user is comparing with nfs where he was used to being able to do this.