Re: NFS mount by non-root
On 29/04/07, Douglas Maus [EMAIL PROTECTED] wrote: Is it possible for users (non-root) to mount NFS exports? Well, on Linux, and depending on the amount of regular users who should be able to mount their private shares, you could add a line to your fstab (I think this is the 'users' or 'user' option, depending on your needs [1]). But that's a dirty solution, for home or small networks. By the way, is anyone aware of the reason why this option is not present in OpenBSD's mount [2] (technical, security) ? Thanks. [1] http://www.die.net/doc/linux/man/man8/mount.8.html [2] http://www.openbsd.org/cgi-bin/man.cgi?query=mountapropos=0sektion=8manpath=OpenBSD+Currentarch=i386format=html -- Benoit Myard
Re: NFS mount by non-root
Benoit Myard wrote: By the way, is anyone aware of the reason why this option is not present in OpenBSD's mount [2] (technical, security) ? man sysctl, man mount. Look for usermount. No idea if that works for NFS though. --- Lars Hansson
Re: NFS mount by non-root
On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? I seem to be able to mount_nfs using sudo, but not as a regular user. I actually want to allow regular users to mount the NFS share from another machine/OS (MacOSX), but since I couldn't get a regular user to do the mount just on the local machine, I thought I'd start with this problem first. Any help would be appreciated. Maybe I am being dumb, but wouldn't the obvious thing be to configure 'sudo' for each user so that they can mount 'their' share (only)? This would probably be quite onerous if you had a lot of users, mind you. Tor
Re: NFS mount by non-root
On Thu, Apr 26, 2007 at 12:54:18PM +0200, Tor Houghton wrote: On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? I seem to be able to mount_nfs using sudo, but not as a regular user. I actually want to allow regular users to mount the NFS share from another machine/OS (MacOSX), but since I couldn't get a regular user to do the mount just on the local machine, I thought I'd start with this problem first. Any help would be appreciated. Maybe I am being dumb, but wouldn't the obvious thing be to configure 'sudo' for each user so that they can mount 'their' share (only)? This would probably be quite onerous if you had a lot of users, mind you. I think 'best scripted' is the UNIX way of spelling 'quite onerous', no? Joachim -- TFMotD: gem (4) - GEM 10/100/Gigabit Ethernet device
Re: NFS mount by non-root
On Apr 25, 2007, at 8:33 PM, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? I seem to be able to mount_nfs using sudo, but not as a regular user. I actually want to allow regular users to mount the NFS share from another machine/OS (MacOSX), but since I couldn't get a regular user to do the mount just on the local machine, I thought I'd start with this problem first. i've always approached this class of problem with amd: http://www.openbsd.org/cgi-bin/man.cgi? query=amdapropos=0sektion=0manpath=OpenBSD +Currentarch=i386format=html the daemon runs with sufficient privs to mount the fs, and all the user has to do is reference the fs. Ben
Re: NFS mount by non-root
On Thu, 26 Apr 2007, Tor Houghton wrote: On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? I seem to be able to mount_nfs using sudo, but not as a regular user. I actually want to allow regular users to mount the NFS share from another machine/OS (MacOSX), but since I couldn't get a regular user to do the mount just on the local machine, I thought I'd start with this problem first. Any help would be appreciated. Maybe I am being dumb, but wouldn't the obvious thing be to configure 'sudo' for each user so that they can mount 'their' share (only)? Actually, that's probably the simplest solution; config a user group with access, then grant sudo access to that group for the mount. Lee
Re: NFS mount by non-root
In article [EMAIL PROTECTED], Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? Mount, likely not, unless you do sudo. Have a look at nfsshell... -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: NFS mount by non-root
On 4/25/07, Douglas Maus [EMAIL PROTECTED] wrote: $ mount_nfs 10.0.1.201:/home/usera/dir2share /home/usera/private/mnt fails with mount_nfs: bad MNT RPC: RPC: Authentication error; why = Client credential too weak mountd wants the request to come on a reserved port.
Re: NFS mount by non-root
On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? Mike Erdely responded: From mount_nfs(8): HISTORY The -P flag historically informed the kernel to use a reserved port when communicating with clients. In OpenBSD, a reserved port is always used. This means to me that you will always have to be root to use mount_nfs. Unless I'm missing something. Alright, I'm confused - if you cannot use a reserved port unless you are root, thus you have to be root to use mount_nfs, then why is there a mountd option -P to tell the kernel to use a reserved port? Unless even root needs to tell the kernel not to use a default unreserved port, but rather use a reserved one. Douglas Maus
Re: NFS mount by non-root
On 4/26/07, Douglas Maus [EMAIL PROTECTED] wrote: On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? Mike Erdely responded: From mount_nfs(8): HISTORY The -P flag historically informed the kernel to use a reserved port when communicating with clients. In OpenBSD, a reserved port is always used. This means to me that you will always have to be root to use mount_nfs. Unless I'm missing something. Alright, I'm confused - if you cannot use a reserved port unless you are root, thus you have to be root to use mount_nfs, then why is there a mountd option -P to tell the kernel to use a reserved port? Unless even root needs to tell the kernel not to use a default unreserved port, but rather use a reserved one. Well, read what you quoted: The -P flag historically [...] It's there for compatibility.
NFS mount by non-root
Is it possible for users (non-root) to mount NFS exports? I seem to be able to mount_nfs using sudo, but not as a regular user. I actually want to allow regular users to mount the NFS share from another machine/OS (MacOSX), but since I couldn't get a regular user to do the mount just on the local machine, I thought I'd start with this problem first. With these settings on OpenBSD 4.0, (generic+autoraid) /etc/rc.conf.local lockd=YES portmap=YES nfs_server=YES /etc/exports /home -alldirs -ro -network=10.0.1 -mask=255.255.255.0 /etc/sysctl.conf kern.usermount=1 For example logged is as usera, on machine 10.0.1.201 (the server) uid=1000(usera) gid=1000(usera) groups=1000(usera), 0(wheel), 10(users), 20(staff) $ mount_nfs 10.0.1.201:/home/usera/dir2share /home/usera/private/mnt fails with mount_nfs: bad MNT RPC: RPC: Authentication error; why = Client credential too weak but $ sudo mount_nfs 10.0.1.201:/home/usera/dir2share /home/usera/private/mnt works fine Any help would be appreciated. More details: I've tried to adhere to: man mount A mount point node must be an existing directory for a mount to succeed (except in the special case of /, of course). Only the superuser may mount file systems unless kern.usermount is nonzero (see sysctl(8)), the special device is readable and writeable by the user attempting the mount, and the mount point node is owned by the user attempting the mount. by setting: drwxr-xr-x root wheel /home drwxr-xr-x usera usera /home/usera drwxr-xr-x usera usera /home/usera/dir2share drwxr-xr-x usera usera /home/usera/private drwxr-xr-x usera usera /home/usera/private/mnt Thanks
Re: NFS mount by non-root
On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: Is it possible for users (non-root) to mount NFS exports? From mount_nfs(8): HISTORY The -P flag historically informed the kernel to use a reserved port when communicating with clients. In OpenBSD, a reserved port is always used. This means to me that you will always have to be root to use mount_nfs. Unless I'm missing something. -ME