Why does Linux require that a user be root/using sudo/specifically authorized per mount in order to mount something? It seems like the decision as to whether to allow a user to mount something should be based on their access rights to the source volume/network share and to the mount point. A couple of uses for non-root mounting are mounting file-system images to a user owned direction and mounting a network share to a user owned directory. It seems like if the user has control over both sides of the mount equation everything should be cool.
Clarification of access restriction:
I feel I should be able to mount anything that the user otherwise would have access to to a mount-point that the user is the owner of.
For instance, on my computer /dev/sda1 is owned by user root and group disk with permissions brw-rw----. Therefore non-root users can't mess with /dev/sda1 and clearly mount shouldn't allow them to mount it. However if the user owns /home/my_user/my_imagefile.img and mount point /home/my_user/my_image/ why shouldn't they be able to mount that image file on that mount point with:
mount /home/my_user/my_imagefile.img /home/my_user/my_image/ -o loop
As kormac pointed out there is a suid problem. So some restrictions would have to be added to prevent suid from being a problem as well as potentially some other issues. Perhaps one way to do this would be to make the OS treat all files as belonging to the user that did the mounting. However for simple read/write/execute, I don't see why this would be a problem.
Use case:
I have an account in a lab where my home space is restricted to 8GB. This is tiny and very very annoying. I would like to mount an nfs volume from my personal server to essentially increase the amount of room that I have. However, because Linux does not allow such things I'm stuck with scp'ing files back and forth to stay under the 8GB limit.
Best Answer
It's both a historical and security restriction.
Historically, most drives weren't removable. So it made sense to restrict mounting to people who had legitimate physical access, and they would likely have access to the root account. The fstab entries allow administrators to delegate mounting to other users for removable drives.
From a security point of view, there are three major problems with allowing arbitrary users to mount arbitrary block devices or filesystem images at arbitrary locations.
/etc, with an/etc/shadowcontaining a root password that you know. This is fixed by allowing a user to mount a filesystem only on a directory that he owns.nosuidandnodevoptions which are implied by havinguserin/etc/fstab.So far enforcing
userwhenmountis not called by root is enough. But more generally being able to create a file owned by another user is problematic: the content of that file risks being attributed by the purported owner instead of the mounter. A casual attribute-preserving copy by root to a different filesystem would produce a file owned by the declared-but-uninvolved owner. Some programs check that a request to use a file is legitimate by checking that the file is owned by a particular user, and this would no longer be safe (the program must also check that the directories on the access path are owned by that user; if arbitrary mounting was allowed, they would also have to check that none of these directories are a mount point where the mount was created neither by root nor by the desired user).For practical purposes, it is possible nowadays to mount a filesystem without being root, through FUSE. FUSE drivers run as the mounting user so there is no risk of privilege escalation by exploiting a bug in kernel code. FUSE filesystems can only expose files that the user has the permission to create, which solves the last issue above.