Ubuntu
util-linux package

mount option `users` blocks ntfs to mount

Bug #2055226 reported by UlfZibis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
util-linux (Ubuntu)
New
Undecided
Unassigned

Bug Description

/etc/fstab:
# /media/Sicherung was on /dev/sda7 during installation
UUID=2510AA16624BB80C /media/Sicherung ntfs defaults,users,noauto,windows_names,hide_dot_files 0 0

$ gio mount -d /dev/sda7
gio: /dev/sda7: Error mounting system-managed device /dev/sda7: Unknown error when mounting /media/Sicherung

$ udisksctl mount -b /dev/sda7
Error mounting /dev/sda7: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error mounting system-managed device /dev/sda7: Unknown error when mounting /media/Sicherung

$ journalctl -b 0 -u udisks2.service
Feb 27 23:48:51 T500 udisksd[10478]: Error opening read-only '/dev/sda7': Keine Berechtigung
Feb 27 23:48:51 T500 udisksd[10478]: Failed to mount '/dev/sda7': Keine Berechtigung
Feb 27 23:48:51 T500 udisksd[10478]: Please check '/dev/sda7' and the ntfs-3g binary permissions,
Feb 27 23:48:51 T500 udisksd[10478]: and the mounting user ID. More explanation is provided at
Feb 27 23:48:51 T500 udisksd[10478]: https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-FAQ

This worked fine until Ubuntu 20.04, but since 22.04 I have these errors.

Additionally, mount option `users` does not, what it should do:

$ LC_ALL=C mount /media/Sicherung
Error opening read-only '/dev/sda7': Permission denied
Failed to mount '/dev/sda7': Permission denied
Please check '/dev/sda7' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-FAQ

When removing `users` from /etc/fstab, it works fine:

$ gio mount -d /dev/sda7
$ LC_ALL=C journalctl -b 0 -u udisks2.service
Feb 28 00:05:31 T500 ntfs-3g[10977]: Version 2021.8.22 integrated FUSE 28
Feb 28 00:05:31 T500 ntfs-3g[10977]: Mounted /dev/sda7 (Read-Write, label "Sicherung", NTFS 3.1)
Feb 28 00:05:31 T500 ntfs-3g[10977]: Cmdline options: rw,windows_names,hide_dot_files
Feb 28 00:05:31 T500 ntfs-3g[10977]: Mount options: allow_other,nonempty,relatime,rw,fsname=/dev/sda7,blkdev,blksize=4096
Feb 28 00:05:31 T500 ntfs-3g[10977]: Ownership and permissions disabled, configuration type 7
Feb 28 00:05:31 T500 udisksd[583]: Mounted /dev/sda7 (system) at /media/Sicherung on behalf of uid 1000

So it seems, that option `users` virtually effectuates the opposite, than it is supposed to do.

See original description
UlfZibis (ulf-zibis)
description: updated
UlfZibis (ulf-zibis)
description: updated
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello, thanks for the report; note that the fstab(5) and mount(8) man pages both say "user", singular, not "users", plural. That's probably why your mount command didn't work when run as a user.

I don't know about the gio or udisksctl tool errors, I'm unfamiliar with their operation. Maybe they were also looking for "user"?

Thanks

information type: Private Security → Public
Changed in util-linux (Ubuntu):
status: New → Incomplete
Revision history for this message
UlfZibis (ulf-zibis) wrote (last edit ):

Both options and a third exist.

Extract from man mount in section FILESYSTEM-INDEPENDENT MOUNT OPTIONS:

       user
           Allow an ordinary user to mount the filesystem. The name of the
           mounting user is written to the mtab file (or to the private
           libmount file in /run/mount on systems without a regular mtab) so
           that this same user can unmount the filesystem again. This option
           implies the options noexec, nosuid, and nodev (unless overridden by
           subsequent options, as in the option line user,exec,dev,suid).

       nouser
           Forbid an ordinary user to mount the filesystem. This is the
           default; it does not imply any other options.

       users
           Allow any user to mount and to unmount the filesystem, even when
           some other ordinary user mounted it. This option implies the
           options noexec, nosuid, and nodev (unless overridden by subsequent
           options, as in the option line users,exec,dev,suid).

gio mount is the command line variant to simulate a mount by a GUI tool like Nautilus, just used to get the error message.
gio invokes udiskctl under the hood.

Changed in util-linux (Ubuntu):
status: Incomplete → New
Revision history for this message
UlfZibis (ulf-zibis) wrote (last edit ):

In the latest man pages I recently found:

Since util-linux 2.35, mount does not exit when user permissions are inadequate according to libmount’s internal security rules. Instead, it drops suid permissions and continues as regular non-root user. This behavior supports use-cases where root permissions are not necessary (e.g., fuse filesystems, user namespaces, etc).

With this new rule the "regression" concerning `mount` is explainable.

So please add a link to this note at the description of the `user(s)` options.

Still existing: The buggy behaviour with `udisksctl mount`.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.