How to mount an image file without root permission?

You can't mount anything that the administrator hasn't somehow given you permission to mount. Only root can call the mount system call. The reason for this is that there are many ways to escalate privileges through mounting, such as mounting something over a system location, making files appear to belong to another user and exploiting a program that relies on file ownership, creating setuid files, or exploiting bugs in filesystem drivers.

The mount command is setuid root. But if you aren't root, it only lets you mount things that are mentioned in fstab.

The fusermount command is setuid root. It only lets you mount things through a FUSE driver, and restricts your abilities to provide files with arbitrary ownership or permissions that way (under most setups, all files on a FUSE mount belong to you).

Your best bet is to find a FUSE filesystem that's capable of reading your disk image. For ISO 9660 images, try both fuseiso and UMfuse's ISO 9660 support (available under Debian as the fuseiso9660 package).


The Debian Wiki shows several ways of doing this. Here's one way. (This requires the udisks2 package to be installed.

First, create a 'loop device.' This will allow us to mount the image file.

$ udisksctl loop-setup -f $PATH_TO_IMAGE
Mapped file $PATH_TO_IMAGE as /dev/loop0.

Notice that it mapped the image at /dev/loop0. However, if the previous command had returned /dev/loop1, then you would replace /dev/loop0 with /dev/loop1 in all of the following commands.

You might need to run this command if the block device we created is not automatically mounted with the previous command:

$ udisksctl mount -b /dev/loop0
Mounted /dev/loop0 at /media/$USER/$IMAGE_NAME

You can look at files on the disk:

$ ls -l /media/$USER/$IMAGE_NAME/

You can unmount it when you're done:

$ udisksctl unmount -b /dev/loop0
$ udisksctl loop-delete -b /dev/loop0

You can use the FUSE module guestmount to mount several types of disk images. It's part part of the guestfs ecosystem and won't require root permissions.

Take a look at the man page for further details.

Examples

1. For a typical Windows guest which has its main filesystem on the first partition:

guestmount -a windows.img -m /dev/sda1 --ro /mnt

2. For a typical Linux guest which has a /boot filesystem on the first partition, and the root filesystem on a logical volume:

guestmount -a linux.img -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt

Tags:

Mount

Recent Posts