Given the following entries in fstab: //server/share /mnt/dir cifs rw,noauto,user,workgroup=wg 0 0 root can issue: mount /mnt/dir and works. But for a non root user, mount /mnt/dir gives: mount error: permission denied or not superuser and mount.cifs not installed SUID (note: mount.cifs is indeed installed SUID). If the mount point is owned by the user, it works ok. I suppose the problem is in line 801 of mount.cifs.c. It says: if((getuid() != 0) && (geteuid() == 0)) { If I change it to if((getuid() != 0) && (geteuid() != 0)) { then users can mount/unmount with no problem at all, even if the user is not the owner of the mount point. I don't know if allowing to mount on a mount point not owned by the same user that issues the mount command is considered a security problem, but it is consistent with the way other file systems can be mounted. Or was it just a typo ? I am using gentoo linux with kernel 2.6.7, connecting to a windows 2003 share.
cifsvfs issue, not samba
i thought the problem was in the smbmnt.c, as i can see, it has a similar line to validate getuid, etc: if ((getuid() != 0) && ((getuid() != st.st_uid) || ((st.st_mode & S_IRWXU) != S_IRWXU))) { errno = EPERM; return -1; } i think the user should be validated looking at the fstab.h file. (searching for the mount point and checking that "user" or "users" is an option there) something like this: if ((mc = getfsspec (mount_point)) == NULL && (mc = getfsfile (mount_point)) == NULL) return -1; and : if ((getuid() != 0) && ((getuid() != st.st_uid) || ((st.st_mode & S_IRWXU) != S_IRWXU)) && (!strstr(mc->fs_mntops,"user")) ) { errno = EPERM; return -1; } i changed it and now works perfectly fine (except the umount :-)
I do want to explore the umount question as well (not convinced that a umount helper, umount.cifs, is the right approach - there has been some discussion on lkml about suid and mount/umount helpers).
I posted to linux-fsdevel asking for opinions on this, in addition I would like to see what mount source does for this (e.g. for the case of nfs) in particular whether there are additional checks that need to be done.
This is the problme code: From version 1.7 mount.cifs.c if((getuid() != 0) && (geteuid() == 0)) { if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { #ifndef CIFS_ALLOW_USR_SUID /* Do not allow user mounts to control suid flag for mount unless explicitly built that way */ flags |= MS_NOSUID | MS_NODEV; #endif } else { printf("mount error: permission denied or not superuser 0and mount.cifs not installed SUID\n"); return -1; } } The biggest problem is that the error message is misleading. You can not in fact trigger this message unless the program IS installed SUID root. Also, if mount.cifs is run by a non root user and is installed SUID, the error will be triggered unless the user owns the mount point and the owner has read rwite execute. I replaced this block of code with the following: if(getuid() != 0){ if(geteuid() == 0) { /* Russ Lehman 4/28/2006: Do not require non-root user to be the owner of the * mount point. This is not consistent with behavior of "mount" for other file * systems. Just check that user has read/write/execute permissions */ /*if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {*/ if(((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) || ((statbuf.st_gid == getgid()) && (S_IRWXG == (statbuf.st_mode & S_IRWXG))) || (S_IRWXO == (statbuf.st_mode & S_IRWXO))) { #ifndef CIFS_ALLOW_USR_SUID /* Do not allow user mounts to control suid flag for mount unless explicitly built that way */ flags |= MS_NOSUID | MS_NODEV; #endif } else { printf("Mount error: Permission denied.\n"); return -1; } } else { printf("Mount error: You are not the superuser and mount.cifs\n" " is not installed SUID.\n"); return -1; } This will allow the mount as long as the user has read-write-execute permissions on the mount point (and issue a "permission denied" message if he doesn't. It will also issue a correct error message if the program is not installed SUID. If you intend to continue to require a non-root user to own the mount point, the error message should be replaced with one that correctly identifies the problem. In gnereal, I think the error messages need to be reworked. Many errors result in something like mount error 13 = operation not permitted Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); To make matters worse, the man page does not actually document what any of these error numbers mean. I found it a lot harder than it should have been to get this working, due largely to the uninformative error messages, especially the one referenced by this bug. If this were not open source software, so that I could look at the source and figure out what was really happening, I'm not sure I would have ever figured it out.0
Since this is acknowledged as a bug, and there is a clear fix as proposed by C. Russell Lehman, when is it planned for this bug fix to be rolled into a future release?
For the record, this bug is recorded in Debian BTS as well: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177584
Created attachment 3933 [details] Fix for DFS oops Let us know if this fixes it. Fix has been reviewed, and plan to push upstream to 2.6.29 if tests out ok
Steve, was that patch really meant for this bug? I don't think so. Can you give us an update on this one? I've hit the problem on Ubuntu Hardy, which admittedly isn't that recent, but it doesn't look like this was ever fixed.
This problem should now be fixed in current samba master branch. The default behavior when mount.cifs is installed setuid should now match that of /bin/mount itself. This shouldn't be taken as a recommendation to install mount.cifs setuid as it's not been given a proper security audit.
Closing this as fixed in mount.cifs in samba master branch. Please reopen if you find that it's still not working as expected.