35

I was under the impression that any sort of call to mount requires root privileges.

But recently I was told "You should instead create appropriate entries in /etc/fstab so that the filesystems can be mounted by unprivileged users"... which is counter to my experience using mount.

Anytime I have used mount I have needed to sudo it. (I have only used mount for mounting network drives. Specifically cifs type network drives.)

Does mount always require root privileges? If not:

  • What kind of mount does and what kind of mount doesn't require sudo IN GENERAL?
  • In my specific case I am doing mount -t cifs, how does one go about making this mount not require require sudo?
Michael Mrozek
  • 93,103
  • 40
  • 240
  • 233
Trevor Boyd Smith
  • 3,941

3 Answers3

24

Mounting a filesystem does not require superuser privileges under certain conditions, the most common being that the entry for the filesystem in /etc/fstab contains a flag that permits unprivileged users to mount it, typically user. To allow unprivileged users to mount a CIFS share (but not automount it), you would add something like the following to /etc/fstab:

//server/share /mount/point cifs noauto,user 0 0

For more information on /etc/fstab and its syntax, Wikipedia has a good article here, and man 8 mount has a good section on mounting as an unprivileged user under the heading "[t]he non-superuser mounts".

Chris Down
  • 125,559
  • 25
  • 270
  • 266
  • how do you get a cifs network share to automount? (and what is automount?) – Trevor Boyd Smith Sep 16 '11 at 01:50
  • 5
    You just remove noauto (or specify it explicitly with auto). Automounting means that the share will be mounted with mount -a, and usually will also be mounted on system startup. – Chris Down Sep 16 '11 at 01:52
  • how do you see what options are available for a specific filesystem like CIFS for example, how would you get the documentation for CIFS? – Trevor Boyd Smith Sep 16 '11 at 01:53
  • There are some common options listed here, you can see the options available to CIFS by reading the manual (man 8 mount.cifs), or read it online here. For other filesystems, they are usually either in the manual page for the specific mount invocation for that filesystem type, or, if included in the kernel, are often in the kernel documentation. – Chris Down Sep 16 '11 at 01:57
  • This is exactly why you can plug in a USB drive and read it contents without being root. – Bernhard Heijstek Sep 16 '11 at 02:58
  • Shouldn't the third field be cifs and the fourth noauto,user? – enzotib Sep 16 '11 at 07:24
  • @enzotib - er, yes, that's just my failed late night typing. – Chris Down Sep 16 '11 at 09:48
  • 1
    @Bernhard - Actually, in most distributions providing automounting for external drives (even those not in /etc/fstab), it's handled by udisks or similar. – Chris Down Sep 16 '11 at 09:52
  • 1
    what determines the owner of files after mounting? – Trevor Boyd Smith Sep 17 '11 at 21:56
  • The file creator is usually the owner, unless Samba is configured not to do so. – Chris Down Sep 17 '11 at 22:20
  • Two gotchas to avoid: (1) Do not put a trailing \ on your paths. (2) if the share requires a domain, be sure to specify it.

    Failing to do either will likely result in unhelpful "permissions" error messages. Even more confusing, trailing \s seem to allow mounting with sudo but fail without - completely baffling.

     – Chris Keefe Jan 13 '21 at 02:49
14

The mount(8) man page has a section dedicated to this; in short, it comes down to adding the user or users option for that mount in /etc/fstab:

The non-superuser mounts.

Normally, only the superuser can mount filesystems. However, when fstab contains the user option on a line, anybody can mount the corresponding system.

Thus, given a line

 /dev/cdrom  /cd  iso9660  ro,user,noauto,unhide

any user can mount the iso9660 filesystem found on his CDROM using the command

 mount /dev/cdrom

or

 mount /cd

For more details, see fstab(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount, then use users instead of user in the fstab line. The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.

Community
  • 1
Michael Mrozek
  • 93,103
  • 40
  • 240
  • 233
2

re: cifs mounts

Make sure you are entering the gid and uid with numeric values. I've had on issues with specifying these as their name values. This is despite the mount.cifs helper version being 5.1 (mount.cifs -V)

see

uid=arg
       sets the uid that will own all files or directories on the
       mounted filesystem when the server does not provide
       ownership information. It may be specified as either
       a username or a numeric uid. When not specified, the default
       is uid 0. The mount.cifs helper must be at version 1.10
       or higher to support specifying the uid in non-numeric form.
       See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS 
       below for more information.

//mynas/nasmedia /media/nasmedia cifs noauto,users,_netdev,credentials=/etc/.smbcredentials,iocharset=utf8,uid=1000,gid=1002,file_mode=0774,dir_mode=0775 0 0

worked well for non-root mounting, and allocating the correct uid and gid on the mountpoint.

Community
  • 1
Amos Folarin
  • 230