Thursday, July 31, 2014

linux - CentOS - users not eligible to mount ntfs



I tried to follow some descriptions on Wikipedia regarding the structure of /etc/fstab. I would like specific users to be able to mount windows partitions. I begun with all users eligible to mount and added the user option. My fstab for particular partition looks like this:



/dev/sdb1   /mnt/data   ntfs-3g
noauto,user,uid=1000,gid=1000,dmask=003,fmask=007,noexec 0 0



I expected non-root users would mount this partitions but when I try to do so, I still get the error:




Error opening '/dev/sdb1': Permission denied
Failed to mount '/dev/sdb1': Permission denied
Please check '/dev/sdb1' and the ntfs-3g binary permissions, and the mounting user ID. More explanation is provided at http://tuxera.com/community/ntfs-3g-faq/#unprivileged




I can't figure out what it is.


Answer



One answer appears to be in the faq you linked to, apparently ntfs-3g needs setuid to do as you ask:





chown root $(which ntfs-3g)
chmod 4755 $(which ntfs-3g)


Please note that using setuid-root can result unforeseen privilege escalation and its usage is discouraged. Only the absolutely trusted users must be granted such access. Below is an example how this can be done for users in the ntfsuser group to be able to mount any NTFS volume if they have also the needed volume access rights.



addgroup ntfsuser
chown root:ntfsuser $(which ntfs-3g)

chmod 4750 $(which ntfs-3g)
usermod -aG ntfsuser allowed-user


The setuid-root ntfs-3g driver applies the principle of least privilege during its lifetime as a safety measure.



No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...