Bug 1617 - user cannot mount a share on a directory he does not own.
Summary: user cannot mount a share on a directory he does not own.
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 2.6
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Jeff Layton
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-08-17 11:35 UTC by Pablo
Modified: 2009-06-23 12:01 UTC (History)
5 users (show)

See Also:

Fix for DFS oops (4.22 KB, text/x-diff)
2009-02-10 12:07 UTC, Steve French
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pablo 2004-08-17 11:35:06 UTC
Given the following entries in fstab:

//server/share /mnt/dir cifs  rw,noauto,user,workgroup=wg  0 0

root can issue:

mount /mnt/dir

and works. But for a non root user, mount /mnt/dir gives: 

mount error: permission denied or not superuser and mount.cifs not installed SUID

(note: mount.cifs is indeed installed SUID). If the mount point is owned by the
user, it works ok.

I suppose the problem is in line 801 of mount.cifs.c. It says:

if((getuid() != 0) && (geteuid() == 0)) {

If I change it to 

if((getuid() != 0) && (geteuid() != 0)) {

then users can mount/unmount with no problem at all, even if the user is not the
owner of the mount point.

I don't know if allowing to mount on a mount point not owned by the same user
that issues the mount command is considered a security problem, but it is
consistent with the way other file systems can be mounted. Or was it just a typo ?

I am using gentoo linux with kernel 2.6.7, connecting to a windows 2003 share.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-08-24 05:58:25 UTC
cifsvfs issue, not samba
Comment 2 cruz fernandez 2004-09-12 15:55:04 UTC
i thought the problem was in the smbmnt.c, as i can see, it has a similar line
to validate getuid, etc:

        if ((getuid() != 0) &&
            ((getuid() != st.st_uid) ||
             ((st.st_mode & S_IRWXU) != S_IRWXU))) {
                errno = EPERM;
                return -1;

i think the user should be validated looking at the fstab.h file. (searching for
the mount point and checking that "user" or "users" is an option there)

something like this:
        if ((mc = getfsspec (mount_point)) == NULL &&
        (mc = getfsfile (mount_point)) == NULL)
                return -1;
and :

        if ((getuid() != 0) &&
            ((getuid() != st.st_uid) ||
             ((st.st_mode & S_IRWXU) != S_IRWXU)) &&
            ) {
                errno = EPERM;
                return -1;
i changed it and now works perfectly fine (except the umount :-)
Comment 3 Steve French 2005-11-24 19:19:40 UTC
I do want to explore the umount question as well (not convinced that a umount helper, umount.cifs, is the right approach - there has been some discussion on lkml about suid and mount/umount helpers).
Comment 4 Steve French 2005-11-27 09:26:58 UTC
I posted to linux-fsdevel asking for opinions on this, in addition I would like to see what mount source does for this (e.g. for the case of nfs) in particular whether there are additional checks that need to be done.
Comment 5 C. Russell Lehman 2006-04-30 13:26:28 UTC
This is the problme code: From version 1.7 mount.cifs.c
	if((getuid() != 0) && (geteuid() == 0)) {
		if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {
			/* Do not allow user mounts to control suid flag
			for mount unless explicitly built that way */
			flags |= MS_NOSUID | MS_NODEV;
		} else {
			printf("mount error: permission denied or not superuser 0and mount.cifs not installed SUID\n"); 
			return -1;

The biggest problem is that the error message is misleading. You can not in fact trigger this message unless the program IS installed SUID root. Also, if mount.cifs is run by a non root user and is installed SUID, the error will be triggered unless the user owns the mount point and the owner has read rwite execute. I replaced this block of code with the following:
	if(getuid() != 0){
		if(geteuid() == 0) {
/* Russ Lehman 4/28/2006: Do not require non-root user to be the owner of the
 * mount point. This is not consistent with behavior of "mount" for other file
 * systems. Just check that user has read/write/execute permissions */
			/*if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {*/
			if(((statbuf.st_uid == getuid())
						&& (S_IRWXU == (statbuf.st_mode & S_IRWXU)))
					|| ((statbuf.st_gid == getgid())
						&& (S_IRWXG == (statbuf.st_mode & S_IRWXG)))
					|| (S_IRWXO == (statbuf.st_mode & S_IRWXO))) {
				/* Do not allow user mounts to control suid flag
				for mount unless explicitly built that way */
				flags |= MS_NOSUID | MS_NODEV;
			} else {
				printf("Mount error: Permission denied.\n"); 
				return -1;
		} else {
			printf("Mount error: You are not the superuser and mount.cifs\n"
					"    is not installed SUID.\n");
			return -1;
This will allow the mount as long as the user has read-write-execute permissions on the mount point (and issue a "permission denied" message if he doesn't. It will also issue a correct error message if the program is not installed SUID.

If you intend to continue to require a non-root user to own the mount point, the error message should be replaced with one that correctly identifies the problem.

In gnereal, I think the error messages need to be reworked. Many errors result in something like
mount error 13 = operation not permitted
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");

To make matters worse, the man page does not actually document what any of these error numbers mean. I found it a lot harder than it should have been to get this working, due largely to the uninformative error messages, especially the one referenced by this bug. If this were not open source software, so that I could look at the source and figure out what was really happening, I'm not sure I would have ever figured it out.0
Comment 6 Jack Hanison 2008-12-21 10:56:14 UTC
Since this is acknowledged as a bug, and there is a clear fix as proposed by C. Russell Lehman, when is it planned for this bug fix to be rolled into a future release?
Comment 7 Debian samba package maintainers (PUBLIC MAILING LIST) 2008-12-21 11:49:04 UTC
For the record, this bug is recorded in Debian BTS as well: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177584
Comment 8 Steve French 2009-02-10 12:07:24 UTC
Created attachment 3933 [details]
Fix for DFS oops

Let us know if this fixes it.  Fix has been reviewed, and plan to push upstream to 2.6.29 if tests out ok
Comment 9 James Le Cuirot 2009-02-23 06:01:53 UTC
Steve, was that patch really meant for this bug? I don't think so. Can you give us an update on this one? I've hit the problem on Ubuntu Hardy, which admittedly isn't that recent, but it doesn't look like this was ever fixed.
Comment 10 Jeff Layton 2009-06-21 14:23:21 UTC
This problem should now be fixed in current samba master branch. The default behavior when mount.cifs is installed setuid should now match that of /bin/mount itself.

This shouldn't be taken as a recommendation to install mount.cifs setuid as it's not been given a proper security audit.
Comment 11 Jeff Layton 2009-06-23 12:01:00 UTC
Closing this as fixed in mount.cifs in samba master branch. Please reopen if you find that it's still not working as expected.