moosefs-users

[Moosefs-users] Question about mounting suid,dev

[Ricardo J. B. <ric...@da...>]

Hello, list.

I need to mount a filesystem with suid enabled and found I can't do it from
fstab: mo matter what options I set there, the mount always uses nosuid,nodev
which are fuse's default.

This is in my /etc/fstab:

mfsmount  /opt  fuse  defaults,noatime,suid,nodev,_netdev,mfsmaster=master,mfssubfolder=/  0 0

And this is in /proc/mounts:

mfs#master:9421 /opt fuse rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0

However, if I mount it with:

mfsmount -o noatime,suid,nodev /opt -H master -S /

I got this in /proc/mounts:

mfs#master:9421 /opt fuse rw,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0

I have tried putting "suid" in /etc/mfs/mfsmount.cfg on the client but it
makes no difference when using fstab.

All this is with CentOS 5.8 64 bits servers and a CentOS 5.8 32 bits client
but it also happens in a CentOS 5.8 64 bits client, all of them running
mfs-1.6.24 installed from RepoForge RPMs and fuse 2.7.4 from standard CentOS
repositories.


According to fuse's README:

"Filesystems are mounted with '-onodev,nosuid' by default, which can only be
overridden by a privileged user."

But I'm mounting MFS as root from command line.

Is this a bug in MFS? fuse? me?

Thank you,
-- 
Ricardo J. Barberis
Senior SysAdmin / ITI
Dattatec.com :: Soluciones de Web Hosting
Tu Hosting hecho Simple!

------------------------------------------

Re: [Moosefs-users] Question about mounting suid,dev

[Michał B. <mic...@co...>]

Hi Ricardo!

As we can see the problem lies between fuse (mount.fuse) and plain mount
command:

# strace -f -s512 -e trace=execve mount -t fuse mfsmount /mnt/mfs -o #
mfsmaster=mfsmaster,ro,suid,nodev,[...]
execve("/bin/mount", ["mount", "-t", "fuse", "mfsmount", "/mnt/mfs", "-o",
"mfsmaster=mfsmaster,ro,suid,nodev,[...]"], [/* 12 vars */]) = 0 [pid  2218]
execve("/sbin/mount.fuse", ["/sbin/mount.fuse", "mfsmount", "/mnt/mfs",
"-o", "ro,nodev,mfsmaster=mfsmaster,[...]"], [/* 8 vars */]) = 0 [pid  2218]
execve("/bin/sh", ["/bin/sh", "-c", "'mfsmount' '/mnt/mfs' '-o'
'ro,nodev,mfsmaster=mfsmaster,[...]'"], [/* 9 vars */]) = 0 [pid  2218]
execve("/usr/bin/mfsmount", ["mfsmount", "/mnt/mfs", "-o",
"ro,nodev,mfsmaster=mfsmaster,[...]"], [/* 8 vars */]) = 0


As you can see mount strips "suid" option from flag before calling
mount.fuse (assuming that it's the default).
But it's not the default for mount.fuse.

I think it should be reported both to fuse and util-linux projects (the
latter maintains the mount utility) and let them cooperate.
Probably the best solution would be to always pass user-specified "suid" and
"dev" flags to mount.XXX (on mount side).


Kind regards
Michal


-----Original Message-----
From: Ricardo J. Barberis [mailto:ric...@da...] 
Sent: Friday, April 13, 2012 10:36 PM
To: moo...@li...
Subject: [Moosefs-users] Question about mounting suid,dev

Hello, list.

I need to mount a filesystem with suid enabled and found I can't do it from
fstab: mo matter what options I set there, the mount always uses
nosuid,nodev which are fuse's default.

This is in my /etc/fstab:

mfsmount  /opt  fuse
defaults,noatime,suid,nodev,_netdev,mfsmaster=master,mfssubfolder=/  0 0

And this is in /proc/mounts:

mfs#master:9421 /opt fuse
rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other
0 0

However, if I mount it with:

mfsmount -o noatime,suid,nodev /opt -H master -S /

I got this in /proc/mounts:

mfs#master:9421 /opt fuse
rw,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0

I have tried putting "suid" in /etc/mfs/mfsmount.cfg on the client but it
makes no difference when using fstab.

All this is with CentOS 5.8 64 bits servers and a CentOS 5.8 32 bits client
but it also happens in a CentOS 5.8 64 bits client, all of them running
mfs-1.6.24 installed from RepoForge RPMs and fuse 2.7.4 from standard CentOS
repositories.


According to fuse's README:

"Filesystems are mounted with '-onodev,nosuid' by default, which can only be
overridden by a privileged user."

But I'm mounting MFS as root from command line.

Is this a bug in MFS? fuse? me?

Thank you,
--
Ricardo J. Barberis
Senior SysAdmin / ITI
Dattatec.com :: Soluciones de Web Hosting Tu Hosting hecho Simple!

------------------------------------------

----------------------------------------------------------------------------
--
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
moosefs-users mailing list
moo...@li...
https://lists.sourceforge.net/lists/listinfo/moosefs-users

Re: [Moosefs-users] Question about mounting suid,dev

[Ricardo J. B. <ric...@da...>]

El Jueves 19/04/2012, Michał Borychowski escribió:
> Hi Ricardo!
>
> As we can see the problem lies between fuse (mount.fuse) and plain mount
> command:
>
> # strace -f -s512 -e trace=execve mount -t fuse mfsmount /mnt/mfs -o #
> mfsmaster=mfsmaster,ro,suid,nodev,[...]
> execve("/bin/mount", ["mount", "-t", "fuse", "mfsmount", "/mnt/mfs", "-o",
> "mfsmaster=mfsmaster,ro,suid,nodev,[...]"], [/* 12 vars */]) = 0 [pid 
> 2218] execve("/sbin/mount.fuse", ["/sbin/mount.fuse", "mfsmount",
> "/mnt/mfs", "-o", "ro,nodev,mfsmaster=mfsmaster,[...]"], [/* 8 vars */]) =
> 0 [pid  2218] execve("/bin/sh", ["/bin/sh", "-c", "'mfsmount' '/mnt/mfs'
> '-o'
> 'ro,nodev,mfsmaster=mfsmaster,[...]'"], [/* 9 vars */]) = 0 [pid  2218]
> execve("/usr/bin/mfsmount", ["mfsmount", "/mnt/mfs", "-o",
> "ro,nodev,mfsmaster=mfsmaster,[...]"], [/* 8 vars */]) = 0

Nice stracing, I'll save it for future use :)

> As you can see mount strips "suid" option from flag before calling
> mount.fuse (assuming that it's the default).
> But it's not the default for mount.fuse.
>
> I think it should be reported both to fuse and util-linux projects (the
> latter maintains the mount utility) and let them cooperate.

OK, I'll see if I can do it.

> Probably the best solution would be to always pass user-specified "suid"
> and "dev" flags to mount.XXX (on mount side).

Agreed, that seems to be the behaviour for other mount options also, e.g. I 
was experimenting with barrier=1/barrier=0, barrier=1 is the defaul for ext4 
but it seems it also gets passed by mount to mount.ext4.

> Kind regards
> Michal

Thank you!

> -----Original Message-----
> From: Ricardo J. Barberis [mailto:ric...@da...]
> Sent: Friday, April 13, 2012 10:36 PM
> To: moo...@li...
> Subject: [Moosefs-users] Question about mounting suid,dev
>
> Hello, list.
>
> I need to mount a filesystem with suid enabled and found I can't do it from
> fstab: mo matter what options I set there, the mount always uses
> nosuid,nodev which are fuse's default.
>
> This is in my /etc/fstab:
>
> mfsmount  /opt  fuse
> defaults,noatime,suid,nodev,_netdev,mfsmaster=master,mfssubfolder=/  0 0
>
> And this is in /proc/mounts:
>
> mfs#master:9421 /opt fuse
> rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_othe
>r 0 0
>
> However, if I mount it with:
>
> mfsmount -o noatime,suid,nodev /opt -H master -S /
>
> I got this in /proc/mounts:
>
> mfs#master:9421 /opt fuse
> rw,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0
>
> I have tried putting "suid" in /etc/mfs/mfsmount.cfg on the client but it
> makes no difference when using fstab.
>
> All this is with CentOS 5.8 64 bits servers and a CentOS 5.8 32 bits client
> but it also happens in a CentOS 5.8 64 bits client, all of them running
> mfs-1.6.24 installed from RepoForge RPMs and fuse 2.7.4 from standard
> CentOS repositories.
>
>
> According to fuse's README:
>
> "Filesystems are mounted with '-onodev,nosuid' by default, which can only
> be overridden by a privileged user."
>
> But I'm mounting MFS as root from command line.
>
> Is this a bug in MFS? fuse? me?
>
> Thank you,
-- 
Ricardo J. Barberis
Senior SysAdmin / ITI
Dattatec.com :: Soluciones de Web Hosting
Tu Hosting hecho Simple!

------------------------------------------