Mount does not honor 'user' option.

Done

Details

3 participants

Danny Milosavljevic
Diego Nicola Barbato
Ludovic Courtès

Owner: unassigned

Submitted by: Diego Nicola Barbato

Severity: normal

Diego Nicola Barbato wrote on 1 Oct 2019 15:41

Recipients:(address . bug-guix@gnu.org)

Message-ID:87lfu4wpjs.fsf@GlaDOS.home

Hey Guix,

I have added the following to `file-systems' in my operating-system

config:

Toggle snippet (8 lines)

(file-system

(device "127.0.0.1")

(mount-point "/home/diego/inf")

(type "9p")

(options "noextend,trans=tcp,dfltuid=1000,dfltgid=998,port=9001,user,nofail")

(mount? #f))

It works almost as expected except that when I try to mount the file

system as a regular user (which is what the option 'user' is supposed to

allow) I get:

$ LC_ALL=C mount inf

mount: /home/diego/inf: must be superuser to use mount.

The command succeeds if I run it as root.

The following steps reproduce the issue without using a 9p file system:

1. Prepare a file system on a loopback device:

$ dd if=/dev/zero of=foo.img bs=1024 count=524288

$ udisksctl loop-setup --file foo.img

Mapped file foo.img as /dev/loop0.

$ sudo mkfs.ext4 -L foofs /dev/loop0

2. Add the following line to /etc/fstab replacing <name> with something

more appropriate:

LABEL=foofs /home/<name>/foofs ext4 defaults,user

3. Try to mount the filesystem as an unprivileged user (This should work

and does work on e.g. Debian 10):

$ mkdir foofs

$ LC_ALL=C mount foofs

mount: /home/<name>/foofs: must be superuser to use mount.

4. Try it with sudo to confirm that everything else works as expected:

$ sudo mount foofs

$ ls foofs

lost+found/

Regards,

Diego

Danny Milosavljevic wrote on 1 Oct 2019 21:27

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 37569@debbugs.gnu.org)

Message-ID:20191001212726.62b763e1@scratchpost.org

Hmm, how is that solved with other distributions? Is "mount" suid root there?

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl2TqJ4ACgkQ5xo1VCww

uqWhAwgApFre3wTRY1kifh/aVYEcRBj9j03b887lJzs+GPaR9af8bNbvDafXqeN2

kJ8wa7eU6kLa4CpCQrppcXLMNH5sMmR56Ny7Cjh2IUkmUMaRFOvKNg6vA4QFllH5

wXnwFNVHusYtXjOh0lLVTSMdDNDhBi3mMYzmpUhO5MmDC+AGQ0AhidsA1fjTDKXJ

JWTaU5Kyikzk1z+ehR5p0HSEBxog4AuQiPPSWplAg1DaxHA3nRmS3bRpV9lOQNmm

RrBdf1J35FxrQpADsaf9yDFRxbkrANjojbwjXZb8DK9AS90Ps3+xqZY0Q59VirTV

45CaOo7Ev5AM/k+j1XqTRcB4DrxLWQ==

=JWIX

-----END PGP SIGNATURE-----

Diego Nicola Barbato wrote on 1 Oct 2019 23:43

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 37569@debbugs.gnu.org)

Message-ID:87h84sw39p.fsf@GlaDOS.home

Hello Danny,

Danny Milosavljevic <dannym@scratchpost.org> writes:

Toggle quote (2 lines)

> Hmm, how is that solved with other distributions? Is "mount" suid root there?

Indeed, in Debian both mount and umount are suid root:

$ stat -c "%a %U:%G %n" /bin/*mount

4755 root:root /bin/fusermount

4755 root:root /bin/mount

4755 root:root /bin/umount

Thanks,

Diego

Diego Nicola Barbato wrote on 4 Oct 2019 08:59

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 37569@debbugs.gnu.org)

Message-ID:87k19lt2r9.fsf@GlaDOS.home

Diego Nicola Barbato <dnbarbato@posteo.de> writes:

Toggle quote (13 lines)> Hello Danny,
>
> Danny Milosavljevic <dannym@scratchpost.org> writes:
>
>> Hmm, how is that solved with other distributions?  Is "mount" suid root there?
>
> Indeed, in Debian both mount and umount are suid root:
>
>   $ stat -c "%a %U:%G %n" /bin/*mount
>   4755 root:root /bin/fusermount
>   4755 root:root /bin/mount
>   4755 root:root /bin/umount

I've tried adding "mount" and "umount" to `setuid-programs' in my

operating-system config:

Toggle snippet (6 lines)

(setuid-programs (cons*

#~(string-append #$util-linux "/bin/mount")

#~(string-append #$util-linux "/bin/umount")

%setuid-programs))

Mounting as an unprivileged user now works as expected (even the fancy

9p stuff). Is there any rationale for not adding "mount" and "umount"

to `%setuid-programs' by default?

Thanks,

Diego

Ludovic Courtès wrote on 6 Oct 2019 14:46

Recipients:(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)

Message-ID:87a7aedotm.fsf@gnu.org

Hi,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (11 lines)> I've tried adding "mount" and "umount" to `setuid-programs' in my
> operating-system config:
>
> (setuid-programs (cons*                                       
>                   #~(string-append #$util-linux "/bin/mount") 
>                   #~(string-append #$util-linux "/bin/umount")
>                   %setuid-programs))
>
> Mounting as an unprivileged user now works as expected (even the fancy
> 9p stuff).

Cool!

Toggle quote (3 lines)

> Is there any rationale for not adding "mount" and "umount" to

> `%setuid-programs' by default?

No, especially since they perform the right checks and error out with

“only root can do that” when needed.

I added them in commit 19944227528502e3619a6d1557bc735224f6fef6.

Thanks!

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 37569@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date