Users to have permission to mount loopbacks.

[wilsonsamm]

How can I let my users have the permission to mount loopback files? I have some encrypted block files, some ISOs and such, that I want my user (not root) to be able to mount onto a mount point.

[Jimini]

What about sudo?

Best regards,
Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu)

[wilsonsamm]

[Jimini]

As far as I know, you can configure sudo not to ask for passwords - but you're right, sudo seems more light a workaround to me here. I keep googleing ;)

Best regards,
Jimini
_________________
"The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu)

[chithanh]

It is a bit dangerous to allow users to mount stuff outside fstab/udev. They could mount filesystems with setuid binaries and use them for privilege escalation.

[iss]

[wilsonsamm]

[chithanh]

If it is just to allow users to access files in ISO images, these can be extracted with p7zip or similar.

Else maybe write a script that creates symlink to the ISO file in a special directory, which is monitored by another process and which mounts them with safe options.

[Sven Vermeulen]

Or create a wrapper script that takes one argument: the file to mount. The script is then responsible for selecting the right location (like /mnt/loop/0, 1, 2 ...) and mount the file with safe privileges for the user. Then allow users to call this script from sudo. The script returns the mountpoint.

You definitely don't want users to be able to mount something everywhere (otherwise they can mount a fake /etc with their own root password stuff inside at /etc), and the script should check that one argument for sane values (like a-zA-Z0-9._- or something akin to that).

Using something else with setuid is dangerous.
_________________
Please add "[solved]" to the initial topic title when it is solved.