On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote:
On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf <ralf.mardorf@alice-dsl.net> said:
On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote:
Hi have following line in my /etc/fstab
//server/dir /mnt/dir cifs defaults,user,noauto,sec=krb5 0 0
mounting works flawlessly, unsing the ticket obtained through pam_krb5 at login.
However
umount /mnt/it leads to :
umount: only root can unmount //server/dir from /mnt/dir
There is no point to allowing user to mount but forbiding them yo umount the directory they mounted.
DO someone have an idea on this problem, or should I report a bug against umount ?
You can use tools to mount and unmount as user, e.g. gvfs, something
that I've got removed from my Linux. What's edited in fstab isn't
mounted by the user. A regular mount and umount can only be done by
root.
That's what the user option in fstab is for. The fact here is to allow
cifs authentication using kerberos credentials, thus the mount must be
done by the user.
And it works well, except for unmounting...
I don't know this tool, but note, this tool seems to mount on a very low
system level, while gvfs is a tool used with GUI file browsers.
You shouldn't be allowed to simply unmount something on a low system
level, when you're running a multi-user OS.
I don't know what kind of security rules gvfs and what kind of rules
this thingy here does use, but I suspect it's not that easy just to
check, if a mounted dir is in use. Once it's mounted and a user has
permission, e.g. by a group, to mount and use mounted dirs, then it
could be, that a user planed to start a script in some minutes, that
does need the mounted dir, so it wouldn't be ok, if another user is
allowed to unmount this dir.