HPE Community
Operating System - Linux
1755984 Members
4116 Online
108839 Solutions
New Discussion юеВ

Re: mount: only root can do that - why ?

 
SOLVED
Go to solution
Maaz
Valued Contributor

тАО07-27-2009 10:35 PM

тАО07-27-2009 10:35 PM

mount: only root can do that - why ?

# ls -l /bin/mount
-rwsr-xr-x 1 root root 330028 2008-04-22 05:56 /bin/mount

sticky bit is set on 'mount', and others has 'r-x' permission on 'mount' command.. i.e anyone can run 'mount' with root privilidges

but
# su - test
test@ins01:~> mount /dev/sda7 /mnt
mount: only root can do that

permission wise /bin/mount and /usr/bin/passwd are equivalent
-rwsr-xr-x 1 root shadow 73300 2007-05-04 17:30 /usr/bin/passwd
and any user can run 'passwd' command, so why not 'mount' ?
0 Kudos
Reply
9 REPLIES 9
Goran┬аKoruga
Honored Contributor

тАО07-27-2009 11:06 PM

тАО07-27-2009 11:06 PM

Re: mount: only root can do that - why ?

Hi.

You need to allow normal users to mount it in fstab file - see man fstab.

Regards,
Goran
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО07-27-2009 11:52 PM

тАО07-27-2009 11:52 PM

Solution

Re: mount: only root can do that - why ?

Any user can run the "passwd" command too, but a non-root user can only change his/her own passwords, not anyone else's.

A non-root user running a "setuid root" program has root privileges, but is otherwise not a true "root user". A program can tell the difference if necessary.

The message "mount: only root can do that" comes from the mount command itself: it allows non-root users to only mount and unmount those filesystems that have the special mount option "user" in the /etc/fstab file. In effect, the non-root users can only run mount operations that have been pre-approved by root.

If root configures the /etc/fstab to include the line:

/dev/sda7 /mnt ext3 user,noauto 0 0

then a non-root user could mount the filesystem with either "mount /dev/sda7" or "mount /mnt".

The full form "mount /dev/sda7 /mnt" will still be restricted to root user only, because it implies overriding any mount options specified in the /etc/fstab file.

MK
MK
Reply
Maaz
Valued Contributor

тАО07-28-2009 01:33 AM

тАО07-28-2009 01:33 AM

Re: mount: only root can do that - why ?

Thanks Goran Koruga for help

and Thanks for very nice help and explanation Dear Mr Matti Kurkela.

Regards
Maaz
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО07-28-2009 04:04 AM

тАО07-28-2009 04:04 AM

Re: mount: only root can do that - why ?

Shalom,

Maaz, you can if you choose give sudo permissions to let people run mount command.

passwd has no choice to to let users run it because in theory the user needs to be able to update authentication information.

root only running mounts is in theory because the root user should control who does the mounts, what is mounted and what the name of the mount points are.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Matti_Kurkela
Honored Contributor

тАО07-28-2009 04:47 AM

тАО07-28-2009 04:47 AM

Re: mount: only root can do that - why ?

I agree with SEP that sudo is the recommended solution if a non-root user must be able to mount "anything anywhere".

But if the requirement is to mount a USB storage device into a convenient location, most modern Linux distributions have specific tools for that. For example "pmount" (policy mount) allows ordinary users to mount removable media (USB sticks and disks, Firewire disks, MMC cards) to /media/DEVICENAME or /media/VOLUMELABEL with no specific configuration in advance. In Debian, the use of pmount is restricted to the members of "plugdev" group.

See what your Linux distribution has to offer, read its documentation, then use it if it's useful.

MK
MK
0 Kudos
Reply
Nuwan Alwis
Valued Contributor

тАО07-28-2009 07:21 PM

тАО07-28-2009 07:21 PM

Re: mount: only root can do that - why ?

All of the above gurus are correct about your question.
What i just have to say is, This is security feature designed on linux.
In Simple,
No one else would be copy out or in large chunk of data with out administrators help.

But if as correctly said setting up sudo or else udev also will help you to override this

Good Luck...!
0 Kudos
Reply
Mike Stroyan
Honored Contributor

тАО07-30-2009 10:05 AM

тАО07-30-2009 10:05 AM

Re: mount: only root can do that - why ?

The really serious security aspect of mounting is that a user with the ability to mount with arbitrary arguments can escalate to full root privileges. The ability to mount a file system over a trusted path or mount a filesystem containing setuid executables or device files is an easy path to root privilege. The mount options in fstab can be set to use nosuid and nodev and a specific mount point.
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО08-03-2009 01:10 AM

тАО08-03-2009 01:10 AM

Re: mount: only root can do that - why ?

i'm with all the others who say that regular users should not mount filesystems (of any type) using mount. this is a security feature and best left as it is.

if you need this, which is strange, because why would fs' need to be mounted/unmounted by users? you should rethink your procedures/setup/whatever to avoid this dependency.
0 Kudos
Reply
Sajith741
New Member

тАО08-11-2009 07:35 PM

тАО08-11-2009 07:35 PM

Re: mount: only root can do that - why ?

Yes, please do not offer sudo privs to all users on the system as they would be able to mount random disks at will - but if you want specific media to be mounted by user like cdrom; just add 'user, auto' in /etc/fstab for these entries.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.