#86 mkmountpoint fails to chown and no volume is mounted

pam_mount
closed-fixed
pam_mount (94)
5
2010-12-22
2010-10-14
Miles Strombach
No

pam_mount fails to mount a volume when:

mkmountpoint is enabled
The mountpoint does not exist

The mountpoint is created, but not successfully chowned and so the volume is not actually mounted. chown seems to half-succeed; the user seems to be changed but not the group. I can change the group ownership by hand and subsequent mounts-on-login succeed.

Discussion

  • auth.log excerpt from failed mount

     
    Attachments
  • Italo Valcy
    Italo Valcy
    2010-12-18

    Hi,

    I could only reproduce this issue when using pam-mount through SSH (and through SSH we already have other problems). I'll try to take a look.

    Kind Regards, Italo.

     
  • Italo Valcy
    Italo Valcy
    2010-12-18

    Hi,

    Bellow is a patch that I think could fix this issue. When mkmountpoint fail to create the directory as the own user, it tries to create again, but now as root. The problem is that the folder can exists now, so mkdir() could return an error. The patch only removes that folder (mountpoint) if it already exists (which indicates that it was created in call made before and it was not successfull).

    http://homes.dcc.ufba.br/~italo/z/0002-fix-issue-with-mkmountpoint.patch

    I hope this can help! :)

    Kind Regards, Italo.

     
  • Jan Engelhardt
    Jan Engelhardt
    2010-12-18

    >The problem is that the folder can exists now,

    Yes it could, but which program would have caused its creation?

     
  • Italo Valcy
    Italo Valcy
    2010-12-20

    > Yes it could, but which program would have caused its creation?

    The previus execution of mkmountpoint(). mkmountpoint() failed because the user does not have permission to use chown command.

     
  • Jan Engelhardt
    Jan Engelhardt
    2010-12-21

    I replaced the mkmountpoint function cruft with a new one in git that should hopefully let things go a lot smoother.
    Italo, please test if you like.

     
  • Jan Engelhardt
    Jan Engelhardt
    2010-12-21

    • status: open --> pending-fixed
     
  • Italo Valcy
    Italo Valcy
    2010-12-22

    Jan, great work! It worked almost perfectly. The only problem I could see was about the group membership of the created mountpoint: it was the 'root' group. I think the following patch fix this little issue:

    -----8<-------
    diff --git a/src/mount.c b/src/mount.c
    index a41f5d0..84ae7a3 100644
    --- a/src/mount.c
    +++ b/src/mount.c
    @@ -263,7 +263,10 @@ static bool mkmountpoint(struct vol *volume, const char *d)
    *
    * Workaround for CIFS on root_squashed NFS: +S_IXUGO
    */
    - if (seteuid(pe->pw_uid) < 0) {
    + if (setegid(pe->pw_gid) < 0) {
    + l0g("setegid %ld failed\n",
    + static_cast(long, pe->pw_gid));
    + } else if (seteuid(pe->pw_uid) < 0) {
    l0g("seteuid %ld failed\n",
    static_cast(long, pe->pw_uid));
    } else if (mkdir(dtmp, S_IRWXU | S_IXUGO) == 0) {
    ----------------

     
  • Jan Engelhardt
    Jan Engelhardt
    2010-12-22

    • status: pending-fixed --> closed-fixed