Re: User unable to umount

To: debian-user@lists.debian.org
Subject: Re: User unable to umount
From: Erwan David <erwan@rail.eu.org>
Date: Thu, 30 May 2013 11:50:06 +0200
Message-id: <[🔎] 20130530095006.GB4062@rail.eu.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1369906233.3138.85.camel@archlinux>
References: <[🔎] 20130530070505.GS13833@rail.eu.org> <[🔎] 1369903837.3138.75.camel@archlinux> <[🔎] 20130530085904.GA4062@rail.eu.org> <[🔎] 1369906233.3138.85.camel@archlinux>

On Thu, May 30, 2013 at 11:30:33AM CEST, Ralf Mardorf <ralf.mardorf@alice-dsl.net> said:
> On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote:
> > On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf <ralf.mardorf@alice-dsl.net> said:
> > > On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote:
> > > > 	Hi have following line in my /etc/fstab
> > > > //server/dir       /mnt/dir         cifs                       defaults,user,noauto,sec=krb5        0       0
> > > > 
> > > > mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login.
> > > > 
> > > > However
> > > > 
> > > > umount /mnt/it leads to :
> > > > 
> > > > umount: only root can unmount //server/dir from /mnt/dir
> > > > 
> > > > There is no point to allowing user to mount but forbiding them yo umount the directory they mounted.
> > > > 
> > > > DO someone have an idea on this problem, or should I report a bug against umount ?
> > > 
> > > You can use tools to mount and unmount as user, e.g. gvfs, something
> > > that I've got removed from my Linux. What's edited in fstab isn't
> > > mounted by the user. A regular mount and umount can only be done by
> > > root.
> > 
> > That's what the user option in fstab is for. The fact here is to allow
> > cifs authentication using kerberos credentials, thus the mount must be
> > done by the user.
> > 
> > And it works well, except for unmounting...
> 
> I don't know this tool, but note, this tool seems to mount on a very low
> system level, while gvfs is a tool used with GUI file browsers.
> 
> You shouldn't be allowed to simply unmount something on a low system
> level, when you're running a multi-user OS.
> 
> I don't know what kind of security rules gvfs and what kind of rules
> this thingy here does use, but I suspect it's not that easy just to
> check, if a mounted dir is in use. Once it's mounted and a user has
> permission, e.g. by a group, to mount and use mounted dirs, then it
> could be, that a user planed to start a script in some minutes, that
> does need the mounted dir, so it wouldn't be ok, if another user is
> allowed to unmount this dir.

That's a standard Unix tool, and I think it is a posix behaviour. The
settings must be in fstab with the specific "user" option.

I do not use gvs (nor any g*) because of dependdencies and I do not trust it.

As a grpahical tool I use smb4k, but it seems unable to do kerberos
authentication nor automatically mount a mount point at start of
session

Reply to:

Follow-Ups:
- Re: User unable to umount
  - From: Klaus <klaus.doering999@gmail.com>
- Re: User unable to umount
  - From: recoverym4n@gmail.com

References:
- User unable to umount
  - From: Erwan David <erwan@rail.eu.org>
- Re: User unable to umount
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: User unable to umount
  - From: Erwan David <erwan@rail.eu.org>
- Re: User unable to umount
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: Re: User unable to umount
Next by Date: Re: User unable to umount
Previous by thread: Re: User unable to umount
Next by thread: Re: User unable to umount
Index(es):
- Date
- Thread