If users are allowed to mount a certain share, the mountpoint directory's permissions are checked first. But mount.cifs only takes the USER file permissions into account. However, I had expected to be able to set things up in a way that one user (of a certain group) can mount a certain share and another (of the same group) can unmount it. Example scenario: # ls -l /sbin/mount.cifs -rwsr-sr-x 1 root root 20440 2007-05-30 11:54 /sbin/mount.cifs # ls -ld /mountpoint drwxrwx--- 2 root usergrp 48 2007-11-29 12:00 mountpoint # grep someuser /etc/passwd someuser:x:1000:2000::/home/someuser:/bin/bash # grep somegroup /etc/group somegroup:x:2000: # grep mountpoint /etc/fstab //server/share /mountpoint cifs noauto,users 0 0 As far as I understand geteuid(), group permissions aren't checked at all: http://samba.org/ftp/unpacked/samba_3_2_stable/source/client/mount.cifs.c: ... if((getuid() != 0) && (geteuid() == 0)) { if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { #ifndef CIFS_ALLOW_USR_SUID /* Do not allow user mounts to control suid flag for mount unless explicitly built that way */ flags |= MS_NOSUID | MS_NODEV; #endif } else { printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); return -1; } } ... The same issue applies for Samba4, too: http://samba.org/ftp/unpacked/samba4/source/client/mount.cifs.c ... if(geteuid()) { printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); return -1; } ...
I just did so using mount.cifs version 1.13-3.4.0-GIT-84eced1-devel and it worked fine where user trying to mount the share belongs to a group (gid) of the mount point. (had the entry in /etc/fstab) Are you not able to do this?
Need more work. I as an user (non-root), I could mount a share on a directory to which as an user, I do not have permissions.
As an user, when mount.cifs with running with suid (of root), you have access to everything, I do not think mount.cifs should check for user and group permission of real user id. I think existing behaviour of mount.cifs when suid bit is set, is correct behaviour.
And you mount a share on a mount point as a root, ownerships and mode of the mount point does not matter.
This bug is probably not valid any more. mount.cifs now (for the most part) follows the convention set forth in the mount(8) manpage. See the section there on "The non-superuser mounts." In particular: "Only the user that mounted a filesystem can unmount it again." I'll go ahead and close this as INVALID. Please reopen if you want to discuss further.