mount.8: mtab as symlink

mount.8: mtab as symlink

[Bernhard Voelker]

Hi Karel,

on coreutils' mailing list, we regularly receive complaints about
df(1) not working properly with bind mounts, and it turns out that
the users' system still has /etc/mtab as a regular file.
(There were recently a lot of attempts to fix issues with duplicate
mounts and over-mounting - and thus eclipsing - of source or target.)

Well, there might be a bug in df(1), anyway, we'd like to advise
the user to switch to mtab as a symlink to /proc/mounts or
/proc/self/mounts as it is common nowadays on many distros.
But then the user reads "man 8 mount" ...

  It is  possible to replace /etc/mtab by a symbolic link to
  /proc/mounts, and especially when you have very large numbers
  of mounts things will be much faster with that symlink, but some
  information is lost that way, and in particular using the "user"
  option will fail.

... and is scared about the last sentence.
Is this still true? I don't have problems with mounting "user"
file systems (apart from ntfs-3g) here. What are the problems,
and if they still exist, could the details be added to the man
page, please?

Thanks & have a nice day,
Berny

Re: mount.8: mtab as symlink

[Karel Zak]

On Mon, Jul 21, 2014 at 08:05:29AM +0200, Bernhard Voelker wrote:
>   It is  possible to replace /etc/mtab by a symbolic link to
>   /proc/mounts, and especially when you have very large numbers
>   of mounts things will be much faster with that symlink, but some
>   information is lost that way, and in particular using the "user"
>   option will fail.
> 
> ... and is scared about the last sentence.
> Is this still true? I don't have problems with mounting "user"
 
  Oops, this is really obsolete info. Fixed. Thanks!

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: mount.8: mtab as symlink

[Benno Schulenberg]

On Mon, Jul 21, 2014, at 10:28, Karel Zak wrote:
> On Mon, Jul 21, 2014 at 08:05:29AM +0200, Bernhard Voelker wrote:
> >   It is  possible to replace /etc/mtab by a symbolic link to
> >   /proc/mounts, and especially when you have very large numbers
> >   of mounts things will be much faster with that symlink, but some
> >   information is lost that way, and in particular using the "user"
> >   option will fail.
>  
>   Oops, this is really obsolete info. Fixed. Thanks!

So how does umount determine that a device was mounted by a user
and thus that the user is alllowed to unmount it again?  In my
/proc/mounts there is no indication that a user mounted a partition
(apart from the "nosuid,nodev,noexec" hint, but that is no guarantee).
Does it require a certain minimum kernel version?

And what if the mount option is "users"?  And in both cases, what if
root mounted such a partition?  How does umount figure out that a
user may still not unmount it?

Benno

-- 
http://www.fastmail.fm - Same, same, but different...

Re: mount.8: mtab as symlink

[Bernhard Voelker]

On 07/21/2014 11:16 PM, Benno Schulenberg wrote:
> So how does umount determine that a device was mounted by a user
> and thus that the user is alllowed to unmount it again?

man sys-utils/mount.8  # the new one! ;-)

   user   Allow  an  ordinary user to mount the filesystem.
          The name of the mounting user is written to mtab
          (or to the private libmount file in /run/mount on
          system without regular mtab) so that he can unmount
          the filesystem again.

Have a nice day,
Berny

Re: mount.8: mtab as symlink

[Benno Schulenberg]

On Mon, Jul 21, 2014, at 23:32, Bernhard Voelker wrote:
> On 07/21/2014 11:16 PM, Benno Schulenberg wrote:
> > So how does umount determine that a device was mounted by a user
> > and thus that the user is alllowed to unmount it again?
> 
> man sys-utils/mount.8  # the new one! ;-)

:)  Ah, the man page is too big!

>    user   Allow  an  ordinary user to mount the filesystem.
>           The name of the mounting user is written to mtab
>           (or to the private libmount file in /run/mount on
>           system without regular mtab) so that he can unmount
>           the filesystem again.

There is no /run directory on my system.  So this probably means
that this mechanism requires a minimum kernel version?  Or should
that be /var/run/mount?

By the way, Karel, what are these 'helper=' and 'uhelper=' things
that are mentioned in umount.8?  Shouldn't these be mentioned in
mount.8 too, and more extensively?  But... how can uhelper ever
be specified when a mountpoint isn't defined in /etc/fstab?

Benno

-- 
http://www.fastmail.fm - The way an email service should be

Re: mount.8: mtab as symlink

[Karel Zak]

On Tue, Jul 22, 2014 at 12:18:53AM +0200, Benno Schulenberg wrote:
> 
> On Mon, Jul 21, 2014, at 23:32, Bernhard Voelker wrote:
> > On 07/21/2014 11:16 PM, Benno Schulenberg wrote:
> > > So how does umount determine that a device was mounted by a user
> > > and thus that the user is alllowed to unmount it again?
> > 
> > man sys-utils/mount.8  # the new one! ;-)
> 
> :)  Ah, the man page is too big!
> 
> >    user   Allow  an  ordinary user to mount the filesystem.
> >           The name of the mounting user is written to mtab
> >           (or to the private libmount file in /run/mount on
> >           system without regular mtab) so that he can unmount
> >           the filesystem again.
> 
> There is no /run directory on my system.  So this probably means
> that this mechanism requires a minimum kernel version?  Or should
> that be /var/run/mount?

All this is userspace stuff only, if you don't have /run than it uses
old obsolete /dev/.mount/utab

> By the way, Karel, what are these 'helper=' and 'uhelper=' things
> that are mentioned in umount.8?  Shouldn't these be mentioned in
> mount.8 too, and more extensively? 

Not sure, it's implemented for very special purpose when udisks mount
a device that should be umounted again by udisks. I don't think we
want to do any advertisement for this functionality.

> But... how can uhelper ever
> be specified when a mountpoint isn't defined in /etc/fstab?

It's never specified in fstab, it's specified by udisks when it calls
mount(8).

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: mount.8: mtab as symlink

[Benno Schulenberg]

On Tue, Jul 22, 2014, at 01:49, Karel Zak wrote:
> On Tue, Jul 22, 2014 at 12:18:53AM +0200, Benno Schulenberg wrote:
> > By the way, Karel, what are these 'helper=' and 'uhelper=' things
> > that are mentioned in umount.8?  Shouldn't these be mentioned in
> > mount.8 too, and more extensively? 
> 
> Not sure, it's implemented for very special purpose when udisks mount
> a device that should be umounted again by udisks. I don't think we
> want to do any advertisement for this functionality.

So... should it be removed from the man page of umount too?
If so, the third patch in the upcoming series does that.

Benno

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

Re: mount.8: mtab as symlink

[Karel Zak]

On Sun, Jul 27, 2014 at 08:57:04PM +0200, Benno Schulenberg wrote:
> 
> On Tue, Jul 22, 2014, at 01:49, Karel Zak wrote:
> > On Tue, Jul 22, 2014 at 12:18:53AM +0200, Benno Schulenberg wrote:
> > > By the way, Karel, what are these 'helper=' and 'uhelper=' things
> > > that are mentioned in umount.8?  Shouldn't these be mentioned in
> > > mount.8 too, and more extensively? 
> > 
> > Not sure, it's implemented for very special purpose when udisks mount
> > a device that should be umounted again by udisks. I don't think we
> > want to do any advertisement for this functionality.
> 
> So... should it be removed from the man page of umount too?
> If so, the third patch in the upcoming series does that.

 Please, no. It's described in the section where is description of the
 API between umount(8) and external helpers. IMHO 'helper=' and
 'uhelper=' makes sense there.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

helper= and uhelper=

[Benno Schulenberg]

On Tue, Jul 29, 2014, at 12:21, Karel Zak wrote:
> On Sun, Jul 27, 2014 at 08:57:04PM +0200, Benno Schulenberg wrote:
> > So... should it be removed from the man page of umount too?
> > If so, the third patch in the upcoming series does that.
> 
>  Please, no. It's described in the section where is description of the
>  API between umount(8) and external helpers. IMHO 'helper=' and
>  'uhelper=' makes sense there.

Well, you applied the third patch in the series of six anyway, :)
so the mention of those [u]helper markers was removed.  I'll submit
a patch later to restore them, worded more clearly.  But first let's
make sure that I understand what they mean.

First there was commit f19c952b2fc07ddd7a698cf3a213a9a16d13e7ba
"umount: use helper= for all UIDs", where 'phelper' is renamed
to 'helper', because it serves not just for root.  But two weeks
earlier there was commit c56226697342ddd663492f77768e7a7cb8e579a1
"umount: call /sbin/umount.<uhelper> for root user too".

So, if I understand well, uhelper= and helper= would behave
exactly the same under all circumstances?

$ udisks --mount /dev/sda3
Mounted /org/freedesktop/UDisks/devices/sda3 at /media/Mint Petra

$ grep sda3 /etc/mtab
/dev/sda3 /media/Mint\040Petra ext4 rw,nosuid,nodev,uhelper=udisks 0 0

$ ./umount -v /dev/sda3

(Oh, that last command is surprising: it doesn't say anything.  I would
expect it to say that /dev/sda3 was successfully unmounted.  Oh, and
why isn't sda3 'noexec' here although it was mounted by a user?)

So when using udisks, a uhelper= marker will be put into the /etc/mtab
file (the real one).  Is there any program that will put a helper= marker
in the /etc/mtab file?  (I call it a 'marker' because it is not a mount
option: putting it in /etc/fstab makes no sense, and using it on the
command line does not work).

$ ./mount -o uhelper=udisks /dev/sda3
lt-mount: only root can use "--options" option

$ sudo ./mount -o uhelper=udisks /dev/sda3
lt-mount: can't find /dev/sda3 in /etc/fstab

Benno

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own

Re: helper= and uhelper=

[Karel Zak]

On Tue, Jul 29, 2014 at 09:41:30PM +0200, Benno Schulenberg wrote:
> Well, you applied the third patch in the series of six anyway, :)

oh, I usually check if the patch applies to code to do more
detailed review and I forgot you have talked about uhelper= too.

> so the mention of those [u]helper markers was removed.  I'll submit
> a patch later to restore them, worded more clearly.  But first let's

please

> make sure that I understand what they mean.
> 
> So, if I understand well, uhelper= and helper= would behave
> exactly the same under all circumstances?

We have three types of umount helpers

 umount.<type>    where <type> is filesystem type (e.g. umount.nfs)

 umount.<helper>  this is exactly the same like mount.<type> but the name is 
                  from helper= mtab option

 If you want to umount any filesystem and you have no root permissions
 then the filesystem has to be in fstab (and in mtab with 'user'
 option).

 umount.<uhelper> helper for unprivileged users, the filesystem does
                  not have to be in fstab, the entry in mtab is enough.
 
 Note that all helpers are always executed without root permissions,
 the helper has to be suid or use any other way to do umount(2).

> $ udisks --mount /dev/sda3
> Mounted /org/freedesktop/UDisks/devices/sda3 at /media/Mint Petra
> 
> $ grep sda3 /etc/mtab
> /dev/sda3 /media/Mint\040Petra ext4 rw,nosuid,nodev,uhelper=udisks 0 0
> 
> $ ./umount -v /dev/sda3
>
> (Oh, that last command is surprising: it doesn't say anything.  I would
> expect it to say that /dev/sda3 was successfully unmounted.  Oh, and

 well, report it to udisk

> why isn't sda3 'noexec' here although it was mounted by a user?)

 udisks have any policy for this purpose ... and "noexec" is pseudo
 security optimization, you can copy the file to you $HOME and
 execute. The options nosuid,nodev are more important. Anyway, all
 this is controlled by udisks.

> So when using udisks, a uhelper= marker will be put into the /etc/mtab
> file (the real one).  Is there any program that will put a helper= marker
> in the /etc/mtab file?

 I don't remember any program with "helper=", but it means nothing.

    Karel


-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: helper= and uhelper=

[Benno Schulenberg]

On Wed, Jul 30, 2014, at 09:26, Karel Zak wrote:
>  If you want to umount any filesystem and you have no root permissions
>  then the filesystem has to be in fstab (and in mtab with 'user'
>  option).

To be more precise, when wanting to unmount while not having
superuser permissions, and there is no uhelper=somethingvalid
marker in the mtab file, then the filesystem has to be in /etc/fstab
with the option 'users' (and no marker needs to be present in mtab,
and even if it is, it will be ignored), or the /etc/fstab file contains
the option 'user' and the /etc/mtab file contains 'user=yourname'.
Right?

Benno

-- 
http://www.fastmail.fm - A fast, anti-spam email service.