mount.cifs won't mount shares; set uid bit not set

I too have run into this issue. 9.10 this was fine, 10.04 mount.cifs requires the setuid bit before allowing users to do this w/o sudo privileges. This may be a packaging regression?

the fix

 sudo chmod +s `which mount.cifs`
 sudo chmod +s `which umount.cifs`

Yeah got this issue too. Was mount.cifs suid in 9.10?

There's also a 'Mount FUSE filesystems' permission that can be set for users through the GUI now. It made no difference though...

Same here, setuid fixed it, thx.

Since I still have Ubuntu 9.10 on another partition I looked up the permissions and found out that mount.cifs und umount.cifs have no setuid bit set there and they are working without it (on Ubuntu 9.10).

Noticed this change this morning.

$ mount.smbfs -V
mount.cifs version: 1.12-3.4.7
$ smbclient -V
Version 3.4.7

Could it be related to this:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571323

Though, it seems to indicate that setting a sticky bit just won't work. However, I set the sticky bit on my file and was able to mount as user.

For me on the Lenovo T410s with the desktop edition setuid fixed it. However on the Asus EeePC 901 with the Netbook Edition is was not necessary to set.

Just to mention.

Debian&Samba people say that's insecure to add setuid bit on these binaries, and so this "fix" is discouraged.
Probably this could be resolved through some other security mechanism, like PolicyKit or pmount ?

I think Dietmar's comment #5 is pretty interesting: the binaries in 9.10 did *NOT* have the suid-bit set, but it definitely worked for me back then (and for others too, as they reported). So there must have been a way to make this work. Have there been any of the mechanisms mentioned by Wladimir involved in 9.10?

Setting the setuid bit on mount.cifs is discouraged upstream and opens interesting security vulnerabilities:

smbfs (2:3.4.5~dfsg-2) unstable; urgency=low
  * As of this version, the mount.cifs binary is no longer setuid.
    Upstream has always been increasingly unsupportive of this
    configuration over time. For instance, in bugs like
    https://bugzilla.samba.org/show_bug.cgi?id=6853, it is clearly
    mentioned that having it setuid root is discouraged.
 -- Christian Perrier <email address hidden> Sat, 06 Feb 2010 15:09:00 +0100

Ubuntu will not deviate from upstream or Debian in that respect, so this "bug" won't be fixed. Rather than restoring the missing +s, I suggest you use "sudo" when running mount.cifs. If you need finer-grained control, you can use /etc/sudoers to define a specific group that could run that specific command without having access to the whole thing.

Thierry, what about /bin/mount?

   $ which mount | xargs ls -l
   -rwsr-xr-x 1 root root 72188 2010-03-22 18:51 /bin/mount

it has the "setuid bit" set. Should "mount" and "mount.cifs" be treated equally?

Previously, people could use "mount" without wondering if it was "sudo mount.cifs" or just "mount" or whatever.

    I disagree with Dietmar's comment #5, which says that 9.10 didn't have the setuid bit.

Here is my Ubuntu 9.10:

root@cst6:~# ls -la /bin/mount /sbin/mount.cifs
-rwsr-xr-x 1 root root 78096 2009-10-22 21:28 /bin/mount
-rwsr-xr-x 1 root root 36296 2010-03-22 15:27 /sbin/mount.cifs

Here is my Ubuntu 10.4:

root@cst5:/etc/samba# ls -la /bin/mount /sbin/mount.cifs
-rwsr-xr-x 1 root root 82256 2010-03-22 10:57 /bin/mount
-rwxr-xr-x 1 root root 35648 2010-04-09 10:38 /sbin/mount.cifs

    As an aside, I see that /sbin/mount.nfs are still set to be setuid (in Ubuntu 10.4):

root@cst5:/etc/samba# ls -la /sbin/mount.nfs
-rwsr-xr-x 1 root root 94544 2010-03-23 23:18 /sbin/mount.nfs

 setuid bit is set to /bin/mount and /sbin/mount.cifs:
sudo ls -la /bin/mount /sbin/mount.cifs
-rwsr-sr-x 1 root root 72188 2010-03-22 18:51 /bin/mount
-rwsr-sr-x 1 root root 30424 2010-04-09 17:29 /sbin/mount.cifs

but I got:
mount -t cifs //server/datenauf$ /mnt -o user,rw,user=bbr,dom=ivu-ag
mount: Nur „root“ kann dies tun

(that means: only root can do). The user I try to mount this share is the owner of /mnt. So for me the workaround is not working and for both files the setuid was already set!

Does this mean other mount.X utils will be similarly affected?

Does the fstab man page now need to be updated to say that the 'user' flag does not apply to cifs and possibly others?

So, I set up sudoers and works great. But we have another problem thou. I have put everything in the fstab. In Gnome if you go to Places you see the mount point, but if you decide to go there it says Unable to mount test2 (which is my mount point for the cifs). If I manually mount it, obviously you canno umount it.

So, how can you fix Places, to be able to mount/umount it (again it is in my fstab) with no problems?