Debian This forum is for the discussion of Debian Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-05-2005, 09:46 AM
|
#1
|
Member
Registered: Nov 2003
Location: Ohio
Distribution: Debian Unstable
Posts: 460
Rep:
|
fixing mount permissions?
Hi, I changed the permissions on /bin/mount
$ ls -l /bin/mount
-rwxr-xr-x 1 root root 76888 2004-09-24 00:34 /bin/mount
and in the process, i prevented standard users from being able to do mount
$ mount /media/cdrom0
mount: must be superuser to use mount
the pertinant line in /etc/fstab is
/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0
i tried
$ su -c "chmod u+s /bin/mount"
which now allows me to mount, but when i try to unmount, i get
$ mount /media/cdrom0
$ umount /media/cdrom0
umount: /dev/hdc: not mounted
umount: /media/cdrom0: must be superuser to umount
umount: /dev/hdc: not mounted
umount: /media/cdrom0: must be superuser to umount
thanks for any thoughts or assistance.
|
|
|
05-05-2005, 10:35 AM
|
#2
|
Senior Member
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014
Rep:
|
well do the same on umount, I mean:
Code:
chmod u+s /bin/umount
|
|
|
05-05-2005, 11:33 AM
|
#3
|
Member
Registered: Nov 2003
Location: Ohio
Distribution: Debian Unstable
Posts: 460
Original Poster
Rep:
|
thanks, changing permissions for umount works. i am very concerned that i am opening potential security vulnerabilities. the +s means enable the suid bit, right?
|
|
|
05-05-2005, 10:26 PM
|
#4
|
Member
Registered: Jan 2005
Location: Tasmania
Distribution: Xen Debian Lenny/Sid
Posts: 578
Rep:
|
Rather than change the permissions on the executables,
perhaps you could try creating a cdrom group and
adding your user to that group.
eg:
# grep cdrom /etc/group
cdrom:x:24:user1,user2,user3
Then chown root:cdrom /dev/cdrom
# ls -l /dev/dvdrw
lrwxr-xr-x 1 root cdrom 8 Feb 17 15:46 /dev/dvdrw -> /dev/hdc
and make sure fstab has the user option set:
# grep dvdrw /etc/fstab
/dev/dvdrw /media/dvdrw auto ro,user,noauto 0 0
ps. the reason you couldn't umount it as user is because you
mounted it as root.
|
|
|
05-06-2005, 07:04 AM
|
#5
|
Senior Member
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014
Rep:
|
Quote:
ps. the reason you couldn't umount it as user is because you
mounted it as root.
|
I don't think so... 'cause his prompt was a "$" and not a "#" which proves that it was executed as user... unless he changed the default root prompt behavior
|
|
|
05-06-2005, 08:26 AM
|
#6
|
Member
Registered: Jan 2005
Location: Tasmania
Distribution: Xen Debian Lenny/Sid
Posts: 578
Rep:
|
Sorry, I should have put that a little clearer, and it has nothing to do with the prompt in this case
as the suid bit had been set on mount, but not on umount.
ie. the device is mounted by root.
|
|
|
05-06-2005, 10:15 AM
|
#7
|
Senior Member
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014
Rep:
|
Quote:
as the suid bit had been set on mount, but not on umount.
ie. the device is mounted by root.
|
OK
but we could also think that umount is a symlink to mount (that what I thought before checking it was not that and so umount have to also set suid) like modprobe for insmod...
and if you just read mount man page, you see that you just have to add "user" option to mount/umount a partition with the same user... so that may lead to a certain confusion
|
|
|
All times are GMT -5. The time now is 11:00 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|