mounted folder disappear as user and accessible only as root

English Applications
#1

on my Laptop=Dell latitude E6510, RAM=8Gb, GPU=GT218 NVS 3100M, CPU=i7 Q 720 @ 1.60GHz running opensuse leap 42.3, plasma 5.10.5, KDE frameworks 5.37.0, KDE applications 17.08.0, Kernel 4.4.79-19-default, nvidia drivers.
In the past I mounted successfully an external AFS filesystem on a folder inserting in /etc/fstab this:

sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ /afspla2 fuse user,noauto,fsname=sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ 0 0

and, I don’t remember why, but I was able to access with dolphin /afspla2 as user.
now I inserted the same in etc/fstab and it works but I can access /afspla2 with dolphin only as root, opening dolphin as user /afspla2 disappear and is non accessible.
I tried to change ownership of /afspla2 to user=pla group=users but fail
I tried to mount in /home/pla/afspla2 but fail
the same happen mounting another filesystem like this:

sshfs procuste@192.168.1.2:/ /server/

how can I have my external filesystem monted in my folders accessible as user??

#2

This is a laptop. You probably use Network Manager and a wireless connection. There will be no network (or sshfs possibility) until some rime after user login.

The fstab entry will provide the mount parameters for a subsequent mount command. Attempts to use it to automunt will belong to root, but I do not fully understand the parameters you are using. Why not forget fstab and create an entry in “~/.config/autostart” or “~/.config/autostart-scripts” to perform the mount (you may need to include a short “sleep”)? I would create a .desktop to provide a trivial graphical mount, and probably open Konsole in the mounted folder.

My clients tend to only work in a graphical environment, so their laptop workspaces are provided with a Dolphin “Place” with an ssh link to their Documents folder in the office. They do not need anything else.

#3

yes I use network manager but the network exist

yes, I put it in fstab to have the possibility to mount with command as root mount /afspla2 and then I would like access with dolphin as user (as root with dolphin is ok), in the past it worked, but now the /afspla2 folder once mounted disappear and is not accessible in dolphin as user that says that it doesn’t exist.

I don’t want automount, but the mount as root works, I cannot access as user

me too only grphical mode, yes, me too in my server with sftp and without password with this in dolphin

sftp://procuste@192.168.1.2/

,
but with afs in my company it is not enough, it seems that this in fstab

sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ /afspla2 fuse user,noauto,fsname=sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ 0 0

is needed in order to mount and I don’t know how to do the same I do in my server in dolphin with sftp:// with ssh…

#4

Network may not exist until user logon unless you set NM to allow all users in which case it is established earlier in the boot

#5

yes it is allowed for all users, …but, why does network should be implied in this issue, I can mount as root with command mount /afspla2, but, after /afspla2 is mounted I can only access as root and I would like to access to it as user…

#6

well, with

sftp://myname@cresco-in.server.mycompany.it:/afs/

I can have access as user, …but why the mounted folder is inaccessible as user but only as root??

#7

I haven’t tested it on a network share but I think a polkit setting should allow ordinary users access to a folder
create the file /etc/polkit-1/rules.d/10-udisks2.rules
and paste

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to mount devices without authentication
// for users in the "users" group.
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount") &&
    subject.isInGroup("users")) {
        return polkit.Result.YES;
    }
});

you can change the users group to something more restrictive (create a new group and add yourself to it to prevent other users access to your share)
some more info about polkit and opensuse
https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.policykit.html

#8

[quote=“I_A,post:7,topic:127532”]
I haven’t tested it on a network share but I think a polkit setting should allow ordinary users access to a folder
create the file /etc/polkit-1/rules.d/10-udisks2.rules
and paste

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to mount devices without authentication
// for users in the "users" group.
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount") &&
    subject.isInGroup("users")) {
        return polkit.Result.YES;
    }
});

manythanks, it works :), but I cannot umount as user

pla@pla-3-TW:~> mount /home/pla/afspla2
myname@cresco-in.mycompany.it's password: 
pla@pla-3-TW:~> umount /home/pla/afspla2
umount: /home/pla/afspla2: Permission denied
pla@pla-3-TW:~>

…I don’t need more restrictive policy :slight_smile:
…reading your link I tried to do this:
I created a file /etc/polkit-1/rules.d/10-udisks2-umount-pla-2017.rules wit this inside:

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to unmount devices without authentication
// for users in the "users" group. fatta da me 2017-09-03set
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-other-seat" ||
         action.id == "org.freedesktop.udisks2.filesystem-unmount-others") &&
    subject.isInGroup("users")) {
        return polkit.Result.YES;
    }
});

with this org.freedesktop.udisks2.filesystem-mount-other-seat and this org.freedesktop.udisks2.filesystem-unmount-others taken from

pla@pla-3-TW:~> pkaction | grep mount
org.freedesktop.udisks2.filesystem-mount
org.freedesktop.udisks2.filesystem-mount-other-seat
org.freedesktop.udisks2.filesystem-mount-system
org.freedesktop.udisks2.filesystem-unmount-others
pla@pla-3-TW:~>

but evidently I’m not enough skilledlol!
how can I umount as user what I mounted??

#9

about unmounting try adding the policy
org.freedesktop.udisks2.filesystem-unmount-others http://storaged.org/doc/udisks2-api/latest/udisks-polkit-actions.html#udisks-polkit-details
modify the /etc/polkit-1/rules.d/10-udisks2.rules to read

// See the polkit(8) man page for more information
// about configuring polkit.

// Allow udisks2 to mount devices without authentication
// for users in the "users" group.
polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
         action.id == "org.freedesktop.udisks2.filesystem-mount" ||
         action.id == "org.freedesktop.udisks2.filesystem-unmount-others") &&
    subject.isInGroup("users")) {
        return polkit.Result.YES;
    }
});
#10

…it doesn’t works, and the mounted folder cannot be unmounted neither as root

pla@pla-3-TW:~> mount /home/pla/afspla
myname@cresco-in.mycompany.it's password: 
pla@pla-3-TW:~> umount /home/pla/afspla
umount: /home/pla/afspla: Permission denied
pla@pla-3-TW:~> su
Password: 
pla-3-TW:/home/pla # /home/pla/afspla
bash: /home/pla/afspla: Permission denied
pla-3-TW:/home/pla #
#11

it should work maybe a background service (fuse?) is using that share and prevents the unmount?

#12

If you’d like a skim of highlights regarding mounting FUSE filesystems,

You can possibly read the SDB: VMware Tools and everywhere you might see a VMware specific command, know there is a “fusermount” command that does the same thing generically. I’d recommend you read the fusermount and fuse.mount MAN pages too, but they’re kind of sparse. At least the SDB:VMware Tools page has examples.

https://en.opensuse.org/SDB:VMware_Tools

You’ll notice in that article there are a number of different issues that sound like what you are having…

  • root required for rw, otherwise read only for ordinary users
  • Sporadic issues unmounting

HTH,
TSU

#13

the polkit method is convenient for mounting local partitions without editing /etc/fstab and automounting them but as you already have a line in your fstab maybe add these options
rw,user,exec so that the partition is user mountable and the user has both read write and execute permissions on it, maybe change your line to something like

sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ /afspla2 fuse rw,user,exec,noauto,fsname=sshfs#myname@cresco-in.server.mycompany.it:/afs/.mycompany.it/ 0 0

again I’ve never done this so I’m just speculating

#14

… also, keep in mind if any file is open, or if you have that mount or one of its subdirectories open in a file browser, such as Dolphin, it will not unmount. :wink:

#15

manythanks, lol!your speculation was right, …I removed the polkit rule and modified the fstab entry as you suggested, now if I mount as user can access as user, if I mount as root cannot access as user, I cannot umount as user, but I can always umount as root