On Thu, May 30, 2013 at 11:30:33AM CEST, Ralf Mardorf <ralf.mard...@alice-dsl.net> said: > On Thu, 2013-05-30 at 10:59 +0200, Erwan David wrote: > > On Thu, May 30, 2013 at 10:50:37AM CEST, Ralf Mardorf > > <ralf.mard...@alice-dsl.net> said: > > > On Thu, 2013-05-30 at 09:05 +0200, Erwan David wrote: > > > > Hi have following line in my /etc/fstab > > > > //server/dir /mnt/dir cifs > > > > defaults,user,noauto,sec=krb5 0 0 > > > > > > > > mounting works flawlessly, unsing the ticket obtained through pam_krb5 > > > > at login. > > > > > > > > However > > > > > > > > umount /mnt/it leads to : > > > > > > > > umount: only root can unmount //server/dir from /mnt/dir > > > > > > > > There is no point to allowing user to mount but forbiding them yo > > > > umount the directory they mounted. > > > > > > > > DO someone have an idea on this problem, or should I report a bug > > > > against umount ? > > > > > > You can use tools to mount and unmount as user, e.g. gvfs, something > > > that I've got removed from my Linux. What's edited in fstab isn't > > > mounted by the user. A regular mount and umount can only be done by > > > root. > > > > That's what the user option in fstab is for. The fact here is to allow > > cifs authentication using kerberos credentials, thus the mount must be > > done by the user. > > > > And it works well, except for unmounting... > > I don't know this tool, but note, this tool seems to mount on a very low > system level, while gvfs is a tool used with GUI file browsers. > > You shouldn't be allowed to simply unmount something on a low system > level, when you're running a multi-user OS. > > I don't know what kind of security rules gvfs and what kind of rules > this thingy here does use, but I suspect it's not that easy just to > check, if a mounted dir is in use. Once it's mounted and a user has > permission, e.g. by a group, to mount and use mounted dirs, then it > could be, that a user planed to start a script in some minutes, that > does need the mounted dir, so it wouldn't be ok, if another user is > allowed to unmount this dir.
That's a standard Unix tool, and I think it is a posix behaviour. The settings must be in fstab with the specific "user" option. I do not use gvs (nor any g*) because of dependdencies and I do not trust it. As a grpahical tool I use smb4k, but it seems unable to do kerberos authentication nor automatically mount a mount point at start of session -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130530095006.gb4...@rail.eu.org
