From: Amit Gud <agud@redhat.com>
To: "Steinar H. Gunderson" <sesse@debian.org>, Neil Brown <neilb@suse.de>
Cc: nfs@lists.sourceforge.net, Steve Dickson <SteveD@redhat.com>
Subject: Re: [PATCH] Fix NFS mount options in mount.nfs
Date: Fri, 07 Jul 2006 15:47:00 -0400 [thread overview]
Message-ID: <44AEBA34.9080804@redhat.com> (raw)
In-Reply-To: <20060707184009.GA3338@uio.no>
[-- Attachment #1: Type: text/plain, Size: 773 bytes --]
Steinar H. Gunderson wrote:
> FWIW, this part is wrong:
>
>> install-exec-hook:
>> (cd $(DESTDIR)$(sbindir) && \
>> - ln -sf $(sbin_PROGRAMS) mount.nfs4 && \
>> - ln -sf $(sbin_PROGRAMS) umount.nfs && \
>> - ln -sf $(sbin_PROGRAMS) umount.nfs4)
>> + chmod +s $(sbin_PROGRAMS) && \
>> + cp $(sbin_PROGRAMS) /sbin/mount.nfs4 && \
>> + cp $(sbin_PROGRAMS) /sbin/umount.nfs && \
>> + cp $(sbin_PROGRAMS) /sbin/umount.nfs4)
>
> You cannot expect to be able to put stuff directly into /sbin, you'll have to
> heed $(DESTDIR).
>
Please use the attached patch for testing. It varies only in the above
portion, but that should make a difference.
AG
--
May the source be with you.
http://www.cis.ksu.edu/~gud
[-- Attachment #2: fix-mount-options-v2.patch --]
[-- Type: text/plain, Size: 9369 bytes --]
diff -uprN -X dontdiff nfs-utils/utils/mount/Makefile.am nfs-utils-ag/utils/mount/Makefile.am
--- nfs-utils/utils/mount/Makefile.am 2006-07-02 17:34:58.000000000 -0400
+++ nfs-utils-ag/utils/mount/Makefile.am 2006-07-07 15:06:26.000000000 -0400
@@ -14,9 +14,10 @@ MAINTAINERCLEANFILES = Makefile.in
install-exec-hook:
(cd $(DESTDIR)$(sbindir) && \
- ln -sf $(sbin_PROGRAMS) mount.nfs4 && \
- ln -sf $(sbin_PROGRAMS) umount.nfs && \
- ln -sf $(sbin_PROGRAMS) umount.nfs4)
+ chmod +s $(sbin_PROGRAMS) && \
+ cp -p $(sbin_PROGRAMS) mount.nfs4 && \
+ cp -p $(sbin_PROGRAMS) umount.nfs && \
+ cp -p $(sbin_PROGRAMS) umount.nfs4)
uninstall-hook:
(cd $(DESTDIR)$(sbindir) && \
rm -f mount.nfs4 umount.nfs umount.nfs4)
diff -uprN -X dontdiff nfs-utils/utils/mount/mount.c nfs-utils-ag/utils/mount/mount.c
--- nfs-utils/utils/mount/mount.c 2006-07-02 17:34:58.000000000 -0400
+++ nfs-utils-ag/utils/mount/mount.c 2006-07-07 12:49:41.000000000 -0400
@@ -28,6 +28,7 @@
#include <sys/mount.h>
#include <getopt.h>
#include <mntent.h>
+#include <pwd.h>
#include "fstab.h"
#include "xcommon.h"
@@ -74,6 +75,14 @@ struct opt_map {
int mask; /* flag mask value */
};
+/* Custom mount options for our own purposes. */
+/* Maybe these should now be freed for kernel use again */
+#define MS_DUMMY 0x00000000
+#define MS_USERS 0x40000000
+#define MS_USER 0x20000000
+#define MS_OWNER 0x10000000
+#define MS_GROUP 0x08000000
+
static const struct opt_map opt_map[] = {
{ "defaults", 0, 0, 0 }, /* default options */
{ "ro", 1, 0, MS_RDONLY }, /* read-only */
@@ -90,6 +99,18 @@ static const struct opt_map opt_map[] =
{ "remount", 0, 0, MS_REMOUNT}, /* Alter flags of mounted FS */
{ "bind", 0, 0, MS_BIND }, /* Remount part of tree elsewhere */
{ "rbind", 0, 0, MS_BIND|MS_REC }, /* Idem, plus mounted subtrees */
+ { "auto", 0, 0, MS_DUMMY }, /* Can be mounted using -a */
+ { "noauto", 0, 0, MS_DUMMY }, /* Can only be mounted explicitly */
+ { "users", 0, 0, MS_USERS }, /* Allow ordinary user to mount */
+ { "nousers", 0, 0, MS_USERS }, /* Forbid ordinary user to mount */
+ { "user", 0, 0, MS_USER }, /* Allow ordinary user to mount */
+ { "nouser", 0, 0, MS_USER }, /* Forbid ordinary user to mount */
+ { "owner", 0, 0, MS_OWNER }, /* Let the owner of the device mount */
+ { "noowner", 0, 0, MS_OWNER }, /* Device owner has no special privs */
+ { "group", 0, 0, MS_GROUP }, /* Let the group of the device mount */
+ { "nogroup", 0, 0, MS_GROUP }, /* Device group has no special privs */
+ { "_netdev", 0, 0, MS_DUMMY}, /* Device requires network */
+ { "comment", 0, 0, MS_DUMMY}, /* fstab comment only (kudzu,_netdev)*/
/* add new options here */
#ifdef MS_NOSUB
@@ -104,6 +125,7 @@ static const struct opt_map opt_map[] =
{ "mand", 0, 0, MS_MANDLOCK }, /* Allow mandatory locks on this FS */
{ "nomand", 0, 1, MS_MANDLOCK }, /* Forbid mandatory locks on this FS */
#endif
+ { "loop", 1, 0, MS_DUMMY }, /* use a loop device */
#ifdef MS_NOATIME
{ "atime", 0, 1, MS_NOATIME }, /* Update access time */
{ "noatime", 0, 0, MS_NOATIME }, /* Do not update access time */
@@ -121,6 +143,12 @@ static char * fix_opts_string (int flags
char *new_opts;
new_opts = xstrdup((flags & MS_RDONLY) ? "ro" : "rw");
+ if (flags & MS_USER) {
+ struct passwd *pw = getpwuid(getuid());
+ if(pw)
+ new_opts = xstrconcat3(new_opts, ",user=", pw->pw_name);
+ }
+
for (om = opt_map; om->opt != NULL; om++) {
if (om->skip)
continue;
@@ -132,9 +160,20 @@ static char * fix_opts_string (int flags
if (extra_opts && *extra_opts) {
new_opts = xstrconcat3(new_opts, ",", extra_opts);
}
+
return new_opts;
}
+void copy_mntent(struct mntent *ment, nfs_mntent_t *nment)
+{
+ /* Not sure why nfs_mntent_t should exist */
+ strcpy(nment->mnt_fsname, ment->mnt_fsname);
+ strcpy(nment->mnt_dir, ment->mnt_dir);
+ strcpy(nment->mnt_type, ment->mnt_type);
+ strcpy(nment->mnt_opts, ment->mnt_opts);
+ nment->mnt_freq = ment->mnt_freq;
+ nment->mnt_passno = ment->mnt_passno;
+}
int add_mtab(char *fsname, char *mount_point, char *fstype, int flags, char *opts, int freq, int passno)
{
@@ -146,8 +185,16 @@ int add_mtab(char *fsname, char *mount_p
ment.mnt_dir = mount_point;
ment.mnt_type = fstype;
ment.mnt_opts = fix_opts_string(flags, opts);
- ment.mnt_freq = 0;
- ment.mnt_passno= 0;
+ ment.mnt_freq = freq;
+ ment.mnt_passno= passno;
+
+ if(flags & MS_REMOUNT) {
+ nfs_mntent_t nment;
+
+ copy_mntent(&ment, &nment);
+ update_mtab(nment.mnt_dir, &nment);
+ return 0;
+ }
if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
fprintf(stderr, "Can't get "MOUNTED"~ lock file");
@@ -246,16 +293,16 @@ static void mount_error(char *node)
{
switch(errno) {
case ENOTDIR:
- printf("%s: mount point %s is not a directory\n", progname, node);
+ fprintf(stderr, "%s: mount point %s is not a directory\n", progname, node);
break;
case EBUSY:
- printf("%s: %s is already mounted or busy\n", progname, node);
+ fprintf(stderr, "%s: %s is already mounted or busy\n", progname, node);
break;
case ENOENT:
- printf("%s: mount point %s does not exist\n", progname, node);
+ fprintf(stderr, "%s: mount point %s does not exist\n", progname, node);
break;
default:
- printf("%s: %s\n", progname, strerror(errno));
+ fprintf(stderr, "%s: %s\n", progname, strerror(errno));
}
}
@@ -269,11 +316,6 @@ int main(int argc, char *argv[])
if ((p = strrchr(progname, '/')) != NULL)
progname = p+1;
- if (getuid() != 0) {
- printf("%s: only root can do that.\n", progname);
- exit(1);
- }
-
if(!strncmp(progname, "umount", strlen("umount"))) {
if(argc < 2) {
umount_usage();
@@ -358,6 +400,11 @@ int main(int argc, char *argv[])
parse_opts(mount_opts, &flags, &extra_opts);
+ if (getuid() != 0 && !(flags & MS_USERS) && !(flags & MS_USER)) {
+ fprintf(stderr, "%s: permission denied.\n", progname);
+ exit(1);
+ }
+
if (!strcmp(progname, "mount.nfs4") || nfs_mount_vers == 4) {
nfs_mount_vers = 4;
mnt_err = nfs4mount(spec, mount_point, &flags, &extra_opts, &mount_opts, 0);
@@ -370,16 +417,19 @@ int main(int argc, char *argv[])
}
if (!mnt_err && !fake) {
- mnt_err = do_mount_syscall(spec, mount_point, nfs_mount_vers == 4 ? "nfs4" : "nfs", flags, mount_opts);
+ if(!(flags & MS_REMOUNT)) {
+ mnt_err = do_mount_syscall(spec, mount_point,
+ nfs_mount_vers == 4 ? "nfs4" : "nfs", flags, mount_opts);
- if(mnt_err) {
- mount_error(mount_point);
- exit(-1);
+ if(mnt_err) {
+ mount_error(mount_point);
+ exit(-1);
+ }
}
-
- if(!nomtab)
+ if(!nomtab) {
add_mtab(spec, mount_point, nfs_mount_vers == 4 ? "nfs4" : "nfs",
flags, extra_opts, 0, 0);
+ }
}
return 0;
Binary files nfs-utils/utils/mount/mount.nfs and nfs-utils-ag/utils/mount/mount.nfs differ
diff -uprN -X dontdiff nfs-utils/utils/mount/nfsumount.c nfs-utils-ag/utils/mount/nfsumount.c
--- nfs-utils/utils/mount/nfsumount.c 2006-07-02 17:34:58.000000000 -0400
+++ nfs-utils-ag/utils/mount/nfsumount.c 2006-07-07 12:49:41.000000000 -0400
@@ -23,6 +23,7 @@
#include <mntent.h>
#include <sys/mount.h>
#include <ctype.h>
+#include <pwd.h>
#include "xcommon.h"
#include "fstab.h"
@@ -156,6 +157,42 @@ static void complain(int err, const char
}
}
+/*
+ * Look for an option in a comma-separated list
+ */
+static int
+contains(const char *list, const char *s) {
+ int n = strlen(s);
+
+ while (*list) {
+ if (strncmp(list, s, n) == 0 &&
+ (list[n] == 0 || list[n] == ','))
+ return 1;
+ while (*list && *list++ != ',') ;
+ }
+ return 0;
+}
+
+/*
+ * If list contains "user=peter" and we ask for "user=", return "peter"
+ */
+static char *
+get_value(const char *list, const char *s) {
+ const char *t;
+ int n = strlen(s);
+
+ while (*list) {
+ if (strncmp(list, s, n) == 0) {
+ s = t = list+n;
+ while (*s && *s != ',')
+ s++;
+ return xstrndup(t, s-t);
+ }
+ while (*list && *list++ != ',') ;
+ }
+ return 0;
+}
+
int add_mtab2(const char *spec, const char *node, const char *type,
const char *opts, struct mntentchn *mc)
{
@@ -307,7 +344,7 @@ int _nfsumount(const char *spec, const c
goto out_bad;
return nfs_call_umount(&mnt_server, &dirname);
out_bad:
- printf("%s: %s: not found or not mounted\n", progname, spec);
+ fprintf(stderr, "%s: %s: not found or not mounted\n", progname, spec);
return 0;
}
@@ -376,6 +413,21 @@ int nfsumount(int argc, char *argv[])
printf(_("Could not find %s in mtab\n"), spec);
if(mc) {
+ if(contains(mc->m.mnt_opts, "user") && getuid() != 0) {
+ struct passwd *pw = getpwuid(getuid());
+ if(!pw || strcmp(pw->pw_name, get_value(mc->m.mnt_opts, "user="))) {
+ fprintf(stderr, "%s: permission denied to unmount %s\n",
+ progname, spec);
+ exit(1);
+ }
+ } else {
+ if(!contains(mc->m.mnt_opts, "users") && getuid() != 0) {
+ fprintf(stderr, "%s: only root can unmount %s from %s\n",
+ progname, mc->m.mnt_fsname, mc->m.mnt_dir);
+ exit(1);
+ }
+ }
+
ret = _nfsumount(mc->m.mnt_fsname, mc->m.mnt_opts);
if(ret)
ret = add_mtab2(mc->m.mnt_fsname, mc->m.mnt_dir,
[-- Attachment #3: Type: text/plain, Size: 299 bytes --]
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
[-- Attachment #4: Type: text/plain, Size: 140 bytes --]
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2006-07-07 19:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-07 17:45 [PATCH] Fix NFS mount options in mount.nfs Amit Gud
2006-07-07 17:45 ` Steinar H. Gunderson
2006-07-07 18:03 ` Amit Gud
2006-07-07 18:31 ` Steinar H. Gunderson
2006-07-08 18:56 ` Chuck Lever
2006-07-08 19:12 ` Amit Gud
2006-07-07 18:40 ` Steinar H. Gunderson
2006-07-07 19:47 ` Amit Gud [this message]
2006-07-07 20:32 ` Steinar H. Gunderson
2006-07-07 20:54 ` Amit Gud
2006-07-07 23:31 ` Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44AEBA34.9080804@redhat.com \
--to=agud@redhat.com \
--cc=SteveD@redhat.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
--cc=sesse@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox