Bug 5113 - option 'user': mount point group permissions not considered
Summary: option 'user': mount point group permissions not considered
Status: RESOLVED INVALID
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 2.6
Hardware: All All
: P3 minor
Target Milestone: ---
Assignee: Jeff Layton
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-30 05:42 UTC by Olav Seyfarth
Modified: 2012-04-06 11:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Olav Seyfarth 2007-11-30 05:42:36 UTC
If users are allowed to mount a certain share, the mountpoint directory's permissions are checked first. But mount.cifs only takes the USER file permissions into account. However, I had expected to be able to set things up in a way that one user (of a certain group) can mount a certain share and another (of the same group) can unmount it. Example scenario:

# ls -l /sbin/mount.cifs
-rwsr-sr-x 1 root root 20440 2007-05-30 11:54 /sbin/mount.cifs

# ls -ld /mountpoint
drwxrwx--- 2 root usergrp 48 2007-11-29 12:00 mountpoint

# grep someuser /etc/passwd
someuser:x:1000:2000::/home/someuser:/bin/bash

# grep somegroup /etc/group
somegroup:x:2000:

# grep mountpoint /etc/fstab
//server/share /mountpoint cifs noauto,users 0 0

As far as I understand geteuid(), group permissions aren't checked at all:

http://samba.org/ftp/unpacked/samba_3_2_stable/source/client/mount.cifs.c:
...
	if((getuid() != 0) && (geteuid() == 0)) {
		if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {
#ifndef CIFS_ALLOW_USR_SUID
			/* Do not allow user mounts to control suid flag
			for mount unless explicitly built that way */
			flags |= MS_NOSUID | MS_NODEV;
#endif						
		} else {
			printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); 
			return -1;
		}
	}
...

The same issue applies for Samba4, too:
http://samba.org/ftp/unpacked/samba4/source/client/mount.cifs.c
...
	if(geteuid()) {
		printf("mount error: permission denied, not superuser and cifs.mount not installed SUID\n"); 
		return -1;
	}
...
Comment 1 shirishpargaonkar@gmail.com 2009-08-27 05:34:33 UTC
I just did so using mount.cifs version 1.13-3.4.0-GIT-84eced1-devel
and it worked fine where user trying to mount the share belongs to
a group (gid) of the mount point.
(had the entry in /etc/fstab)

Are you not able to do this?
Comment 2 shirishpargaonkar@gmail.com 2009-08-27 05:49:03 UTC
Need more work.  I as an user (non-root), I could mount a share on a
directory to which as an user, I do not have permissions.
Comment 3 shirishpargaonkar@gmail.com 2009-08-27 09:16:34 UTC
As an user, when mount.cifs with running with suid (of root), you have
access to  everything, I do not think mount.cifs should check for user
and group permission of real user id.

I think existing behaviour of mount.cifs when suid bit is set,
is correct behaviour.
Comment 4 shirishpargaonkar@gmail.com 2009-08-27 09:31:29 UTC
And you mount a share on a mount point as a root, ownerships and mode of
the mount point does not matter.
Comment 5 Jeff Layton 2012-04-06 11:01:07 UTC
This bug is probably not valid any more. mount.cifs now (for the most part)
follows the convention set forth in the mount(8) manpage. See the section
there on "The non-superuser mounts."

In particular:

"Only the user  that  mounted  a filesystem  can unmount it again."

I'll go ahead and close this as INVALID. Please reopen if you want to discuss
further.