Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Linux Mint 13 Cinnamon Edition 64-bit, Windows 7 Home Premium SP1 64-bit, Arch Linux 32-bit
Posts: 161
Rep:
Why does mounting require root privileges?
I've been wondering about this for a while, and I've never gotten a clear answer. What's the rationale behind only allowing root to mount filesystems? With all the removable media like flash drives, CD-ROMs, SD cards, phones, cameras, and even network shares, it's common for a user to want to be able to access files on those devices. However, doing so requires mounting the filesystem, which for some reason, requires root privileges. To me, the intuitive thing would be that if a user is able to delete a directory and create files in that directory, he/she should be able to mount a device in that directory. Instead, mount is reserved for root only, and doesn't care anything about the files which are being shadowed. Something as simple as listening to music from a CD or saving a document to a flash drive requires root! I know many desktop environments get around this with FUSE or using IPC to communicate with a daemon which handles the actual mounting and unmounting, but this seems like a strange hack that works around a design flaw of Linux.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
True, mount does require root privileges.
man -s 2 mount:
Appropriate privilege (Linux: the CAP_SYS_ADMIN capability) is required to mount file systems.
However, if the file system to mount already has an entry in the /etc/fstab file and this entry has the "user" option set, anybody will be allowed to mount it. This is possible because the mount command has the root suid bit set. Similar rights might also be granted to users owning or belonging to the group of the device to mount (options "owner" and "group").
The rationale behind the default limitation is that granting the right for anyone to mount any file system would be a serious security issue.
Let say I mount a file system where there is a copy of a shell binary with root suid bit set and I'm able to become root without a password by running it.
Other issues would be mounting a file system with device files (i.e. major/minor) that belong to me, or with 0777 permissions and I would be able to access the actual devices behind them with no restrictions and either damage or hack the system.
Of course, the risk is mitigated when limited power files systems like FAT32 or iso, which do no support suid executables or devices are used. The system is also disabling the device and suid support at mount time when users or groups are granted the right to mount the file system.
Note that on most Linux systems, there is no issue with the removable media you are talking about because there is typically a service that automount them for you and apply the right restrictions to avoid the security issues I was referring to.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
I understand what you mean and possibly misunderstood what your "Wrong" was about. It is clear the OP two last statements are incorrect.
The standard behavior is for mount to require root access to succeed. You are focusing on the mechanisms put in place to allow a non privileged user to mount removable media in a secure way or to have them mounted automatically, but this is an exception to the default rule, not how mount was originally designed.
In any case, I'm replying to the question "What's the rationale behind only allowing root to mount file systems?" and my reply wouldn't make sense if the question statement was incorrect.
To generalize, the *nix principle is "default denied" and whatever user needs to do outside of home directory permission for it must be granted by root, mount is no exception.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
This is unrelated to the file system permissions or the home directories. Users aren't allowed by default to mount anything inside their home directory either for the very reasons I have presented.
The point here is a restricted system call and the reason it is restricted is that it potentially allows privilege escalation.
Also, there is usually no need for the permission to mount removable media to be explicitly granted by root, the permission is already there at installation time, being part of the OS configuration.
Mounting inside home still requires accessing node in /dev - which is outside of home. Removable devices are usually not mounted by OS, nowadays it is the DE that does it.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Granted about /dev although technically, nothing forbids to have a device file under a home directory.
The DE is indeed nowadays the component that eventually mounts the device but this mechanism is closely tied with the OS (the kernel detects the device insertion, notify a first daemon like devfs/udev/systemd which notify other daemons, etc. ) In any case, a DE is normally considered to be part of the OS where it is installed.
I've been wondering about this for a while, and I've never gotten a clear answer. What's the rationale behind only allowing root to mount filesystems? With all the removable media like flash drives, CD-ROMs, SD cards, phones, cameras, and even network shares, it's common for a user to want to be able to access files on those devices. However, doing so requires mounting the filesystem, which for some reason, requires root privileges. To me, the intuitive thing would be that if a user is able to delete a directory and create files in that directory, he/she should be able to mount a device in that directory. Instead, mount is reserved for root only, and doesn't care anything about the files which are being shadowed. Something as simple as listening to music from a CD or saving a document to a flash drive requires root! I know many desktop environments get around this with FUSE or using IPC to communicate with a daemon which handles the actual mounting and unmounting, but this seems like a strange hack that works around a design flaw of Linux.
Not a hack. It is security.
Mounting arbitrary filesystems allows device nodes to be included - and to violate security just have /dev/mem (the device) would allow inappropriate access to anything in memory, and allow changing restrictions places on the user (like switching it to root just by replacing the UID entries in the process header).
Other problems introduced are setuid programs (like /usr/bin/passwd is) on a bash interpreter - suddenly you have root without any effort, which in turn gives you control over the entire system.
That is why mounts placed for users have to be in the /etc/fstab. It allows the administrator to DEFINE the restrictions (nodev, nosetuid, and possibly even noexec for what should be data only). Without restricting mount the administrator cannot ensure the security or reliability of the system.
udev applies restrictions on the automatic mounts for USB/CD/DVDs. And udev can be configured to not allow users access.
Too have a normal user to have such rights opens security issues. That's why when a normal user without root privileges should receive when issuing the mount command;
Code:
$ mount /dev/sdc2 /mnt/sdc2
mount: only root can do that
The way around that would be to allow the user to
Code:
su -
password: xxxxxx
the superuser would need to share the root password which could be a potential headache for him/her. Or root could modify '/etc/sudoer' to reflect the users usage. Even then I am verify doubtful to allow some users those rights.
Why do you think we have all these queries here at LQ when a user that does not know what they are doing and trash a system when issuing commands that corrupt the system?
noun, plural securities. 1. freedom from danger, risk, etc.; safety.
2. freedom from care, anxiety, or doubt; well-founded confidence.
3. something that secures or makes safe; protection; defense.
4. freedom from financial cares or from want: The insurance policy gave the family security.
5. precautions taken to guard against crime, attack, sabotage, espionage, etc.: claims that security was lax at the embassy; the importance of computer security to prevent hackers from gaining access.
6. a department or organization responsible for protection or safety: He called security when he spotted the intruder.
7. protection or precautions taken against escape; custody: The dangerous criminal was placed under maximum security
Pick one of the above definitions that suits you and the reasons that a secure Gnu/Linux limits those rights to a normal user as a default.
For a DE to auto-mount a device those privileges have been met by the initial configurations for that user's environment.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.