shell script help

berrance · 11-30-2004, 12:51 PM

hi i am creating a shell script for people to run when they login what i need it to do is simple, just to mount a couple of samba shares in a folder called server-mounts in there home folder i can do this with the command

mount -t smbfs //server/share /home/user-name/server-mounts/mount/ -0 username=username passwd=password

the only problem is i can only perform a mount as root and i dont want to do it through the fstab file

what i need to know is how can i switch to root in a shell script i know how to do it with the command su - root but i need to put the password in is there a command to put the password in or give a usere the privaledge to mount things

thanks

david_ross · 11-30-2004, 12:56 PM

You need to set smbmnt setuid - try:
chmod +s /path/to/smbmnt

berrance · 11-30-2004, 01:01 PM

i have run that command as root for the folder where i want the share to be mounted and i still get the message

mount: only root can do that

thanks for the help im sure its something i am doing wrong

david_ross · 11-30-2004, 01:31 PM

You don't need to chmod the actual directories - just the smbmnt binary.

berrance · 11-30-2004, 01:50 PM

so what would i put something like this?

chmod +s //server/share /home/user-name/server-mounts/mount/ -0 username=username passwd=password

david_ross · 11-30-2004, 01:59 PM

Try running this:
find / -name "smbmnt" -exec chmod +s {} \;

berrance · 11-30-2004, 02:36 PM

all i get is loads of access denides and if i run it as root it lists my hardrive mount, cd rom and floppy i think i know they where 3 listed and non of them where smb mounts

wmakowski · 11-30-2004, 02:51 PM

Have you thought about mounting the share permanently and then create a symbolic link to the mount in your user directories? You could add that mount to your fstab without much trouble. The symbolic links would need to be added to each user. As new users are created you could make this part of /etc/skel (see man useradd) to have it done automatically.

Bill

berrance · 11-30-2004, 03:04 PM

no, as difrent users will have difrent acces writes and i dont want some users to have access at all and others just read access and it would be easyer to set that by the server

thanks all the same

wmakowski · 11-30-2004, 04:49 PM

It sounds like we'll need to go with what David suggested. To allow users to mount SMB shares we need to setuid root on the smbmnt application. Check out man smbmnt to understand this a little better. On my system the file path to smbmnt is /usr/bin/smbmnt with an owner and group of root. To setuid we use chmod 4755 /usr/bin/smbmnt. The file permissions will end up being rwsr_xr_x. What this does is change the effective userid to root when the smbmount command is run by a normal user. The command then becomes:

smbmount //server/share /home/user-name/server-mounts/mount/

You can throw on options -o ro for readonly or rw for readwrite. You can also play around with groups or set up different shares in smb.conf to control file access.

I'm not sure if there is a slick way around supplying passwords. If you don't supply a password it will prompt the user for one. I believe once you pass the initial check any additional mounts will not prompt for a password. Only way around this is to make them guest services in smb.conf and I doubt that is what you want to do.

One thing this technique does is open up the smbmount command to basicly everyone. You can secure it somewhat by setting up a group, say smbmnt, and adding users that require this capability to the group. Then chown root:smbmnt /usr/bin/smbmnt and chmod 4750 /usr/bin/smbmnt. This will lock it down a little better.

Bill

Brian1 · 11-30-2004, 05:27 PM

For my simple needs I use sudo to do my mounting.
In the following examples username = user9 and password for user9 = passwd9

Example of /etc/sudoers file.

Code:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL

# Samples
%users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
%users  ALL=/sbin/mount /floppy,/sbin/umount /floppy
# %users  localhost=/sbin/shutdown -h now

Example of mount command.

Code:

sudo mount //desktop2400/user9 /mnt/Desktop -o credentials=/home/user9/bin/access.txt -rw

Example /home/user9/bin/access.txt file used in above mount command so not to ask for password

Code:

username = user9
password = passwd9

Example of an fstab file.

Code:

/dev/hda3               /                       ext3    defaults        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
/dev/hda2               /home                   ext3    defaults        1 2
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda5               /tmp                    ext3    defaults        1 2
/dev/hda6               swap                    swap    defaults        0 0
/dev/fd0                /mnt/floppy             auto    noauto,users     0 0
/dev/sda                /mnt/usbflpy            auto    noauto,users     0 0
/dev/sda1               /mnt/usb                auto    noauto,users,rw  0 0
/dev/hde1               /mnt/pcmcia             vfat    noauto,users,rw  0 0
/dev/hdc                /mnt/cdrom              auto    noauto,users,ro  0 0
//Desktop2400/user9    /mnt/Desktop            smbfs   username=user9,noauto,users,rw 0 0

Another example edit /etc/sudeors file to setup commands that a user can use without it asking for a password. Makes easy writing scripts that can be put on users desktop and have them point and click.

Code:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

user9	ALL=NOPASSWD: /sbin/ifdown, /sbin/ifup, /sbin/mount , /sbin/umount

Brian1

berrance · 12-01-2004, 04:14 AM

sounds and looks good, i will do it later as i arnt at home right now but im sure it will work

thanks again for the great help

david_ross · 12-01-2004, 01:28 PM

Be VERY careful doing that with sudo. Giving users full root access to mount all paritions will let them screw about with your system and even gain root access.

/bin/bash · 12-01-2004, 01:38 PM

Just write a script and put your smbmount statement in the script. Then add the script to your /etc/sudoers file.