0

I can mount my drive using sudo mount.cifs ...... I can unmount doing sudo umount /mnt/mountpoint

It was prompting me for a password, so I changed the sudoers file to NOPASSWD:ALL and now it does not prompt me.

I have an application and I want to be able to mount drives by anyone with access to that application when they run it, but if I do sudo -u username mount.cifs.... it then prompts me for the users password trying to do this. This will all be scripted or commands being executed as if from the command line.

What I need it to do is provide anyone that runs the application the ability to at least do the mount command although I would also like it to be able to create directories (mkdir) as well so that I can create mounts from a control file and it could then create the directory and then connect based on the parameters given. I already have the code written to check to see if the mount exists and then create or connect if it is not, but don't know how to get around how the sudo command is working.

I want to avoid writing this so that every time a resource is not available and a mount drops, it does not need to send a message to have someone log in and manually do it.

user999684
  • 165
  • 1
  • 1
  • 8

2 Answers2

1

The mount(8) man page explains what to do.

   Non-superuser mounts
       Normally,  only  the  superuser  can  mount filesystems.  However, when
       fstab contains the user option on a line, anybody can mount the  corre‐
       sponding filesystem.

       Thus, given a line

              /dev/cdrom  /cd  iso9660  ro,user,noauto,unhide

       any  user  can  mount the iso9660 filesystem found on an inserted CDROM
       using the command:

              mount /cd

       Note that mount is very strict about non-root users and all paths spec‐
       ified  on  command line are verified before fstab is parsed or a helper
       program is executed. It's strongly recommended to use  a  valid  mount‐
       point to specify filesystem, otherwise mount may fail. For example it's
       a bad idea to use NFS or CIFS source on command line.

(Bad idea it may be, but it works if you have the mount command syntax correct, and that's quite easy.)

       For more details, see fstab(5).  Only the user that mounted a  filesys‐
       tem  can  unmount  it again.  If any user should be able to unmount it,
       then use users instead of user in the fstab line.  The owner option  is
       similar  to the user option, with the restriction that the user must be
       the owner of the special file.  This may be useful e.g. for /dev/fd  if
       a  login script makes the console user owner of this device.  The group
       option is similar, with the restriction that the user must be a  member
       of the group of the special file.
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
0

I figured out the best way to do this for me.

All the users will be a member of the group jbase. You can provide group sudo information in the sudoers file.

I added the line:

%jbase ALL=(ALL) NOPASSWD: /usr/bin/mount, /usr/bin/umount, /usr/sbin/mount.cifs, /usr/bin/mkdir

I can now do sudo mount.cifs ....... and no password prompting for anyone in the group jbase.

user999684
  • 165
  • 1
  • 1
  • 8
  • Beware, this will let those users mount anything at all, and make any directory anywhere, not just within the mount points, so this may be a serious security issue. Consider using the mount option `group` instead, as specified in my answer. – Michael Hampton Mar 03 '21 at 22:41