Mounting SMB shares as a non-root user
I use Redhat 9, kernel 2.4.20-8.
My questions are philosophical in nature, so not very urgent.
I spent all yesterday figuring out how to mount an SMB partition as a non-root user. Here's the gist of it all:
chmod +s /usr/bin/smbmnt
chmod +s /usr/bin/smbumount
(Note: Do NOT set the suid bit on /usr/bin/smbmount)
Now, I can use /usr/bin/smbmount as a non-root user to mount my SMB shares. Here's the command I use:
smbmount //dmancine/d /home/dmancine/remote-mp3 -o credentials=/home/dmancine/smb.cred,ip=192.168.1.100,uid=dmancine,gid=dmancine
Now for the questions:
1. Isn't it sorta' dangerous to setuid on smbmnt (or any file, for that matter)? That seems to go against the precept of, "Do as little as possible as root." Here, you're giving any user (who can execute smbmnt) the ability to act with root's abilities, and they don't even need to have access to the root account. Is there a better (read: more secure) way to allow non-root users to mount SMB partitions? If so, what is it? If not, why not (what specifically makes it impossible)?
2. Why can't I use mount -t smbfs to do the same thing? It says, "mount: only root can do that." I believe that from what I've read about the mount command. However, if I add the "user" or "users" or "owner" option to a line in /etc/fstab, then non-root users can use mount to mount those partitions. Why can't I use the following command as a non-root user:
mount -t smbfs -o user,credentials=smb.cred,ip=192.168.1.100,uid=dmancine,gid=dmancine //dmancine/d /home/dmancine/remote-mp3
As I understand it, this just delegates to smbmount, which I can run just fine. And I have no problem running mount as non-root with the "user" option. What am I not understanding here?
Sorry for the rambling newbie questions, but I just don't get it.
|