Linux – Why doesn’t setuid work with mount

linuxmountsetuid

There is a setuid bit on the file.

user@host:~$ ls -l /bin/mount
-rwsr-xr-x 1 root root 40152 May 26 19:31 /bin/mount

Why does operating system require root access to execute the 'mount'?

user@host:~$ /bin/mount /dev/sdb1 /mnt
mount: only root can do that
user@host:~$ sudo /bin/mount /dev/sdb1 /mnt
user@host:~$ lsblk  | grep sdb

sdb      8:16   0  102M  0 disk
└─sdb1   8:17   0  101M  0 part /mnt

My /etc/fstab

# / was on /dev/sda1 during installation
UUID=026bb2d9-1c0c-4163-85a1-f83b2221eb34 /               ext4    errors=remount-ro 0       1

# swap was on /dev/sda5 during installation
UUID=aec6b039-13b1-4568-abb1-2be1f3429325 none            swap    sw              0       0

Best Answer

Unix has the concept of real and effective UIDs (and GIDs for that matter).

When you run a setuid program then the effective ID of the process is set to the owner of the file.

So in the case of mount you have an effective ID of root. But you still have a real ID of user.

Programs such as passwd or su or mount can check the real ID to see who is running it and act differently accordingly. For passwd this allows the root user to change another's password; for su it allows switching users without knowing the password.

For mount it allows users to mount their own filesystems if they are defined in /etc/fstab and have the user attribute associated with them

eg in my Debian fstab I have:

/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

This means a non-root user can run mount /dev/sr0 or mount /media/cdrom0 and it will attempt to mount the CD/DVD.

This is logic built into the mount program itself; it checks the real ID of the caller.

Related Solutions

Unable to mount raid on the NAS, trying to rescue the data, how should I proceed

This is an attempt to summarize from the chat troubleshooting session.

The setup turns out to be physical disk -> mdraid raid1 -> LVM. So there are several layers to work through. The old setup was (due to unfortunate prior recovery efforts) not available.

However, the NAS gui had been used to create another volume on a different disk, and thankfully the GUI created the new volume exactly the same way. So it was possible to discover the setup from the new disk:

mdadm -E new-disk provided the offset to the start of the data, under the mdraid layer (2048 sectors).
dmsetup table provided the start block of the logical volume (relative to the start of the physical volume) (1152 sectors)
There is a magic number (0x53ef) in the third sector of an ext4 volume. Using dd and xxd, we verified that the magic number is present at that offset on the disk we're trying to recover data from.

Armed with the start sector of the ext4 filesystem, you can use a read-only loop device to recover the data:

# losetup /dev/loop0 -o $((512*(1152+2048))) -r /dev/sda1
# mount -text4 -o ro /dev/loop0 /mnt

And then copy it off.

Centos – Why is the udev mounted device not staying put

Problem #1 was caused by SELinux. Since I don't need it for this system, I simply disabled it.

Problem #2 was caused by a udev setting (specified in systemd script) that makes the udev namespace keep a 'slave' copy of the mount flags. Changing this to 'shared' fixed the problem. See a more detailed answer here: https://unix.stackexchange.com/a/154318/41988

Best Answer

Related Solutions

Unable to mount raid on the NAS, trying to rescue the data, how should I proceed

Centos – Why is the udev mounted device not staying put

Related Question