Bug 5113 - option 'user': mount point group permissions not considered
option 'user': mount point group permissions not considered
Product: CifsVFS
Classification: Unclassified
Component: user space tools
All All
: P3 minor
: ---
Assigned To: Jeff Layton
Depends on:
  Show dependency treegraph
Reported: 2007-11-30 05:42 UTC by Olav Seyfarth
Modified: 2012-04-06 11:01 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Olav Seyfarth 2007-11-30 05:42:36 UTC
If users are allowed to mount a certain share, the mountpoint directory's permissions are checked first. But mount.cifs only takes the USER file permissions into account. However, I had expected to be able to set things up in a way that one user (of a certain group) can mount a certain share and another (of the same group) can unmount it. Example scenario:

# ls -l /sbin/mount.cifs
-rwsr-sr-x 1 root root 20440 2007-05-30 11:54 /sbin/mount.cifs

# ls -ld /mountpoint
drwxrwx--- 2 root usergrp 48 2007-11-29 12:00 mountpoint

# grep someuser /etc/passwd

# grep somegroup /etc/group

# grep mountpoint /etc/fstab
//server/share /mountpoint cifs noauto,users 0 0

As far as I understand geteuid(), group permissions aren't checked at all:

	if((getuid() != 0) && (geteuid() == 0)) {
		if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {
			/* Do not allow user mounts to control suid flag
			for mount unless explicitly built that way */
			flags |= MS_NOSUID | MS_NODEV;
		} else {
			printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); 
			return -1;

The same issue applies for Samba4, too:
	if(geteuid()) {
		printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); 
		return -1;
Comment 1 Shirish S. Pargaonkar 2009-08-27 05:34:33 UTC
I just did so using mount.cifs version 1.13-3.4.0-GIT-84eced1-devel
and it worked fine where user trying to mount the share belongs to
a group (gid) of the mount point.
(had the entry in /etc/fstab)

Are you not able to do this?
Comment 2 Shirish S. Pargaonkar 2009-08-27 05:49:03 UTC
Need more work.  I as an user (non-root), I could mount a share on a
directory to which as an user, I do not have permissions.
Comment 3 Shirish S. Pargaonkar 2009-08-27 09:16:34 UTC
As an user, when mount.cifs with running with suid (of root), you have
access to  everything, I do not think mount.cifs should check for user
and group permission of real user id.

I think existing behaviour of mount.cifs when suid bit is set,
is correct behaviour.
Comment 4 Shirish S. Pargaonkar 2009-08-27 09:31:29 UTC
And you mount a share on a mount point as a root, ownerships and mode of
the mount point does not matter.
Comment 5 Jeff Layton 2012-04-06 11:01:07 UTC
This bug is probably not valid any more. mount.cifs now (for the most part)
follows the convention set forth in the mount(8) manpage. See the section
there on "The non-superuser mounts."

In particular:

"Only the user  that  mounted  a filesystem  can unmount it again."

I'll go ahead and close this as INVALID. Please reopen if you want to discuss