topic Re: mount: only root can do that - why ? in Operating System - Linux

mount: only root can do that - why ?

Maaz — Tue, 28 Jul 2009 05:35:53 GMT

# ls -l /bin/mount
-rwsr-xr-x 1 root root 330028 2008-04-22 05:56 /bin/mount

sticky bit is set on 'mount', and others has 'r-x' permission on 'mount' command.. i.e anyone can run 'mount' with root privilidges

but
# su - test
test@ins01:~> mount /dev/sda7 /mnt
mount: only root can do that

permission wise /bin/mount and /usr/bin/passwd are equivalent
-rwsr-xr-x 1 root shadow 73300 2007-05-04 17:30 /usr/bin/passwd
and any user can run 'passwd' command, so why not 'mount' ?

Re: mount: only root can do that - why ?

Goran Koruga — Tue, 28 Jul 2009 06:06:43 GMT

Hi.

You need to allow normal users to mount it in fstab file - see man fstab.

Regards,
Goran

Re: mount: only root can do that - why ?

Matti_Kurkela — Tue, 28 Jul 2009 06:52:00 GMT

Any user can run the "passwd" command too, but a non-root user can only change his/her own passwords, not anyone else's.

A non-root user running a "setuid root" program has root privileges, but is otherwise not a true "root user". A program can tell the difference if necessary.

The message "mount: only root can do that" comes from the mount command itself: it allows non-root users to only mount and unmount those filesystems that have the special mount option "user" in the /etc/fstab file. In effect, the non-root users can only run mount operations that have been pre-approved by root.

If root configures the /etc/fstab to include the line:

/dev/sda7 /mnt ext3 user,noauto 0 0

then a non-root user could mount the filesystem with either "mount /dev/sda7" or "mount /mnt".

The full form "mount /dev/sda7 /mnt" will still be restricted to root user only, because it implies overriding any mount options specified in the /etc/fstab file.

MK

Re: mount: only root can do that - why ?

Maaz — Tue, 28 Jul 2009 08:33:50 GMT

Thanks Goran Koruga for help

and Thanks for very nice help and explanation Dear Mr Matti Kurkela.

Regards
Maaz

Re: mount: only root can do that - why ?

Steven E. Protter — Tue, 28 Jul 2009 11:04:22 GMT

Shalom,

Maaz, you can if you choose give sudo permissions to let people run mount command.

passwd has no choice to to let users run it because in theory the user needs to be able to update authentication information.

root only running mounts is in theory because the root user should control who does the mounts, what is mounted and what the name of the mount points are.

SEP

Re: mount: only root can do that - why ?

Matti_Kurkela — Tue, 28 Jul 2009 11:47:05 GMT

I agree with SEP that sudo is the recommended solution if a non-root user must be able to mount "anything anywhere".

But if the requirement is to mount a USB storage device into a convenient location, most modern Linux distributions have specific tools for that. For example "pmount" (policy mount) allows ordinary users to mount removable media (USB sticks and disks, Firewire disks, MMC cards) to /media/DEVICENAME or /media/VOLUMELABEL with no specific configuration in advance. In Debian, the use of pmount is restricted to the members of "plugdev" group.

See what your Linux distribution has to offer, read its documentation, then use it if it's useful.

MK

Re: mount: only root can do that - why ?

Nuwan Alwis — Wed, 29 Jul 2009 02:21:34 GMT

All of the above gurus are correct about your question.
What i just have to say is, This is security feature designed on linux.
In Simple,
No one else would be copy out or in large chunk of data with out administrators help.

But if as correctly said setting up sudo or else udev also will help you to override this

Good Luck...!

Re: mount: only root can do that - why ?

Mike Stroyan — Thu, 30 Jul 2009 17:05:27 GMT

The really serious security aspect of mounting is that a user with the ability to mount with arbitrary arguments can escalate to full root privileges. The ability to mount a file system over a trusted path or mount a filesystem containing setuid executables or device files is an easy path to root privilege. The mount options in fstab can be set to use nosuid and nodev and a specific mount point.

Re: mount: only root can do that - why ?

dirk dierickx — Mon, 03 Aug 2009 08:10:04 GMT

i'm with all the others who say that regular users should not mount filesystems (of any type) using mount. this is a security feature and best left as it is.

if you need this, which is strange, because why would fs' need to be mounted/unmounted by users? you should rethink your procedures/setup/whatever to avoid this dependency.

Re: mount: only root can do that - why ?

Sajith741 — Wed, 12 Aug 2009 02:35:24 GMT

Yes, please do not offer sudo privs to all users on the system as they would be able to mount random disks at will - but if you want specific media to be mounted by user like cdrom; just add 'user, auto' in /etc/fstab for these entries.