[TAG] Mounting a Samba share

Benjamin A. Okopnik ben at linuxgazette.net
Mon Nov 21 02:56:16 MSK 2005 

On Sun, Nov 20, 2005 at 09:06:04PM +0000, Pete Savage wrote:
> Benjamin A. Okopnik wrote:
> > 
> > Well, I'm usually not a big fan of them, but since you're already
> > talking SUID binaries...

[ snip ]
 
> > Now, as root, change its owner and group appropriately
> > and make it SUID root (and set the other perms appropriately):
> > 
> > ``
> > chown root.cifs_group mount-cifs
> > chmod 4750 mount-cifs
> > ''
> > 
> > Now, create a group name (cifs_group, as above, or pick whatever you
> > like), add the users that you want to allow this privilege, and away you
> > go. All they've got to do is exec it.
> > 
> > Unmounting it left for the student. Hint: avoid making the above prog
> > any more complex than this; create an 'umount-cifs' instead.
> > 
> 
> I did the above, but I am getting this as a result,
> 
> [pete at localhost src]$ ./mount-cifs
> >>mount: only root can mount //192.168.16.3/Trinsite on
> >>/home/pete/Desktop/LisaTrinsite
> >>Mount failed!
> >>: Success
> >>[pete at localhost src]$

Hmmm. I've just tried it myself, and got much the same result - not sure
why, since SUID binaries seem to work just fine for other stuff.

Well, let's take a different tack: I've found this on the Web, which
seems to do just the kind of thing you want (and is an "official"
program rather than a quick hack, above - but don't let it out of your
hands, because an SUID 'mount' can be a Bad Thing indeed!):

http://us2.samba.org/samba/ftp/cifs-cvs/mount.cifs.c

As to the other thing - Gang, any idea why a system() call in an SUID(0)
binary fail to execute as root? This program works fine:

------ mount_cifs.c ----------------------------------------------
#include <stdlib.h>
#include <sys/mount.h>
#include <linux/fs.h>

int main(){
     if (mount("/dev/hda1", "/mnt/puppy", "ext3", MS_RDONLY, "" ) != 0) {
     perror( "Mount failed");
     exit(2);
     }

    return( 0 );
}
------ mount_cifs.c ----------------------------------------------


``
ben at Fenrir:~$ ls /mnt/puppy
ben at Fenrir:~$ mount /dev/hda1 /mnt/puppy
mount: only root can do that
ben at Fenrir:~$ cc -o mount_cifs mount_cifs.c
ben at Fenrir:~$ su -c 'chown root.staff mount_cifs;chmod 4755 mount_cifs'
Password: 
ben at Fenrir:~$ ./mount_cifs 
ben at Fenrir:~$ ls /mnt/puppy
image.gz  pupxide  pupx.ide  usr_cram.fs  vmlinuz
''

Not that I want to get involved in troubleshooting C code (yecch!), but
I'm curious.


* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://linuxgazette.net *

More information about the TAG mailing list