dynamicalsystem.com / tinsnip
homelab infrastructure services
fork atom
tinsnip / machine / scripts / mount_nas_user.sh
at fix-docker-install 126 lines 3.8 kB view raw
dynamicalsystem.com integrated machine and split out service
d1beb006
1#!/bin/bash 2 3# User-specific NAS mounting helper 4# This script demonstrates how user mounts work without requiring root/sudo 5 6set -euo pipefail 7 8log() { 9 echo "[User Mount] $*" 10} 11 12check_mount_capabilities() { 13 log "Checking user mount capabilities..." 14 15 # Check if user namespace is available (for truly rootless mounts) 16 if [[ -f /proc/sys/kernel/unprivileged_userns_clone ]]; then 17 local userns_enabled=$(cat /proc/sys/kernel/unprivileged_userns_clone) 18 if [[ "$userns_enabled" == "1" ]]; then 19 log "User namespaces enabled - full rootless mounting possible" 20 return 0 21 fi 22 fi 23 24 # Check if we can use fusermount (for FUSE-based mounts) 25 if command -v fusermount &>/dev/null; then 26 log "fusermount available - FUSE-based mounting possible" 27 return 0 28 fi 29 30 # Check if systemd-mount is available (for user mount units) 31 if command -v systemd-mount &>/dev/null; then 32 log "systemd-mount available - systemd-based mounting possible" 33 return 0 34 fi 35 36 log "Warning: Limited user mount capabilities. May need sudo for some operations." 37 return 1 38} 39 40setup_polkit_rules() { 41 # This would need to be run once by an admin to allow user mounts 42 local polkit_rule="/etc/polkit-1/rules.d/99-mount-without-password.rules" 43 44 log "To enable passwordless mounting for users, an admin needs to create:" 45 log "$polkit_rule" 46 log "With content allowing mount operations for specific users/groups" 47 48 cat << 'EOF' 49Example polkit rule (requires admin to install): 50 51polkit.addRule(function(action, subject) { 52 if ((action.id == "org.freedesktop.udisks2.filesystem-mount" || 53 action.id == "org.freedesktop.udisks2.filesystem-mount-system") && 54 subject.isInGroup("users")) { 55 return polkit.Result.YES; 56 } 57}); 58EOF 59} 60 61use_systemd_mount() { 62 local mount_type="$1" 63 local source="$2" 64 local target="$3" 65 local options="$4" 66 67 log "Using systemd-mount for user mounting..." 68 69 # systemd-mount can create transient mount units in user session 70 if [[ "$mount_type" == "nfs" ]]; then 71 systemd-mount --no-block --collect \ 72 -t nfs -o "$options" \ 73 "$source" "$target" 74 elif [[ "$mount_type" == "cifs" ]]; then 75 systemd-mount --no-block --collect \ 76 -t cifs -o "$options" \ 77 "$source" "$target" 78 fi 79} 80 81use_gvfs_mount() { 82 # GNOME Virtual File System - works on many desktop systems 83 local mount_type="$1" 84 local server="$2" 85 local share="$3" 86 87 if command -v gio &>/dev/null; then 88 log "Using GVFS (gio) for user mounting..." 89 90 if [[ "$mount_type" == "cifs" ]]; then 91 gio mount "smb://${server}/${share}" 92 elif [[ "$mount_type" == "nfs" ]]; then 93 gio mount "nfs://${server}/${share}" 94 fi 95 96 # GVFS mounts appear under ~/.gvfs or /run/user/$(id -u)/gvfs 97 return 0 98 fi 99 100 return 1 101} 102 103main() { 104 log "User-specific NAS mounting capabilities check" 105 106 check_mount_capabilities 107 108 echo 109 log "Available user mount methods:" 110 log "1. Direct mount (requires sudo or polkit rules)" 111 log "2. systemd-mount (if available)" 112 log "3. GVFS/gio mount (for desktop environments)" 113 log "4. FUSE-based mounts (requires specific FUSE filesystem)" 114 115 echo 116 log "The updated mount_nas.sh script uses method 1 (direct mount)" 117 log "This requires either:" 118 log "- Running mount commands with sudo (will prompt for password)" 119 log "- Setting up polkit rules for passwordless mounting" 120 log "- Using setuid mount helpers (security risk, not recommended)" 121 122 echo 123 setup_polkit_rules 124} 125 126main "$@"