LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (http://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   mount problem as non-root user (http://www.linuxquestions.org/questions/linux-desktop-74/mount-problem-as-non-root-user-4175482729/)

lld 10-30-2013 03:00 AM

mount problem as non-root user
 
Hi,
I am terribly sorry for making a new thread about this, I looked arround but everyone is fstab-ing, and I just need to mount when at work. I do not want to use fstab.

I want to use a Windows-based share, from Fedora19. The Fedora machine hosts multiple users, and I don't want all users to be or have root permissions. I want to take advantage of the Windows machine security to sort folder user rights on the mapped drive, but I need them to access without problems their mapped drive, once mapped in the linux host.

First of all, I created the folder in the user directory, and checked permissions

Quote:

[<user>@<hostname> Shares]$ ls -al
total 12
drwxr-xr-x 3 <user> domain users 4096 Oct 29 13:20 .
drwx------. 16<user> domain users 4096 Oct 29 18:17 ..
drwxr-xr-x 2 <user> domain users 4096 Oct 29 13:20 FileServer

Now, from the linux machine, I try to mount as user:

Quote:

[<user>@<hostname> Shares]$ /sbin/mount.cifs //<server-IP>/FIleServer /home/<DOMAIN>/<user>/Shares/FileServer/ -o user=<user>,rw
mount.cifs: permission denied: no match for /home/<DOMAIN>/<user>/Shares/FileServer found in /etc/fstab
Now, you would say from that message that there is a problem with the remote share definition, or my fstab (that I am not using nor I intend to)

So, change to root, and try again

Quote:

[<user>@<hostname> Shares]$ su
Password:

[root@<hostname> Shares]# /sbin/mount.cifs //<server-IP>/FIleServer /home/<DOMAIN>/<user>/Shares/FileServer/ -o user=<user>,rw
Password for <user>@//<server-IP>/FIleServer: *********
Same command, but it completes. So far so good, but there is a huge problem:

Quote:

[root@<hostname> Shares]# ls -al
total 32
drwxr-xr-x 3 <user> domain users 4096 Oct 29 13:20 .
drwx------. 16 <user> domain users 4096 Oct 29 18:17 ..
drwxr-xr-x 2 root root 24576 Oct 25 10:26 FileServer
[root@<hostname> Shares]#
Now the local folder permissions have changed from user, domain users, to root root.

This means that as a user, I can see the contents of the mapped drive, but I cannot write or create files or folders, which makes this mapping completely useless for me.

So, I understand, security, only root can do that etc, but if there is no way to allow users to map a home drive (for example) in a remote share, what good is it?

Can anyone help me surpass this problem? And please, in the danger of sounding ugly (and it is not my intention), please, I don't need posts like "root can only do that for a reason".

Thanks a lot in advance

baldur_1 10-30-2013 01:38 PM

why dont you use sudo? sudo can run root commands and can be delegated per user...

lld 10-31-2013 06:52 AM

Hi, thanks for the reply...

Quote:

[<user>@<hostname> ~]$ sudo /sbin/mount.cifs //<server-IP>/FIleServer /home/<DOMAIN>/<user>/Shares/FileServer/ -o user=<user>,rw
[sudo] password for <user>:
Password for <user>@//<server-IP>/FIleServer: *********
[<user>@<hostname> ~]$ cd /home/<domain>/<user>/Shares/
[<user>@<hostname> Shares]$ ls -al
total 32
drwxr-xr-x 3 <user> domain users 4096 Oct 29 13:20 .
drwx------. 16 <user> domain users 4096 Oct 29 18:17 ..
drwxr-xr-x 2 root root 24576 Oct 25 10:26 FileServer
...but it gives the same result, I thought that I had covered this one in my first post...

Are you saying it because there is sth more I should have done with it?
let me mention the following: Maybe everyone in here is a cli-nut, and in some ways I am as well, I work all network equipment by cli, I despise of their web interface, but when it comes to my desktop, I do by cli all I have to, but I deeply enjoy working in a pleasant and practical graphical environment, I have a very beautifully personalised kde-fedor-ita. So I don't want to push a local file every time by sudo on the share, I do not want to make a copy of it before i edit it or having to open libreoffice as root. I just want to browse for a file by dolphin (which I believe is stellar), double click on a file, edit it, save it and that's all. If I need to do all that by sudo cli commands, we're going backwards productively-wise, or I need to personalize all the launchers to run as root, which in its turn sort-of-eliminates all the reasons for strengthened security...

Does anything of what I say make any sense, or I am looking at it the wrong way?

baldur_1 10-31-2013 10:44 AM

let me ask just a sec to clarify, are you trying to mount one windows share and several fedora users are going to use it or does each person say have their own windows share?

lld 11-04-2013 03:46 AM

Hi,

The share is on a Windows Server. I cannot change that fact...

The Fedora machine is to be used as an nx server ("Terminal server" say), and I need each user to map a folder (lets say a "home", although I am interested in mapping a common share as well) on the windows machine with their own AD permissions.

We already have AD authentication working to log into the Fedora machine, and it is working beautifully, fast, no errors. In the output I have included, The user is already logged in validated from AD into Fedora.

My only problem now is that users cannot map a usable share.

Thanks a lot in advance

baldur_1 11-06-2013 10:28 AM

well, first of all, if sudo did not work then you have issues there. this is the perfect usage for sudo. you could either write a script or configure linux to run code once someone logs on to auto mount using like sudo or whatever.

prior you mentioned that when you mounted with root it mounted with root permissions. the reason that happend was becuase you did not identify a user to in the mount code. using uid and/or gid would solve that. if you used mount -t cifs //server/share /local/folder -o username=<user>,uid=500, that would mount using root and give permissions to that mount to the user with the numeric id 500. you then have the ability to mount to any user you want using uid and gid. with properly configured user controls you could do anything from that point from allowing some users and not others and so on...

i have spent some time reading about ways to allow users to create mounts and as far as i have seen there are none so you either need to create your own or use an alternative like getting sudo to work, mounting the mount via fstab, or any of the other alternatives using one of those two ways.

lld 11-06-2013 11:28 AM

Aparently it was as simple as that... :-)

It works beautifully if you use the uid.
I didn't know that, and it never occurred to me even looking at that direction...
The amount of time I spent looking around the Internet searching for the wrong terms...

Thank you very-very much, and I apologise for the time you spent on me.

Regards,


All times are GMT -5. The time now is 09:26 AM.