HPE Community
Operating System - Linux
1757015 Members
2172 Online
108858 Solutions
New Discussion юеВ

allow all users to mount on / drive

 
iinfi1
Super Advisor

тАО02-17-2009 10:03 PM

тАО02-17-2009 10:03 PM

allow all users to mount on / drive

hi all
i have a few questions. would be great if someone could throw some light on these.
1. Is it possible to allow all users to mount on the / directory. or better still mount on a specific directory say /mount which i may create.
2. Is it possible to run a script as a root user upon user logon. if yes how can i do it.
0 Kudos
Reply
9 REPLIES 9
Keith Matthews
New Member

тАО02-18-2009 12:35 AM

тАО02-18-2009 12:35 AM

Re: allow all users to mount on / drive

1. Yes it is possible, but you are almost certainly setting up a situation where any of your users can make any change they want to the system - do NOT go there unless you are prepared to trust your users with your life.

Traditional Unix uses /mnt for this purpose, most modern versions of Linux use /media (although this is really intended for exchangeable media - you don't say what sort of media you want to mount). One of those will probably already exist on your system.

On many versions of Linux automount will do what you want for CD's etc.

For more specific advice you'll need to give more information.

2. What sort of script ? can the user edit it?

If the answer to the second question is yes then think very seriously about the security consequences before going any further.

Again a bit more information would help us give good advice.
0 Kudos
Reply
avizen9
Esteemed Contributor

тАО02-18-2009 01:07 AM

тАО02-18-2009 01:07 AM

Re: allow all users to mount on / drive

HI,
what purpose you would like to allow /(root) mount to all users?
do you aware about sudo access?
its not Advisable to give access to all users in /(root)
0 Kudos
Reply
iinfi1
Super Advisor

тАО02-18-2009 01:26 AM

тАО02-18-2009 01:26 AM

Re: allow all users to mount on / drive

well the situation is like this.

part of it mite be explained in this thread
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1308730

i will go over it again in brief.
we have around 300 desktop users migrating from windows to linux desktops. in the existing scenario the users are authenticated from windows AD and drives on the fileserver mapped with windows AD logon scripts like these
NET USE G: \\172.16.2.2\FINANCE
NET USE G: \\172.16.2.2\AUDIT

now when they move to linux their authentication part works fine for me,
but mapping of shared drives on the fileserver cannot be centrally managed like it is in Windows.
in linux you will need to edit either the fstab or pam_mount file on the linux workstation which literally keeps user stuck to his workstation.

what intend to do is to create a symbolic link on the /etc/security directory for the pam_mount.conf pointing to /mount directory and mounting the /mount directory from the fstab so that the pam_mount.conf file is present on the windows server and the drives to be mapped to the user is managed from the windows server and not the linux workstation.
so the pam_mount.conf file is present on the server not the client manchine.

i dont know whether this work but i still want to try it. so first step is allow user to mount to a common drive other than his home dir.

i know its not 100% clear to you. still :|
0 Kudos
Reply
Keith Matthews
New Member

тАО02-18-2009 04:39 AM

тАО02-18-2009 04:39 AM

Re: allow all users to mount on / drive

OK, a few points come to mind.

What's usually done for things like this is to NFS mount the user's home directory as part of the login process. Works fine in a Kerberos controlled environment (e.g. AD) and has all of the user-dependent stuff held in the directory.

I have seen it done, but for the life of me can't remember exactly how nor can I remember a suitable URL for advice. ISTR that the example I saw was using RH so that would have been pam compatible.

I would have thought it possible to extend that to do what you want in some way, but it might not be exactly as you currently envisage.

It will require the use of a Kerberos-enabled login package, but I think RH has that anyway - it's not a distro I use these days.
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО02-18-2009 04:47 AM

тАО02-18-2009 04:47 AM

Re: allow all users to mount on / drive

>>> 1. Is it possible to allow all users to mount on the / directory. or better still mount on a specific directory say /mount which i may create.

Just add the user option in /etc/fstab for that mount point.


>>> 2. Is it possible to run a script as a root user upon user logon. if yes how can i do it.

├В┬┐Do you really need to run a script as root at logint? SUDO and /etc/profile may help.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Mike Stroyan
Honored Contributor

тАО02-19-2009 08:57 AM

тАО02-19-2009 08:57 AM

Re: allow all users to mount on / drive

autofs could give the easy mounting of shares that you are looking for. Have a look at http://www.howtoforge.com/accessing_windows_or_samba_shares_using_autofs
(autofs can work with NFS as well as samba/windows.)

autofs can be configured to use centrally managed configurations with LDAP or NIS+ or
kerberos/AD.

The connection that you make between authentication and mounting of shares gives me a vague impression that you may be thinking in terms of having only one user authenticated on a system at one time. With linux systems you should always think in terms of having multiple users authenticated at the same time. So mounting of shares should be independent of authentication and gaining permission to access files under those mount points.
0 Kudos
Reply
iinfi1
Super Advisor

тАО02-19-2009 11:09 AM

тАО02-19-2009 11:09 AM

Re: allow all users to mount on / drive

thanks for your reply.

pardon my ignorance. i had checked autofs before as well, but didnt implement it as it didnt seem to help me the way i need it to.

i feel it mite well mount shares from windows fileserver with permissions set on the windows ad, but it would not allow the system admin to manage stuff centrally. meaning, if i need an additional drive mapped on my system i will need to call the system admin and he will have to ssh into my system and change the auto.master file. isnt that right?
additionally if user b sits in user a's machine for a day or two, he will have to ask the system admin to copy the auto.master file into his new system.

this is not feasible for an admin managing 300+ users.
am i missing anything here??
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО02-19-2009 11:52 AM

тАО02-19-2009 11:52 AM

Re: allow all users to mount on / drive

Shalom,

1. Possible. Insane violation of security practices. Excellent way to fail a SOX or security aduit.

2. Yes with sudo. But do it quickly. This system is likely to be compromised causing the administrator to be in need of new employement.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
iinfi1
Super Advisor

тАО02-19-2009 09:12 PM

тАО02-19-2009 09:12 PM

Re: allow all users to mount on / drive

i take criticism in the right spirit.
thanks for your post.

Mike Stroyan said "autofs can be configured to use centrally managed configurations with LDAP or NIS+ or kerberos/AD."

i am not able to understand with the howtoforge article about how autofs can be configured to use centrally managed configurations with kerberos AD
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.