2

I am trying to set a VirtualBox shared folder mountable by any user, so this is the line I put in /etc/fstab:

# mint shared folder
mint /media/sf_mint vboxsf defaults,user,uid=1000,gid=999 0 0

However, I get this error message:

juanlu@minted ~ $ mount mint
Only root can mount shared folders from the host.
juanlu@minted ~ $ sudo !!
sudo mount mint
unknown mount option `user'
valid options:
  rw         mount read write (default)
  ro         mount read only
  uid       =<arg> default file owner user id
  gid       =<arg> default file owner group id
  ttl       =<arg> time to live for dentry
  iocharset =<arg> i/o charset (default utf8)
  convertcp =<arg> convert share name from given charset to utf8
  dmode     =<arg> mode of all directories
  fmode     =<arg> mode of all regular files
  umask     =<arg> umask of directories and regular files
  dmask     =<arg> umask of directories
  fmask     =<arg> umask of regular files

If I remove the user option, then I am forced to use sudo but at least the owner of the mount point is assigned properly. What am I doing wrong here?

Notice that this might be duplicate to Mounting a VBox shared folder as user, but I actually tried an option it was supposed to work.

Community
  • 1
astrojuanlu
  • 159
  • 1
  • 1
  • 13

3 Answers3

1

This looks like a bug in the program file mount.vboxsf.c, which is part of the VirtualBox Guest Additions for Linux, and I believe that you are doing nothing wrong.

The check for being executed under the root account is done immediately in main() at the start of the program, and before the parameters were processed, so before the user parameter was detected or processed.

The check should have been done much later, after the effective user ID of the process (or its fork) was changed to the specified user account.

You should signal this bug to the VirtualBox developers.
The right forum seems to be VirtualBox on Linux Hosts (login required).

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • Thanks for your answer @harrymc. I will send a bug report and if it gets accepted as valid I will award you the 100 points. – astrojuanlu Oct 28 '14 at 19:04
  • Let me stress by the way that "login required" means, in this case, giving tons of compulsory but surely useless information to Oracle and that I'm very, very pissed off by doing it. – astrojuanlu Oct 28 '14 at 20:11
  • Well, it seems that actually this is not a bug. I will post an answer myself. – astrojuanlu Oct 29 '14 at 06:47
  • 1
    I don't think that the explanation that you have found explains the problem, since it's vboxsf that does the pseudo-mount, so that the root explanation doesn't fully apply. My answer is based on the source-code of the program but I have not examined its entire source-code. I cannot say whether some later manipulation in the program absolutely requires root, only point out that the program doesn't even try to work under `user`. To me this looks like it is simply missing the code for handling that parameter, so this is just a case of an unimplemented feature. – harrymc Oct 29 '14 at 08:48
  • Honestly I am more comfortable with your answer, but as you can see in the forum thread the responses were not constructive at all and I was enormously discouraged to push for further discussion. @harrymc do you think it's worth it to file a proper bug report? I did all the research I could and you even looked at the code but I don't want to be treated like a n00b twice. – astrojuanlu Oct 29 '14 at 09:19
  • Being treated like a n00b is a fact of life on forums, where the less knowledgeable are also the most vocal. I been there, had that. You got only one answer by Perryg, who doesn't sound like a developer. Especially as he was most abusive when you pushed for details which he couldn't supply. In your place I would still file a proper bug report in order to get a definitive answer from a developer, even if a rude one. Acquiring knowledge is sometimes painful, but with time one gets used to it. – harrymc Oct 29 '14 at 10:34
  • Thanks for your comment, I finally filed a bug report (see above). – astrojuanlu Oct 29 '14 at 12:34
  • I suggest you add to the bug report some more of my above info, to explain why you think it might be an unimplemented feature, or alternatively a link to my answer. – harrymc Oct 29 '14 at 14:31
  • I already added your comments to the bug report (not linking back because of the previous comment) but I guess it can take 6-8 weeks to get solved so I'm awarding the bounty already. – astrojuanlu Nov 02 '14 at 20:34
1

As kindly answered in the VirtualBox user support forums, vbox shared folders are not actually devices (if they were, they would be under /dev/) and therefore the "user" option among others is not applicable. Consequently it's not possible to allow non-admin users to manually mount the shared folder.

However, there's still the possibility to automatically mount the vboxsf from /etc/rc.local and customize the mount options. This is similar to automount but allowing to set proper masks and permissions to the folder, as explained here. Notice though that this page is incomplete in that it points to the mount man page to list the available list of options but, as a matter of fact, some of them are not applicable, as seen above.

astrojuanlu
  • 159
  • 1
  • 1
  • 13
0

You don't necessarily need the user option in /etc/fstab to allow ordinary users to mount a filesystem.

Another option is to configure sudo to allow this action, either with or without asking for the executing user's password.

From man sudoers:

Authentication and logging

The sudoers security policy requires that most users authenticate themselves before they can use sudo. A password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.

Tag_Spec

[...]

NOPASSWD and PASSWD

By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used to reverse things. For example:

ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore without authenticating himself.

So a line like this in /etc/sudoers will allow any user to mount the specified file system without entering any password:

ALL ALL = NOPASSWD: /bin/mount mint

Then sudo mount mint should work as an ordinary user.

Laszlo Valko
  • 720
  • 2
  • 7
  • 16
  • 1
    With your method the mount will call vboxsf. The problem is that vboxsf insists that the effective user must be root. – harrymc Nov 01 '14 at 21:22
  • Then you must be doing something differently. With my CentOS 6.4 guest, under VirtualBox 4.3.16, I tested and it works. `sudo` changes both effective and real user ID to 0, and vboxsf is happy with that. You can test that easily with the binary `/usr/bin/id`. – Laszlo Valko Nov 03 '14 at 00:40
  • `sudo` is not useful for me, as for example it won't work in graphical file explorers like Nemo. – astrojuanlu Nov 03 '14 at 06:59
  • You missed the point : The question is about NOT using sudo. – harrymc Nov 03 '14 at 08:20
  • Maybe that's because that point was not mentioned... – Laszlo Valko Nov 03 '14 at 08:43
  • You could edit and improve the post, if you feel it is not clear enough. – harrymc Nov 03 '14 at 10:30