Why 'mount' utils nees a setuid bit?

As we all known , in most case , 'mount ' can only be used by root .

But why does it needs a setuid bit by default ?

Can a common user use 'mount' program successfully ?

What changes must be made in a system without sudo utils .

xi4oyu <Evil.xi4oyu@gmail.com> wrote:

> As we all known , in most case , 'mount ' can only be used by root .

Wrong.


> But why does it needs a setuid bit by default ?
>
> Can a common user use 'mount' program successfully ?

Yes. A regular user can mount entries in /etc/fstab with the 'user' or
'users' option set.


> What changes must be made in a system without sudo utils .

None. Write a proper filesystem table in /etc/fstab.


Regards,
Ertugrul.


--
http://ertes.de/

xi4oyu <Evil.xi4oyu@gmail.com> writes:

>As we all known , in most case , 'mount ' can only be used by root .

>But why does it needs a setuid bit by default ?

>Can a common user use 'mount' program successfully ?

Yes. If you let him. That is what the users option in /etc/fstab lines are
about.

>What changes must be made in a system without sudo utils .

???? Install the sudo utilities?

Ertugrul Söylemez wrote:

>> As we all known , in most case , 'mount ' can only be used by root .
>
> Wrong.

Actually, the mount(2) manual page confirms the OP's statement:
(from mount(2) on a Linux system; other systems may vary)

Only the super-user may mount and unmount filesystems.

However ...

> .... A regular user can mount entries in /etc/fstab with the 'user'
> or 'users' option set.

.... if said regular user is able to run "mount" with super-user
privileges, thus the setuid bit on the mount(8) binary.

>> What changes must be made in a system without sudo utils .
>
> None. Write a proper filesystem table in /etc/fstab.

agreed ...

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

Sylvain Robitaille <syl@alcor.concordia.ca> wrote:

> >> As we all known , in most case , 'mount ' can only be used by root
> >> .
> >
> > Wrong.
>
> Actually, the mount(2) manual page confirms the OP's statement: (from
> mount(2) on a Linux system; other systems may vary)
>
> Only the super-user may mount and unmount filesystems.

Pay closer attention. You're confusing the syscall mount(2) with the
command line utility mount(8). For the syscall, the statement is true,
because it can only be used by processes with effective user-id 0
(i.e. root), or with proper capabilities. This is, what the SetUID bit
is good for.


Regards,
Ertugrul.


--
http://ertes.de/

well , there exists some differents to mount a filesytem if you are a
normal user.
Even if root has added user options in /etc/fstab , user then can
mount the filesytem . But it seems that the setuid program in the
newly mounted FS doesn't a truley setuid program , Even you use ls -
l ,the result like :

[test@localhost mnt]$ ls -l
total 52
-rwsr-sr-x 1 root root 38468 Apr 17 15:47 chmod
drwx------ 2 root root 12288 Apr 17 15:42 lost+found

but the chmod can't turely take efforts on the root's file :p

The OS must be designed to take care of this secure issue.

Ertugrul Söylemez wrote:

>> Actually, the mount(2) manual page confirms the OP's statement: (from
>> mount(2) on a Linux system; other systems may vary)
>>
>> Only the super-user may mount and unmount filesystems.
>
> Pay closer attention. You're confusing the syscall mount(2) with the
> command line utility mount(8).

I'm not. I made a point of clarifying that I was referring to the
system call's manual page. How do you suppose that mount(8)
accomplishes the task of actually mounting a filesystem? It calls
mount(2), which requires euid==0.

> For the syscall, the statement is true, because it can only be used by
> processes with effective user-id 0 (i.e. root), or with proper
> capabilities. This is, what the SetUID bit is good for.

My point exactly, and the answer to the OP's question.

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

In article <aec45dd5-0f90-4eaa-b08b-9e692fcd2b76@e67g2000hsa.googlegroups.com>,
xi4oyu <Evil.xi4oyu@gmail.com> writes:
>well , there exists some differents to mount a filesytem if you are a
>normal user.
>Even if root has added user options in /etc/fstab , user then can
>mount the filesytem . But it seems that the setuid program in the
>newly mounted FS doesn't a truley setuid program , Even you use ls -
>l ,the result like :
>
>[test@localhost mnt]$ ls -l
>total 52
>-rwsr-sr-x 1 root root 38468 Apr 17 15:47 chmod
>drwx------ 2 root root 12288 Apr 17 15:42 lost+found
>
>but the chmod can't turely take efforts on the root's file :p
>
>The OS must be designed to take care of this secure issue.

That's a different issue than why mount needs setuid.

It's reasonably common to ignore setuid on user-mounted
file systems and/or NFS mounted systems. It's a security
issue. setuid would allow anybody who could do a user-mount
to take over the system. (All they would need is a setuid script
that started a shell. Poof, you are root.)

--
These are my opinions, not necessarily my employer's. I hate spam.

xi4oyu wrote:
> As we all known , in most case , 'mount ' can only be used by root .
>
> But why does it needs a setuid bit by default ?
>
> Can a common user use 'mount' program successfully ?
>
> What changes must be made in a system without sudo utils .

Linux is a multi-user system. Devices can be used by
more than one user. So who gets to own the rights to
perform the operation?

Now... with that said, there could be a day when a
non-root user (but system wide user) is the "owner"
of the privs for doing a mount, but there will always
be some kind of system wide policeman. And it is
a policeman in that you can certainly have root
(for example) do an operation on your behalf (thus
the setuid bit) and allow a normal user to seemingly
perform a privileged operation.

Another possible alternative is to have user owned
devices... that is, a disk or partition that belongs
exclusively to me (nobody else can mount or manipulate
it). But again, devices in general are not so
personalized (but it is possible, I'm not talking
about just the "owner" option).

To answer your question about allowing a user to
mount (delegation of privs by the setuid root mount
program) see the "user", "owner", "group" options (man mount).
However, mount must maintain the setuid bit to allow
this (sorry).