sudo , nfs mount

Hi,
In my RHEL 4 system, I want to give a normal user permission
so that he/she can mount a nfs partition in one of his directories
inside his home directory.

I tried with SUDO like this:

visudo:

user1 ALL=/bin/mount /user1/home/mnt ,/bin/umount /user1/home/mnt
I checked /sbin/mount and found it "-rwsr-sr-x".

But when the user1 logs in and try to execute
sudo mount -t nfs xx.xx.xx.xx:/mnt/inst mnt

he gets "
Sorry, user user1 is not allowed to execute '/bin/mount -t nfs
xx.xx.xx.xx:/mnt/inst mnt/' as root on VmWare.localdomain."

where m I wrong in setting this up ? please guide. thanks


regards
BB

BB wrote:
> Hi,
> In my RHEL 4 system, I want to give a normal user permission
> so that he/she can mount a nfs partition in one of his directories
> inside his home directory.
>
> I tried with SUDO like this:
>
> visudo:
>
> user1 ALL=/bin/mount /user1/home/mnt ,/bin/umount /user1/home/mnt
> I checked /sbin/mount and found it "-rwsr-sr-x".
>
> But when the user1 logs in and try to execute
> sudo mount -t nfs xx.xx.xx.xx:/mnt/inst mnt
>
> he gets "
> Sorry, user user1 is not allowed to execute '/bin/mount -t nfs
> xx.xx.xx.xx:/mnt/inst mnt/' as root on VmWare.localdomain."
>
> where m I wrong in setting this up ? please guide. thanks
>
>
> regards
> BB

You don't want to give your user permission to run mount (otherwise
s?he'll be able to mount anything). Do the mounting for user1 as system
administrator and add the mount to /etc/mtab if you always want them to
have their mount.

Robert

Robert Harris wrote:

> BB wrote:
>> Hi,
>> In my RHEL 4 system, I want to give a normal user permission
>> so that he/she can mount a nfs partition in one of his directories
>> inside his home directory.
>>
>> I tried with SUDO like this:
>>
>> visudo:
>>
>> user1 ALL=/bin/mount /user1/home/mnt ,/bin/umount /user1/home/mnt
>> I checked /sbin/mount and found it "-rwsr-sr-x".
>>
>> But when the user1 logs in and try to execute
>> sudo mount -t nfs xx.xx.xx.xx:/mnt/inst mnt
>>
>> he gets "
>> Sorry, user user1 is not allowed to execute '/bin/mount -t nfs
>> xx.xx.xx.xx:/mnt/inst mnt/' as root on VmWare.localdomain."
>>
>> where m I wrong in setting this up ? please guide. thanks
>>
>>
>> regards
>> BB
>
> You don't want to give your user permission to run mount (otherwise
> s?he'll be able to mount anything). Do the mounting for user1 as system
> administrator and add the mount to /etc/mtab if you always want them to
> have their mount.
>
> Robert

I have this entry in my fstab which allows them to mount this specific mount
by hand:

192.168.0.5:/export/mp3 /mnt/mp3 nfs
noauto,noatime,rw,user 0 0

(it wrapped due to length)

Robert Harris <(E-Mail Removed)> wrote:
> You don't want to give your user permission to run mount (otherwise
> s?he'll be able to mount anything).

The OP appears to have thought about that and has attempted to restrict
the mount to specific parameters.

Unfortunately I can't see what's wrong with the original configuration.

Chris

On 2006-02-08, BB <(E-Mail Removed)> wrote:
>
> I tried with SUDO like this:
>
> visudo:
>
> user1 ALL=/bin/mount /user1/home/mnt ,/bin/umount /user1/home/mnt
> I checked /sbin/mount and found it "-rwsr-sr-x".
>
> But when the user1 logs in and try to execute
> sudo mount -t nfs xx.xx.xx.xx:/mnt/inst mnt
>
> he gets "
> Sorry, user user1 is not allowed to execute '/bin/mount -t nfs
> xx.xx.xx.xx:/mnt/inst mnt/' as root on VmWare.localdomain."

This is the same exact problem you had with your mount set up as a user
mount in /etc/fstab. The user's command doesn't match your sudoers
entry, so sudo rejects it. Try making the commands match.

--keith

--
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information