Mar 19

Solaris Mount NFS Share as Non Root User

Since it took me a while to get this working I made a note of how. Giving a normal user Primary Administrator Role did work but even the role of System Administrator did not allow me to mount and unmount NFS.

Two Roles I tested:

# grep Adminis /etc/security/prof_attr
[..]
Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html
Service Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework
System Administrator:::Can perform most non-security administrative tasks:profiles=Audit Review,Printer Management,Cron Management,Device Management,File System Management,Mail Management,Maintenance and Repair,Media Backup,Media Restore,Name Service Management,Network Management,Object Access Management,Process Management,Software Installation,User Management,Project Management,All;help=RtSysAdmin.html

The error was like this:

$ pfexec /sbin/mount /apps
nfs mount: insufficient privileges

Below is what I needed to do. The xvfb service had nothing to do with NFS but I needed it for X display so I am just leaving it in.

# cat /etc/user_attr
[..]
ebs_a::::type=normal;defaultpriv=basic,sys_mount,sys_nfs,net_privaddr;auths=solaris.smf.manage.xvfb,solaris.smf.value.xvfb

$ ppriv $$
28423:  -bash
flags = <none>
        E: basic,net_privaddr,sys_mount,sys_nfs
        I: basic,net_privaddr,sys_mount,sys_nfs
        P: basic,net_privaddr,sys_mount,sys_nfs
        L: all
$ pfexec /sbin/umount /apps
$ pfexec /sbin/mount /apps

$ pfexec svcadm disable svc:/application/xvfb:default
$ pfexec svcadm enable svc:/application/xvfb:default

1
comments

Reply