Linux mount user access

Permission denied for user accessing mount

Using root I can mount another Linux share no problem.

Root can read/write to the share dirs no problem.

When trying to access the dir under another user, even when the user is part of the ‘users’ group it gets permission denied.

3 Answers 3

As mentioned in one of the comments, try mounting the share using these options:

or this to forgo confusion with regards to CIFS POSIX extensions, as explained in another answer on here.

Depending on your system, the introduction of systemd and udev in Linux has changed how filesystems get mounted once again. However, I’m not sure that/how CIFS/Samba shares are affected by this.

According to Mark Cohen’s answer, you need some kind of change permission action.

But simple sudo chmod 777 javalib will crash with another permission denied. You need to add mount options -o username=guest,dir_mode=777,file_mode=666 to make directories executable for everyone.

If this method won’t help, then you may need to add options, such as -o uid=$(whoami) .

I also have this problem and the only thing which worked for me was this:

1. 192.168.10.10 by the IP of remote computer
2. directory\ name by the remote directory absolute path
3. remote\ user\ name by the remote user account used to authenticate
4. vers=1.0 by the version of the smb protocol implemented on the remote computer

After you run this command, it will prompt by your remote\ user\ name password.

Just do not forget to install: sudo apt-get install cifs-utils

If you have any problems with this command line, as some nuts errors like:

You can run this to see what the error was

On this case, if you search on Google you will see the error was that I ran the command without specifying the vers=1.0 argument.

Источник

Mounting volume/partition with permissions for user

A volume intended for use by my user was created at OS installation with root ownership and my user lacks write permissions.

Some solutions I’ve read about include:

• changing ownership of the mount point with chown
• adding group write permissions with chmod
• adding user or users mount option in /etc/fstab .

What is the best practice for this situation, and what are the implications of each approach?

1 Answer 1

If it’s in /etc/fstab then it will mount at boot. As only root has write permissions then you you’ll need to modify it so that the user has those permissions. The best way is:

If the root group has write permission as well and you want another group to have it then you can use:

If the root group doesn’t have write access, then you can use chmod next:

That will give write permission to the group if it’s not there and read and execute to everyone else. You can modify the 775 to give whatever permissions you want to everyone else as that will be specified by the third number.

To better cover what you asked in your comment below:

You can add the user option to /etc/fstab but that only allows the file system to be mounted by any user. It won’t change the permissions on the file system which is why you need chown and/or chmod . You can go ahead and add the user option so that a regular user without sudo can mount it should it be unmounted.

For practicality, the best option here is chown as it gives the user the needed permissions instantly. The chmod command can be used afterwards if the permissions need to be modified for others.

Источник

Mount device with r/w access to specific user

How can I mount some device with read-write access for a given user?

2 Answers 2

You can use the -o option, that will let you set up umask, owner and group owner for the mounted device.

That will mount a vfat device in /var/www with umask 0022, owner: user with ID 33, and group: group with ID 33.

There’s no generic way to do exactly that. If the filesystem doesn’t have a notion of file ownership, it probably has a mount option ( uid ) to decide which user the files will belong to. If the filesystem does have a notion of file ownership, mount it read-write, and users will be able to write every file they have permission to.

If you only want a specific user to access the filesystem, and there is a FUSE driver for it, then arrange for the user to have read-write access to the device and mount it through FUSE as that user.

Another way to only let a specific user (or a specific group, or better fine-tuning through an ACL) is to place the mount point underneath a restricted-access directory:

If you want some users to have read-write access and others to have read-only access regardless of file permissions, mount the filesystem read-write under a restricted access directory and use bindfs to make a read-only view of that filesystem.

You can also make a bindfs view read-write to some users and read-only for others; see the -m and -M options in the bindfs man page. Remember to put the primary mount point under a directory that only root can access.

Источник

Mount cifs Network Drive: write permissions and chown

I have access to a cifs network drive. When I mount it under my OSX machine, I can read and write from and to it.

When I mount the drive in ubuntu, using:

I am not able to write to the network drive, but I can read from it. I have checked the permissions and owner of the mount folder, they look like:

I cannot change the owner, because I get the error:

When I descend deeper into the network drive, and change the ownership there, I get the error that I have no permission to change the folder´s owner.

What should I do to activate my write permission?

2 Answers 2

You are mounting the CIFS share as root (because you used sudo ), so you cannot write as normal user. If your Linux Distribution and its kernel are recent enough that you could mount the network share as a normal user (but under a folder that the user own), you will have the proper credentials to write file (e.g. mount the shared folder somewhere under your home directory, like for instance $HOME/netshare/ . Obviously, you would need to create the folder before mounting it).

An alternative is to specify the user and group ID that the mounted network share should used, this would allow that particular user and potentially group to write to the share. Add the following options to your mount: uid= ,gid= and replace and respectively by your own user and default group, which you can find automatically with the id command.

If the server is sending ownership information, you may need to add the forceuid and forcegid options.

Источник

How to allow non-superusers to mount any filesystem?

Is it possible to allow some particular users (e.g. members of a group) to mount any filesystem without superuser privileges on Linux?

Another question might have been «in what ways a user can harm a system by mounting filesystems?»

8 Answers 8

There are a couple approaches, some of them mostly secure, others not at all.

The insecure way

Let any use run mount , e.g., through sudo. You might as well give them root; it’s the same thing. The user could mount a filesystem with a suid root copy of bash —running that instantly gives root (likely without any logging, beyond the fact that mount was run).

Alternatively, a user could mount his own filesystem on top of /etc , containing his/her own copy of /etc/shadow or /etc/sudoers , then obtain root with either su or sudo . Or possibly bind-mount ( mount —bind ) over one of those two files. Or a new file into /etc/sudoers.d .

Similar attacks could be pulled off over /etc/pam.d and many other places.

Remember that filesystems need not even be on a device, -o loop will mount a file which is owned (and thus modifiable) by the user.

The mostly secure way: udisks or similar

The various desktop environments have actually already built solutions to this, to allow users to mount removable media. They work by mounting in a subdirectory of /media only and by turning off set-user/group-id support via kernel options. Options here include udisks , udisks2 , pmount , usbmount ,

If you must, you could write your own script to do something similar, and invoke it through sudo—but you have to be really careful writing this script to not leave root exploits. If you don’t want your users to have to remember sudo, you can do something like this in a script:

The will-be-secure someday way: user namespaces

Linux namespaces are a very lightweight form of virtualization (containers, to be more specific). In particular, with user namespaces, any user on the system can create their own environment in which they are root. This would allow them to mount filesystems, except that has been explicitly blocked except for a few virtual filesystems. Eventually, FUSE filesystems will probably be allowed, but the most recent patches I could find don’t cover block devices, only things like sshfs.

Further, many distro kernels have (for security reasons) defaulted to not allowing unprivileged users to use user namespaces; for example Debian has a kernel.unprivileged_userns_clone that defaults to 0. Other distros have similar settings, though often with slightly different names.

The best documentation I know of about user namespaces is an LWN article Namespaces in operation, part 5: User namespaces.

Источник