fixing mount permissions?

zero79 · 05-05-2005, 09:46 AM

Hi, I changed the permissions on /bin/mount

$ ls -l /bin/mount
-rwxr-xr-x 1 root root 76888 2004-09-24 00:34 /bin/mount

and in the process, i prevented standard users from being able to do mount

$ mount /media/cdrom0
mount: must be superuser to use mount

the pertinant line in /etc/fstab is

/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0

i tried

$ su -c "chmod u+s /bin/mount"

which now allows me to mount, but when i try to unmount, i get

$ mount /media/cdrom0
$ umount /media/cdrom0
umount: /dev/hdc: not mounted
umount: /media/cdrom0: must be superuser to umount
umount: /dev/hdc: not mounted
umount: /media/cdrom0: must be superuser to umount

thanks for any thoughts or assistance.

Oliv' · 05-05-2005, 10:35 AM

well do the same on umount, I mean:

Code:

chmod u+s /bin/umount

zero79 · 05-05-2005, 11:33 AM

thanks, changing permissions for umount works. i am very concerned that i am opening potential security vulnerabilities. the +s means enable the suid bit, right?

uberNUT69 · 05-05-2005, 10:26 PM

Rather than change the permissions on the executables,
perhaps you could try creating a cdrom group and
adding your user to that group.

eg:
# grep cdrom /etc/group
cdrom:x:24:user1,user2,user3

Then chown root:cdrom /dev/cdrom
# ls -l /dev/dvdrw
lrwxr-xr-x 1 root cdrom 8 Feb 17 15:46 /dev/dvdrw -> /dev/hdc

and make sure fstab has the user option set:
# grep dvdrw /etc/fstab
/dev/dvdrw /media/dvdrw auto ro,user,noauto 0 0

ps. the reason you couldn't umount it as user is because you
mounted it as root.

Oliv' · 05-06-2005, 07:04 AM

Quote:

ps. the reason you couldn't umount it as user is because you
mounted it as root.

I don't think so... 'cause his prompt was a "$" and not a "#" which proves that it was executed as user... unless he changed the default root prompt behavior

uberNUT69 · 05-06-2005, 08:26 AM

Sorry, I should have put that a little clearer, and it has nothing to do with the prompt in this case
as the suid bit had been set on mount, but not on umount.
ie. the device is mounted by root.

Oliv' · 05-06-2005, 10:15 AM

Quote:

as the suid bit had been set on mount, but not on umount.
ie. the device is mounted by root.

OK

but we could also think that umount is a symlink to mount (that what I thought before checking it was not that and so umount have to also set suid) like modprobe for insmod...
and if you just read mount man page, you see that you just have to add "user" option to mount/umount a partition with the same user... so that may lead to a certain confusion