Adding a user to sudoers file to allow mount & umount

Support for security such as Firewalls and securing linux

Adding a user to sudoers file to allow mount & umount

Postby pasan » 2012/01/20 05:47:38

Hi everyone, this is my first post on this forum. Over the past couple of days I installed CentOS 6.2 and slowly made my way through configuring the system to my everyday use. I am having a small issue with configuring the sudoers file to allow a non-admin user to use mount and umount commands.
Now the user by default belongs to the user group like say john:john so I entered the following into the sudoers file.

%john ALL=(root) NOPASSWD:/bin/mount
%john ALL=(root) NOPASSWD:/bin/umount

And when I go try to use the command mount as the user john I get:

mount: only root can do that

What am I doing wrong? Would it have something to do with selinux policy? Previously I have done this in Fedora exactly the same way, but the difference being I added the user to a new group and used that group in the suders file. Also on that machine I was running selinux in permissive mode. Any help would be great as I'm not sure what is causing this.
pasan
 
Posts: 2
Joined: 2012/01/20 05:10:43

Re: Adding a user to sudoers file to allow mount & umount

Postby TrevorH » 2012/01/20 09:42:40

Is there something wrong with the "user" option in /etc/fstab for this file system?
User avatar
TrevorH
Forum Moderator
 
Posts: 9114
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Adding a user to sudoers file to allow mount & umount

Postby pschaff » 2012/01/20 20:22:46

I don't see anything wrong with the sudoers syntax. Are you editing the file with visudo? Are you sure the group is valid? You could try visudo -s for strict checking. Have you tried just the user name?
Code: Select all
john ALL=(root) NOPASSWD: /bin/mount
john ALL=(root) NOPASSWD: /bin/umount
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Adding a user to sudoers file to allow mount & umount

Postby pasan » 2012/01/24 06:24:46

Yeah the syntax is correct. I tried creating a separate group and adding that to sudoers syntax no avail. Also set selinux to permissive mode and still get permission denied. So it is not that either. For some reason my system is hell bent on only root being able to mount/umount :S
pasan
 
Posts: 2
Joined: 2012/01/20 05:10:43

Re: Adding a user to sudoers file to allow mount & umount

Postby r_hartman » 2012/01/24 08:43:20

pasan wrote:
And when I go try to use the command mount as the user john I get:

mount: only root can do that


It would have been more helpful to provide the command with the error, like
Code: Select all
$ mount /dev/cdrom /mnt/cdrom
mount: only root can do that

as I supect this is what you did. 'mount' will not suddenly magically work just because you are 'john', who happens to be in the sudoers file.

What you should have done is
Code: Select all
$ sudo mount /dev/cdrom /mnt/cdrom
r_hartman
 
Posts: 701
Joined: 2009/03/23 15:08:11
Location: Netherlands


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 2 guests