Bug#177584: marked as done (smbmount: needs write permission on mounted point)
On Fri, 2006-01-27 at 18:20 +0100, Christian Perrier wrote: Quoting Peter Eisentraut ([EMAIL PROTECTED]): Am Donnerstag, 26. Januar 2006 17:50 schrieb Christian Perrier: Should it then be tagged upstream wontfix and voilà? Are the upstream developers aware of the issue? Maybe or maybe not...but my understanding is that all code related to smbfs is not actively maintained. Am I wrong in some way? Being in the Samba tree, it is more maintained than the in-kernel portions. But I agree with 'upstream, wontfix', because I am very hesitant to change the very long-term established behaviour of this setuid binary. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
Am Donnerstag, 26. Januar 2006 17:50 schrieb Christian Perrier: Should it then be tagged upstream wontfix and voilà? Are the upstream developers aware of the issue?
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
Quoting Peter Eisentraut ([EMAIL PROTECTED]): Am Donnerstag, 26. Januar 2006 17:50 schrieb Christian Perrier: Should it then be tagged upstream wontfix and voilà? Are the upstream developers aware of the issue? Maybe or maybe not...but my understanding is that all code related to smbfs is not actively maintained. Am I wrong in some way? --
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
Steve Langasek wrote: But an ill-designed one; refusing to allow mounting over a directory that you own but don't currently have write access to, when other filesystems have no such requirement, is unnecessarily inconsistent. What is this inconsistent with? If you own a directory but don't have write permission, you cannot write into it: $ mkdir test $ chmod a-w test $ echo test test/test bash: test/test: Permission denied By that same idea, smbmnt disallows altering the directory contents by mounting over it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
On Thu, Jan 26, 2006 at 11:00:40AM +0100, Peter Eisentraut wrote: Steve Langasek wrote: But an ill-designed one; refusing to allow mounting over a directory that you own but don't currently have write access to, when other filesystems have no such requirement, is unnecessarily inconsistent. What is this inconsistent with? *all other uses of mount*? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
Steve Langasek wrote: On Thu, Jan 26, 2006 at 11:00:40AM +0100, Peter Eisentraut wrote: Steve Langasek wrote: But an ill-designed one; refusing to allow mounting over a directory that you own but don't currently have write access to, when other filesystems have no such requirement, is unnecessarily inconsistent. What is this inconsistent with? *all other uses of mount*? All other uses of mount are done as root, and this feature only applies to smbmnt being run as non-root user. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
On Thu, Jan 26, 2006 at 11:19:55AM +0100, Peter Eisentraut wrote: Steve Langasek wrote: On Thu, Jan 26, 2006 at 11:00:40AM +0100, Peter Eisentraut wrote: Steve Langasek wrote: But an ill-designed one; refusing to allow mounting over a directory that you own but don't currently have write access to, when other filesystems have no such requirement, is unnecessarily inconsistent. What is this inconsistent with? *all other uses of mount*? All other uses of mount are done as root, and this feature only applies to smbmnt being run as non-root user. No, they are not. User mounts are a well-established concept, and smbmnt behaves inconsistently with respect to them. $ id uid=1000(vorlon) gid=1000(vorlon) groups=5(tty),24(cdrom),29(audio),40(src),44(video),50(staff),1000(vorlon),2001(peripherals) $ grep mnt/test1 /etc/fstab /dev/hda5 /mnt/test1 ext3noauto,user 0 0 $ ls -ld /mnt/test1 drwxr-xr-x 2 root root 6 2006-01-26 02:28 /mnt/test1/ $ mount /mnt/test1 $ mount | grep test1 /dev/ide/host0/bus0/target0/lun0/part5 on /mnt/test1 type ext3 (rw,noexec,nosuid,nodev,user=vorlon) $ umount /mnt/test1 $ grep mnt/test2 /etc/fstab //maury/pub /mnt/test2 smb username=vorlon,user,noauto 0 0 $ ls -ld /mnt/test2 drwxr-xr-x 2 root root 6 2006-01-26 02:33 /mnt/test2/ $ mount /mnt/test2 added interface ip=192.168.13.2 bcast=192.168.13.255 nmask=255.255.255.0 Got a positive name query response from 64.22.192.12 ( 192.168.13.57 ) Password: cannot mount on /mnt/test2: Operation not permitted smbmnt failed: 1 $ sudo chown vorlon /mnt/test2 $ mount /mnt/test2 added interface ip=192.168.13.2 bcast=192.168.13.255 nmask=255.255.255.0 Got a positive name query response from 64.22.192.12 ( 192.168.13.57 ) Password: $ mount | grep test2 //maury/pub on /mnt/test2 type smbfs (rw) $ This is in addition, of course, to the behavior when calling smbmnt directly; though the two are related. I'm not satisfied with smbmount's behavior, and really never have been. I don't think it'll ever be fixed in smbmount (as opposed to in mount.cifs), but that doesn't mean it's not a bug. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
Steve Langasek wrote: No, they are not. User mounts are a well-established concept, and smbmnt behaves inconsistently with respect to them. I agree that the case you showed is broken. In that case, root has implicitly granted fiddling permission in the given directory through the fstab entry, so no more checks should be required. When running smbmount from the shell, however, there has got to be some check or else you could overwrite any directory whatsoever. I don't know of any precedent how that sort of thing should be handled. I think that the owner check should be enough, though. Maybe the permission mode check should just be removed? Any other ideas how to handle this (modulo the ever-popular opinion of not making the binaries setuid :) ) ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
I'm not satisfied with smbmount's behavior, and really never have been. I don't think it'll ever be fixed in smbmount (as opposed to in mount.cifs), but that doesn't mean it's not a bug. Should it then be tagged upstream wontfix and voilà?
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
On Thu, Jan 26, 2006 at 05:50:17PM +0100, Christian Perrier wrote: I'm not satisfied with smbmount's behavior, and really never have been. I don't think it'll ever be fixed in smbmount (as opposed to in mount.cifs), but that doesn't mean it's not a bug. Should it then be tagged upstream wontfix and voilà? Probably... -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
On Thu, Jan 26, 2006 at 05:42:45PM +0100, Peter Eisentraut wrote: Steve Langasek wrote: No, they are not. User mounts are a well-established concept, and smbmnt behaves inconsistently with respect to them. I agree that the case you showed is broken. In that case, root has implicitly granted fiddling permission in the given directory through the fstab entry, so no more checks should be required. When running smbmount from the shell, however, there has got to be some check or else you could overwrite any directory whatsoever. I don't know of any precedent how that sort of thing should be handled. I think that the owner check should be enough, though. Maybe the permission mode check should just be removed? Yes, the problem really is that smbmount and mount.smbfs are the same binary, but require different semantics. The permission check is intended in the case of smbmount, but is wrong for mount.smbfs. Any other ideas how to handle this (modulo the ever-popular opinion of not making the binaries setuid :) ) ? I'm hoping that mount.cifs gets it right, or if not, that it can be made to get it right since it's maintained upstream. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
tags 177584 upstream wontfix thanks Quoting Steve Langasek ([EMAIL PROTECTED]): On Thu, Jan 26, 2006 at 05:50:17PM +0100, Christian Perrier wrote: I'm not satisfied with smbmount's behavior, and really never have been. I don't think it'll ever be fixed in smbmount (as opposed to in mount.cifs), but that doesn't mean it's not a bug. Should it then be tagged upstream wontfix and voilà? Probably... Ditto
Bug#177584: marked as done (smbmount: needs write permission on mounted point)
reopen 177584 thanks Package: smbfs Version: 2.2.3a-12 Kernel: 2.4.19 The smbmount command fails if the mount point does not have write access (i.e. 700 or greater). This is different than other mount types which will work fine on a directory with permissions of 555. Brian ( [EMAIL PROTECTED] ) From: Peter Eisentraut [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Bug#177584: smbmount: needs write permission on mounted point Date: Thu, 26 Jan 2006 06:15:38 +0100 This is an intentional access control feature that is explained in the smbmnt man page. But an ill-designed one; refusing to allow mounting over a directory that you own but don't currently have write access to, when other filesystems have no such requirement, is unnecessarily inconsistent. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
