FS#16907 - [ntfs-3g] an unprivileged user cannot mount a ntfs-3g partition anymore (external FUSE)

Attached to Project: Arch Linux
Opened by Paolo (palmaway) - Thursday, 29 October 2009, 18:16 GMT
Last edited by Ronald van Haren (pressh) - Thursday, 05 November 2009, 22:06 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Ronald van Haren (pressh)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
Since ntfs-3g is now built with external FUSE support, an unprivileged user cannot mount a ntfs-3g partition anymore, even if the ntfs-3g binary is set to setuid-root.

Wen called, mount.ntfs-3g exits with the following error:
"Mount is denied because setuid and setgid root ntfs-3g is insecure with the external FUSE library. Either remove the setuid/setgid bit from the binary or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://ntfs-3g.org/support.html#unprivileged"

This option is very useful, especially when mounting *external disks* with NTFS partitions.

Additional info:
* package version(s): ntfs-3g 2009.4.4-2

Steps to reproduce:
Allow an unpriviledged user to mount an ntfs-3g partition following the steps reported in
http://www.tuxera.com/community/ntfs-3g-faq/#useroption

Unprivileged block device mounts work only if all the below requirements are met:
1. ntfs-3g is compiled with integrated FUSE support
2. the ntfs-3g binary is at least version 1.2506
3. the ntfs-3g binary is set to setuid-root
4. the user has access right to the volume
5. the user has access right to the mount point
This task depends upon

Closed by  Ronald van Haren (pressh)
Thursday, 05 November 2009, 22:06 GMT
Reason for closing:  Won't fix
Additional comments about closing:  use abs if you need internal fuse support, or use one of the other ways to access your ntfs partitions as normal user
Comment by Jan de Groot (JGC) - Thursday, 29 October 2009, 23:36 GMT
What's wrong with wrappers like hal/devicekit-disks, or using sudo?

From the ntfs-3g website:
"Please note that using setuid-root can result unforeseen privilege escalation and its usage is discouraged. Only the absolutely trusted users must be granted such access."

Loading...