I am running samba 2.0.7-4 on RH 6.1 I use it to provide share services to NT clients. I also would like to use smbmount to mount NT shares on the linux box. All works well either as root, or by making entries in /etc/rc.d/rc.local. However if I make an entry in /etc/fstab with the 'users' and 'noauto' options, with the idea these would be available for linux users to mount on demand, I find only root, or the owner of the directory may mount the share. So this does not work as a genral solution for all users. Permissions on the directory onto which which we are mounting do not seem to alter this behavior. As an example, here is the fstab entry... //NTServer/NTShare /local/image smbfs username=user/workgroup%passwd,fmask=666,dmask=777,noauto,users 0 0 and here is what happens if any user but root or the owner of /local/image tries to mount [hieb@lnxwp1 hieb]$ mount /local/image [hieb@lnxwp1 hieb]$ cannot mount on /local/image: Operation not permitted smbmnt failed: 1 mount.smbfs: ioctl failed, res=-1 Could not umount /local/image: Device or resource busy and the directry in question... [hieb@lnxwp1 hieb]$ ls -lda /local/image drwxrwxrwx 2 nobody users 1024 Sep 16 1999 /local/image [hieb@lnxwp1 hieb]$ ls -la /local/image total 2 drwxrwxrwx 2 nobody users 1024 Sep 16 1999 . drwxrwxrwx 10 root root 1024 Sep 22 17:56 .. [hieb@lnxwp1 hieb]$ If this is in the manual, I apologize in advance, I've looked and not found anything. If you know please advise, it would make things very convenient. Michael
>//NTServer/NTShare /local/image smbfs username=user/workgroup%passwd,fmask=666,dmask=777,noauto,users 0 0As I recall, I had to add an entry in FSTAB for each user with their uid and gid when I wanted to have the shares mounted during boot (with mount -a). Not very elegant, I realize, but it worked. Perhaps if you put the individual's uid= and gid= on the individual mount commands? I believe the owner and group of /local/image/* would then be uid and gid respectively. There isn't a problem with /local/image ownership is there? I had root create the /mnt/landrive directory, and any user can mount and access a landrive there. Forgive me if I'm stating the obvious. Linux is still very new to me. Bruce
On Wed, 27 Sep 2000, Michael Hieb wrote:> and here is what happens if any user but root or the owner of > /local/image tries to mount > [hieb@lnxwp1 hieb]$ mount /local/image > [hieb@lnxwp1 hieb]$ cannot mount on /local/image: Operation not permitted > smbmnt failed: 1 > mount.smbfs: ioctl failed, res=-1 > Could not umount /local/image: Device or resource busy[smbmount blocking itself in the error handling ...]> and the directry in question... > [hieb@lnxwp1 hieb]$ ls -lda /local/image > drwxrwxrwx 2 nobody users 1024 Sep 16 1999 /local/image > [hieb@lnxwp1 hieb]$ ls -la /local/image > total 2 > drwxrwxrwx 2 nobody users 1024 Sep 16 1999 . > drwxrwxrwx 10 root root 1024 Sep 22 17:56 .. > [hieb@lnxwp1 hieb]$ > > > If this is in the manual, I apologize in advance, I've looked and not > found anything. If you know please advise, it would make things very > convenient.It is in the man page for smbmnt: "It checks whether the user has write permissions on the mount point and then mounts the directory." Which is perhaps not the whole truth, it also checks ownership. "write permissions" suggests that it is an access check. smbmnt must be setuid for this to work. smbmnt is a mount program and must do some authorization checks since it "bypasses" what the normal mount command does. mount_ok in source/client/smbmnt.c is responsible for this. It contains this snippet: if ((getuid() != 0) && ((getuid() != st.st_uid) || ((st.st_mode & S_IRWXU) != S_IRWXU))) { /* disallow mount */ } /* allow mount */ A simple and bad hack would be to remove that check. (Allows anyone to mount a smbfs share anywhere in the fs, like replace /usr/bin) A better hack might be to allow someone with the proper group access (users in this case) to mount. (Allows anyone to mount a smbfs share anywhere in the fs where they have user or group write access) A good hack might be to do the same checks in smbmnt that mount normally does (whatever that is ... disallow all non-root mounts unless in fstab with user option? or perhaps add a list of allowed dirs to smb.conf). Another option might be to get autofs to do the mounting, possibly using different autofs maps (with different uid or gid parameters) depending on who is requesting the mounting. I don't know how to do that in a nice way but I think it is possible. /Urban