Mount does not honor 'user' option.

  • Done
  • quality assurance status badge
Details
3 participants
  • Danny Milosavljevic
  • Diego Nicola Barbato
  • Ludovic Courtès
Owner
unassigned
Submitted by
Diego Nicola Barbato
Severity
normal
D
D
Diego Nicola Barbato wrote on 1 Oct 2019 15:41
(address . bug-guix@gnu.org)
87lfu4wpjs.fsf@GlaDOS.home
Hey Guix,

I have added the following to `file-systems' in my operating-system
config:

Toggle snippet (8 lines)
(file-system
(device "127.0.0.1")
(mount-point "/home/diego/inf")
(type "9p")
(options "noextend,trans=tcp,dfltuid=1000,dfltgid=998,port=9001,user,nofail")
(mount? #f))

It works almost as expected except that when I try to mount the file
system as a regular user (which is what the option 'user' is supposed to
allow) I get:

$ LC_ALL=C mount inf
mount: /home/diego/inf: must be superuser to use mount.

The command succeeds if I run it as root.

The following steps reproduce the issue without using a 9p file system:

1. Prepare a file system on a loopback device:

$ dd if=/dev/zero of=foo.img bs=1024 count=524288
$ udisksctl loop-setup --file foo.img
Mapped file foo.img as /dev/loop0.
$ sudo mkfs.ext4 -L foofs /dev/loop0

2. Add the following line to /etc/fstab replacing <name> with something
more appropriate:

LABEL=foofs /home/<name>/foofs ext4 defaults,user

3. Try to mount the filesystem as an unprivileged user (This should work
and does work on e.g. Debian 10):

$ mkdir foofs
$ LC_ALL=C mount foofs
mount: /home/<name>/foofs: must be superuser to use mount.

4. Try it with sudo to confirm that everything else works as expected:

$ sudo mount foofs
$ ls foofs
lost+found/

Regards,

Diego
D
D
Danny Milosavljevic wrote on 1 Oct 2019 21:27
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 37569@debbugs.gnu.org)
20191001212726.62b763e1@scratchpost.org
Hmm, how is that solved with other distributions? Is "mount" suid root there?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl2TqJ4ACgkQ5xo1VCww
uqWhAwgApFre3wTRY1kifh/aVYEcRBj9j03b887lJzs+GPaR9af8bNbvDafXqeN2
kJ8wa7eU6kLa4CpCQrppcXLMNH5sMmR56Ny7Cjh2IUkmUMaRFOvKNg6vA4QFllH5
wXnwFNVHusYtXjOh0lLVTSMdDNDhBi3mMYzmpUhO5MmDC+AGQ0AhidsA1fjTDKXJ
JWTaU5Kyikzk1z+ehR5p0HSEBxog4AuQiPPSWplAg1DaxHA3nRmS3bRpV9lOQNmm
RrBdf1J35FxrQpADsaf9yDFRxbkrANjojbwjXZb8DK9AS90Ps3+xqZY0Q59VirTV
45CaOo7Ev5AM/k+j1XqTRcB4DrxLWQ==
=JWIX
-----END PGP SIGNATURE-----


D
D
Diego Nicola Barbato wrote on 1 Oct 2019 23:43
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 37569@debbugs.gnu.org)
87h84sw39p.fsf@GlaDOS.home
Hello Danny,

Danny Milosavljevic <dannym@scratchpost.org> writes:

Toggle quote (2 lines)
> Hmm, how is that solved with other distributions? Is "mount" suid root there?

Indeed, in Debian both mount and umount are suid root:

$ stat -c "%a %U:%G %n" /bin/*mount
4755 root:root /bin/fusermount
4755 root:root /bin/mount
4755 root:root /bin/umount

Thanks,

Diego
D
D
Diego Nicola Barbato wrote on 4 Oct 2019 08:59
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 37569@debbugs.gnu.org)
87k19lt2r9.fsf@GlaDOS.home
Diego Nicola Barbato <dnbarbato@posteo.de> writes:

Toggle quote (13 lines)
> Hello Danny,
>
> Danny Milosavljevic <dannym@scratchpost.org> writes:
>
>> Hmm, how is that solved with other distributions? Is "mount" suid root there?
>
> Indeed, in Debian both mount and umount are suid root:
>
> $ stat -c "%a %U:%G %n" /bin/*mount
> 4755 root:root /bin/fusermount
> 4755 root:root /bin/mount
> 4755 root:root /bin/umount

I've tried adding "mount" and "umount" to `setuid-programs' in my
operating-system config:

Toggle snippet (6 lines)
(setuid-programs (cons*
#~(string-append #$util-linux "/bin/mount")
#~(string-append #$util-linux "/bin/umount")
%setuid-programs))

Mounting as an unprivileged user now works as expected (even the fancy
9p stuff). Is there any rationale for not adding "mount" and "umount"
to `%setuid-programs' by default?

Thanks,

Diego
L
L
Ludovic Courtès wrote on 6 Oct 2019 14:46
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)
87a7aedotm.fsf@gnu.org
Hi,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

Toggle quote (11 lines)
> I've tried adding "mount" and "umount" to `setuid-programs' in my
> operating-system config:
>
> (setuid-programs (cons*
> #~(string-append #$util-linux "/bin/mount")
> #~(string-append #$util-linux "/bin/umount")
> %setuid-programs))
>
> Mounting as an unprivileged user now works as expected (even the fancy
> 9p stuff).

Cool!

Toggle quote (3 lines)
> Is there any rationale for not adding "mount" and "umount" to
> `%setuid-programs' by default?

No, especially since they perform the right checks and error out with
“only root can do that” when needed.

I added them in commit 19944227528502e3619a6d1557bc735224f6fef6.

Thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 37569@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 37569
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch