LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-30-2004, 01:51 PM   #1
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Rep: Reputation: 30
shell script help


hi i am creating a shell script for people to run when they login what i need it to do is simple, just to mount a couple of samba shares in a folder called server-mounts in there home folder i can do this with the command

mount -t smbfs //server/share /home/user-name/server-mounts/mount/ -0 username=username passwd=password

the only problem is i can only perform a mount as root and i dont want to do it through the fstab file

what i need to know is how can i switch to root in a shell script i know how to do it with the command su - root but i need to put the password in is there a command to put the password in or give a usere the privaledge to mount things

thanks
 
Old 11-30-2004, 01:56 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
You need to set smbmnt setuid - try:
chmod +s /path/to/smbmnt
 
Old 11-30-2004, 02:01 PM   #3
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Original Poster
Rep: Reputation: 30
i have run that command as root for the folder where i want the share to be mounted and i still get the message

mount: only root can do that

thanks for the help im sure its something i am doing wrong
 
Old 11-30-2004, 02:31 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
You don't need to chmod the actual directories - just the smbmnt binary.
 
Old 11-30-2004, 02:50 PM   #5
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Original Poster
Rep: Reputation: 30
so what would i put something like this?

chmod +s //server/share /home/user-name/server-mounts/mount/ -0 username=username passwd=password
 
Old 11-30-2004, 02:59 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Try running this:
find / -name "smbmnt" -exec chmod +s {} \;
 
Old 11-30-2004, 03:36 PM   #7
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Original Poster
Rep: Reputation: 30
all i get is loads of access denides and if i run it as root it lists my hardrive mount, cd rom and floppy i think i know they where 3 listed and non of them where smb mounts
 
Old 11-30-2004, 03:51 PM   #8
wmakowski
Member
 
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Rep: Reputation: 56
Have you thought about mounting the share permanently and then create a symbolic link to the mount in your user directories? You could add that mount to your fstab without much trouble. The symbolic links would need to be added to each user. As new users are created you could make this part of /etc/skel (see man useradd) to have it done automatically.

Bill
 
Old 11-30-2004, 04:04 PM   #9
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Original Poster
Rep: Reputation: 30
no, as difrent users will have difrent acces writes and i dont want some users to have access at all and others just read access and it would be easyer to set that by the server

thanks all the same
 
Old 11-30-2004, 05:49 PM   #10
wmakowski
Member
 
Registered: Oct 2003
Location: Ohio
Distribution: Fedora 25, 26, RHL 5.2
Posts: 560

Rep: Reputation: 56
It sounds like we'll need to go with what David suggested. To allow users to mount SMB shares we need to setuid root on the smbmnt application. Check out man smbmnt to understand this a little better. On my system the file path to smbmnt is /usr/bin/smbmnt with an owner and group of root. To setuid we use chmod 4755 /usr/bin/smbmnt. The file permissions will end up being rwsr_xr_x. What this does is change the effective userid to root when the smbmount command is run by a normal user. The command then becomes:

smbmount //server/share /home/user-name/server-mounts/mount/

You can throw on options -o ro for readonly or rw for readwrite. You can also play around with groups or set up different shares in smb.conf to control file access.

I'm not sure if there is a slick way around supplying passwords. If you don't supply a password it will prompt the user for one. I believe once you pass the initial check any additional mounts will not prompt for a password. Only way around this is to make them guest services in smb.conf and I doubt that is what you want to do.

One thing this technique does is open up the smbmount command to basicly everyone. You can secure it somewhat by setting up a group, say smbmnt, and adding users that require this capability to the group. Then chown root:smbmnt /usr/bin/smbmnt and chmod 4750 /usr/bin/smbmnt. This will lock it down a little better.

Bill

Last edited by wmakowski; 11-30-2004 at 05:56 PM.
 
Old 11-30-2004, 06:27 PM   #11
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
For my simple needs I use sudo to do my mounting.
In the following examples username = user9 and password for user9 = passwd9

Example of /etc/sudoers file.
Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL

# Samples
%users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
%users  ALL=/sbin/mount /floppy,/sbin/umount /floppy
# %users  localhost=/sbin/shutdown -h now
Example of mount command.
Code:
sudo mount //desktop2400/user9 /mnt/Desktop -o credentials=/home/user9/bin/access.txt -rw

Example /home/user9/bin/access.txt file used in above mount command so not to ask for password
Code:
username = user9
password = passwd9

Example of an fstab file.
Code:
/dev/hda3               /                       ext3    defaults        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
/dev/hda2               /home                   ext3    defaults        1 2
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda5               /tmp                    ext3    defaults        1 2
/dev/hda6               swap                    swap    defaults        0 0
/dev/fd0                /mnt/floppy             auto    noauto,users     0 0
/dev/sda                /mnt/usbflpy            auto    noauto,users     0 0
/dev/sda1               /mnt/usb                auto    noauto,users,rw  0 0
/dev/hde1               /mnt/pcmcia             vfat    noauto,users,rw  0 0
/dev/hdc                /mnt/cdrom              auto    noauto,users,ro  0 0
//Desktop2400/user9    /mnt/Desktop            smbfs   username=user9,noauto,users,rw 0 0


Another example edit /etc/sudeors file to setup commands that a user can use without it asking for a password. Makes easy writing scripts that can be put on users desktop and have them point and click.
Code:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

user9	ALL=NOPASSWD: /sbin/ifdown, /sbin/ifup, /sbin/mount , /sbin/umount

Brian1

Last edited by Brian1; 11-30-2004 at 06:31 PM.
 
Old 12-01-2004, 05:14 AM   #12
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Original Poster
Rep: Reputation: 30
sounds and looks good, i will do it later as i arnt at home right now but im sure it will work

thanks again for the great help
 
Old 12-01-2004, 02:28 PM   #13
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Be VERY careful doing that with sudo. Giving users full root access to mount all paritions will let them screw about with your system and even gain root access.
 
Old 12-01-2004, 02:38 PM   #14
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
Just write a script and put your smbmount statement in the script. Then add the script to your /etc/sudoers file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell script inside shell script treotan Linux - General 4 02-19-2009 07:34 AM
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 03:14 AM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 06:32 PM
Directory listing - Calling shell script from a CGI script seran Programming 6 08-12-2005 12:08 AM
[SHELL SCRIPT] Write at the right of the shell window Creak Linux - General 2 04-02-2004 04:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration