Description of problem: CIFS volumes can't be mounted as a normal user. The common suggestion is to add the setuid bit to mount.cifs, but this isn't possible to do on immutable distributions like Silverblue. Version-Release number of selected component (if applicable): cifs-utils-6.15-1.fc36.x86_64 How reproducible: Always. Steps to Reproduce: 1. Configure a user-mountable / systemd automount CIFS volume 2. Try to mount it from Nautilus Additional info: I'm using the following fstab line for my volume: //cupboard/data /mnt/cupboard cifs credentials=/etc/samba/cupboard.credentials,uid=1000,gid=1000,rw,noauto,x-systemd.automount,x-systemd.mount-timeout=30,_netdev,x-gvfs-show 0 0 The x-systemd.automount is recommended on multiple guides to delay mounting the volume until first accessed, instead of slowing down the system boot process. See also: https://ask.fedoraproject.org/t/suddenly-user-cifs-mounts-not-supported/22785/4
This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
This is addressed in fedora 38 as part of cifs-utils 7.0
As far as I can see this is not fixed. I am running cifs-utils-7.0-1.fc38.x86_64 on Fedora 38. Maybe this is fixed for Fedora Workstation but not Silverblue (which the original bug reporter mentioned as well)?
Tested on the same version than Michael but in regular Fedora 38. It was not fixed, I had to `chmod u+s /sbin/mount.cifs` as workaround. This machine was upgraded from earlier Fedora versions, not sure if this might be a factor. But if it is a matter of upgrading, permissions should be fixed during upgrade.
Hi,this issue is still present on fresh install of Fedora 39 (Workstation) with package version cifs-utils-7.0-2.fc39.x86_64. As it was reported above, doing for example mount -t cifs [share] [mount_point] [options]... as a normal user is not possible and terminal throws error: This program is not installed setuid root - "user" CIFS mounts not supported.
There is no plan to enable setuid root for mount.cifs by default. We consider this a security issue and as such, a decision to enable user-initiated mounts should be part of an explicit administrator activity. On Fedora workstations GNOME provides user mounts via libgvfs interface which avoids using kernel cifs driver and therefore does not need mount.cifs at all. Since Fedora 15, a general policy Fedora has is to not use setuid bits: https://fedoraproject.org/wiki/Features/RemoveSETUID We may look into adding `%cap(....)` statement to mount.cifs definition in the spec file to cover required capabilities automatically. Lukas, any comment here from SELinux point of view?
For both unconfined(every Linux user is unconfined by default) there are allow rules to execute mount.cifs binary file and setuid capability. Confined users can execute mount.cifs binary file but doesn't have setuid capability, so user would need to enable it if confined users are configured. By default SELinux should not block it, however I fully support the statement to avoid introducing setuid bits on new binary files. I believe the problem should be discussed with Silverblue team, to get their input how such use-cases should be implemented. Thanks, Lukas.
This message is a reminder that Fedora Linux 39 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 39 on 2024-11-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '39'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 39 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Fedora Linux 39 entered end-of-life (EOL) status on 2024-11-26. Fedora Linux 39 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.