Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

mount: only root can do that - why ?

Go to solution
Valued Contributor

mount: only root can do that - why ?

# ls -l /bin/mount
-rwsr-xr-x 1 root root 330028 2008-04-22 05:56 /bin/mount

sticky bit is set on 'mount', and others has 'r-x' permission on 'mount' command.. i.e anyone can run 'mount' with root privilidges

# su - test
test@ins01:~> mount /dev/sda7 /mnt
mount: only root can do that

permission wise /bin/mount and /usr/bin/passwd are equivalent
-rwsr-xr-x 1 root shadow 73300 2007-05-04 17:30 /usr/bin/passwd
and any user can run 'passwd' command, so why not 'mount' ?
Goran Koruga
Honored Contributor

Re: mount: only root can do that - why ?


You need to allow normal users to mount it in fstab file - see man fstab.

Honored Contributor

Re: mount: only root can do that - why ?

Any user can run the "passwd" command too, but a non-root user can only change his/her own passwords, not anyone else's.

A non-root user running a "setuid root" program has root privileges, but is otherwise not a true "root user". A program can tell the difference if necessary.

The message "mount: only root can do that" comes from the mount command itself: it allows non-root users to only mount and unmount those filesystems that have the special mount option "user" in the /etc/fstab file. In effect, the non-root users can only run mount operations that have been pre-approved by root.

If root configures the /etc/fstab to include the line:

/dev/sda7 /mnt ext3 user,noauto 0 0

then a non-root user could mount the filesystem with either "mount /dev/sda7" or "mount /mnt".

The full form "mount /dev/sda7 /mnt" will still be restricted to root user only, because it implies overriding any mount options specified in the /etc/fstab file.

Valued Contributor

Re: mount: only root can do that - why ?

Thanks Goran Koruga for help

and Thanks for very nice help and explanation Dear Mr Matti Kurkela.

Steven E. Protter
Exalted Contributor

Re: mount: only root can do that - why ?


Maaz, you can if you choose give sudo permissions to let people run mount command.

passwd has no choice to to let users run it because in theory the user needs to be able to update authentication information.

root only running mounts is in theory because the root user should control who does the mounts, what is mounted and what the name of the mount points are.

Steven E Protter
Owner of ISN Corporation
Honored Contributor

Re: mount: only root can do that - why ?

I agree with SEP that sudo is the recommended solution if a non-root user must be able to mount "anything anywhere".

But if the requirement is to mount a USB storage device into a convenient location, most modern Linux distributions have specific tools for that. For example "pmount" (policy mount) allows ordinary users to mount removable media (USB sticks and disks, Firewire disks, MMC cards) to /media/DEVICENAME or /media/VOLUMELABEL with no specific configuration in advance. In Debian, the use of pmount is restricted to the members of "plugdev" group.

See what your Linux distribution has to offer, read its documentation, then use it if it's useful.

Nuwan Alwis
Valued Contributor

Re: mount: only root can do that - why ?

All of the above gurus are correct about your question.
What i just have to say is, This is security feature designed on linux.
In Simple,
No one else would be copy out or in large chunk of data with out administrators help.

But if as correctly said setting up sudo or else udev also will help you to override this

Good Luck...!
Mike Stroyan
Honored Contributor

Re: mount: only root can do that - why ?

The really serious security aspect of mounting is that a user with the ability to mount with arbitrary arguments can escalate to full root privileges. The ability to mount a file system over a trusted path or mount a filesystem containing setuid executables or device files is an easy path to root privilege. The mount options in fstab can be set to use nosuid and nodev and a specific mount point.
dirk dierickx
Honored Contributor

Re: mount: only root can do that - why ?

i'm with all the others who say that regular users should not mount filesystems (of any type) using mount. this is a security feature and best left as it is.

if you need this, which is strange, because why would fs' need to be mounted/unmounted by users? you should rethink your procedures/setup/whatever to avoid this dependency.
Occasional Visitor

Re: mount: only root can do that - why ?

Yes, please do not offer sudo privs to all users on the system as they would be able to mount random disks at will - but if you want specific media to be mounted by user like cdrom; just add 'user, auto' in /etc/fstab for these entries.