Allow regular user to use mount without SUDO or FSTAB

Question

Our desktop workstations are linux.

Each user uses Active Directory to authenticate. Mount does not automatically use the users PAM credentials to authenticate against a remote mount point - you must use either a credentials file or type in your username/domain/password on the command line.

Each user has encrypted home directories and they mount their remote mount points to a directory structure under their home directory.

Each user has different access rights on the domain and they want to keep their credentials file in their local plasma-vault.

Unfortunately, even when the plasma-vault is open, the moment they use sudo to run mount, the sudo process runs as root, who can not see the contents of the vault.

So, I need to have the users be able to run mount, under their own home directory, without the need for /etc/fstab via sudo.

How do I do this?

have you investigated `fuse` it creates sshfs mounts without using root, perhap it can also do CIFS mounts? — Jasen, Jul 21 '18 at 05:52

score 3 · Answer 1 · answered Jul 20 '18 at 20:51

3

sudo is not only used for elevating a user to full root access.

Edit the /etc/sudoers file to allow your uses to use mount and umount. Use the sudo visudo to ensure the file permissions are kept the same.

The edit would include a line such as this:

username ALL=(ALL) NOPASSWD: /usr/bin/mount, /usr/bin/umount

For more options, see the sudoers manual.

answered Jul 20 '18 at 20:51

Michael McMahon

70
3

5

And now your users have unfetterd root access to the system. Wonderful. This adds nothing over just giving users full `sudo`. – Boris the Spider Jun 04 '19 at 10:36
doesn't seem to work on centos 7, `mount: only root can use "--options" option` – MetaStack Feb 03 '21 at 16:39
Could the safety of this be improved by allowing users to mount only under a specific mount point, e.g., `/mnt/unsafe-user-mounts`? – Roger Dahl Sep 17 '21 at 18:07

Allow regular user to use mount without SUDO or FSTAB

1 Answers1