User unable to umount
Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130530070505.gs13...@rail.eu.org
Re: User unable to umount
On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? You can use tools to mount and unmount as user, e.g. gvfs, something that I've got removed from my Linux. What's edited in fstab isn't mounted by the user. A regular mount and umount can only be done by root. I've written workarounds and never felt the need to write something better, to e.g. mount CDs, since it's easy to become root or to use sudo and than use regular Linux commands. [rocketmouse@archlinux ~]$ cat /usr/local/sbin/lmount #!/bin/sh # /usr/local/sbin/lmount case $1 in -r|-w) mkdir -p /mnt/$2 if [ -e /media/$2 ] ; then : else ln -s /mnt/$2 /media/$2 fi case $1 in -r) mount -rL$2 /mnt/$2;; -w) mount -wL$2 /mnt/$2 -o noatime;; esac ;; -u) umount $(blkid -L$2) rm /media/$2; rmdir /mnt/$2;; --help|-h) echo echo Usage of /usr/local/sbin/lmount echo echo mount read-only echo lmount -r label echo mount read/write noatime echo lmount -w label echo unmount echo lmount -u label echo ;; esac exit [rocketmouse@archlinux ~]$ cat /usr/local/bin/tmount #!/bin/sh # /usr/local/bin/tmount case $1 in --help|-h) echo echo Usage of /usr/local/bin/tmount echo echo mount read-only echo tmount -r label echo mount read/write noatime echo tmount -w label echo unmount echo tmount -u label echo; exit;; -u) gksudo lmount $*;; *) gksudo lmount $*; thunar /mnt/$2; gksudo lmount -u $2;; esac exit Regards, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369903837.3138.75.camel@archlinux
Re: User unable to umount
On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? You can use tools to mount and unmount as user, e.g. gvfs, something that I've got removed from my Linux. What's edited in fstab isn't mounted by the user. A regular mount and umount can only be done by root. That's what the user option in fstab is for. The fact here is to allow cifs authentication using kerberos credentials, thus the mount must be done by the user. And it works well, except for unmounting... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130530085904.ga4...@rail.eu.org
Re: User unable to umount
On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote: On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? You can use tools to mount and unmount as user, e.g. gvfs, something that I've got removed from my Linux. What's edited in fstab isn't mounted by the user. A regular mount and umount can only be done by root. That's what the user option in fstab is for. The fact here is to allow cifs authentication using kerberos credentials, thus the mount must be done by the user. And it works well, except for unmounting... I don't know this tool, but note, this tool seems to mount on a very low system level, while gvfs is a tool used with GUI file browsers. You shouldn't be allowed to simply unmount something on a low system level, when you're running a multi-user OS. I don't know what kind of security rules gvfs and what kind of rules this thingy here does use, but I suspect it's not that easy just to check, if a mounted dir is in use. Once it's mounted and a user has permission, e.g. by a group, to mount and use mounted dirs, then it could be, that a user planed to start a script in some minutes, that does need the mounted dir, so it wouldn't be ok, if another user is allowed to unmount this dir. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369906233.3138.85.camel@archlinux
Re: User unable to umount
On Thu, May 30, 2013 at 11:30:33AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote: On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? You can use tools to mount and unmount as user, e.g. gvfs, something that I've got removed from my Linux. What's edited in fstab isn't mounted by the user. A regular mount and umount can only be done by root. That's what the user option in fstab is for. The fact here is to allow cifs authentication using kerberos credentials, thus the mount must be done by the user. And it works well, except for unmounting... I don't know this tool, but note, this tool seems to mount on a very low system level, while gvfs is a tool used with GUI file browsers. You shouldn't be allowed to simply unmount something on a low system level, when you're running a multi-user OS. I don't know what kind of security rules gvfs and what kind of rules this thingy here does use, but I suspect it's not that easy just to check, if a mounted dir is in use. Once it's mounted and a user has permission, e.g. by a group, to mount and use mounted dirs, then it could be, that a user planed to start a script in some minutes, that does need the mounted dir, so it wouldn't be ok, if another user is allowed to unmount this dir. That's a standard Unix tool, and I think it is a posix behaviour. The settings must be in fstab with the specific user option. I do not use gvs (nor any g*) because of dependdencies and I do not trust it. As a grpahical tool I use smb4k, but it seems unable to do kerberos authentication nor automatically mount a mount point at start of session -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130530095006.gb4...@rail.eu.org
Re: User unable to umount
On 30/05/13 10:50, Erwan David wrote: On Thu, May 30, 2013 at 11:30:33AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote: On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf ralf.mard...@alice-dsl.net said: On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: Hi have following line in my /etc/fstab //server/dir /mnt/dir cifs defaults,user,noauto,sec=krb50 0 mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login. However umount /mnt/it leads to : umount: only root can unmount //server/dir from /mnt/dir There is no point to allowing user to mount but forbiding them yo umount the directory they mounted. DO someone have an idea on this problem, or should I report a bug against umount ? You can use tools to mount and unmount as user, e.g. gvfs, something that I've got removed from my Linux. What's edited in fstab isn't mounted by the user. A regular mount and umount can only be done by root. That's what the user option in fstab is for. The fact here is to allow cifs authentication using kerberos credentials, thus the mount must be done by the user. And it works well, except for unmounting... I don't know this tool, but note, this tool seems to mount on a very low system level, while gvfs is a tool used with GUI file browsers. You shouldn't be allowed to simply unmount something on a low system level, when you're running a multi-user OS. I don't know what kind of security rules gvfs and what kind of rules this thingy here does use, but I suspect it's not that easy just to check, if a mounted dir is in use. Once it's mounted and a user has permission, e.g. by a group, to mount and use mounted dirs, then it could be, that a user planed to start a script in some minutes, that does need the mounted dir, so it wouldn't be ok, if another user is allowed to unmount this dir. That's a standard Unix tool, and I think it is a posix behaviour. The settings must be in fstab with the specific user option. I do not use gvs (nor any g*) because of dependdencies and I do not trust it. As a grpahical tool I use smb4k, but it seems unable to do kerberos authentication nor automatically mount a mount point at start of session Erwan, although I don't have anything cifs set up, I do use the user option in fstab. And with both, local disc partitions (ext4) or NFS partitions, it works as you and I expect it to work: a user can mount and unmount those partitions. Just guessing now, but could your issues have something to do with the specifics of the cifs protocol? -- Klaus -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51a733d4.2050...@gmail.com
Re: User unable to umount
On Thu, 30 May 2013 11:50:06 +0200 Erwan David er...@rail.eu.org wrote: I do not use gvs (nor any g*) because of dependdencies and I do not trust it. As a grpahical tool I use smb4k, but it seems unable to do kerberos authentication nor automatically mount a mount point at start of session Hi. Looks like you've been hit by Debian bug #660431: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660431 Basically, umount.cifs and possibly other umount helpers are deliberately broken upstream to comply with some obscure systemd design oddity. A workaround seems to be: a) umount cifs filesystem b) remove symlink /etc/mtab c) create an empty file /etc/mtab d) mount cifs filesystem In my case I said 'screw this', and started using smbnetfs, which: a) Definitely can be used without root and /etc/fstab entries. b) Features automatic mounting and un-mounting cifs filesystems. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130531004425.c136ac82da106d8228445...@gmail.com