Use udevil to mount instead of sudo

core/src/plugins/meta.mount/class.FilesystemMounter.php

@@ -122,6 +122,12 @@ public function mountFS()
         $this->logDebug("FSMounter::mountFS Should mount" . $user);
         $repo = $this->repository;
 
+        if(isset($this->options["MOUNT_DEVIL"]) && !empty($this->options["MOUNT_DEVIL"]) && $this->options["MOUNT_DEVIL"]) {
+            $udevil = "udevil ";
+        }else{
+            $udevil = "";
+        }
+
         $MOUNT_TYPE = $this->options["FILESYSTEM_TYPE"];
         $MOUNT_POINT = $this->getOption("MOUNT_POINT", $user, $password);
         $MOUNT_POINT_ROOT = $this->getOption("MOUNT_POINT", "", "");
@@ -144,7 +150,7 @@ public function mountFS()
         $UNC_PATH = $this->getOption("UNC_PATH", $user, $password, false);
         $MOUNT_OPTIONS = $this->getOption("MOUNT_OPTIONS", $user, $password, false);
 
-        $cmd = "mount -t " .$MOUNT_TYPE. (empty( $MOUNT_OPTIONS )? " " : " -o " .escapeshellarg($MOUNT_OPTIONS). " " ) .escapeshellarg($UNC_PATH). " " .escapeshellarg($MOUNT_POINT);
+        $cmd = $udevil."mount -t " .$MOUNT_TYPE. (empty( $MOUNT_OPTIONS )? " " : " -o " .escapeshellarg($MOUNT_OPTIONS). " " ) .escapeshellarg($UNC_PATH). " " .escapeshellarg($MOUNT_POINT);
         $res = null;
         if($this->getOption("MOUNT_ENV_PASSWD") == true){
             putenv("PASSWD=$password");
@@ -183,7 +189,12 @@ public function umountFS()
         list($user, $password) = $this->getCredentials();
         $MOUNT_POINT = $this->getOption("MOUNT_POINT", $user, $password);
 
-        system("umount ".escapeshellarg($MOUNT_POINT), $res);
+        if(isset($this->options["MOUNT_DEVIL"]) && !empty($this->options["MOUNT_DEVIL"]) && $this->options["MOUNT_DEVIL"]) {
+            $udevil = "udevil ";
+        }else{
+            $udevil = "";
+        }
+        system($udevil."umount ".escapeshellarg($MOUNT_POINT), $res);
         if($this->getOption("REMOVE_MOUNTPOINT_ON_UNMOUNT") == true && $res == 0 && !$this->isAlreadyMounted() ){
             // Remove mount point
             $testRm = @rmdir($MOUNT_POINT);

core/src/plugins/meta.mount/manifest.xml

@@ -1,33 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <meta id="meta.mount" label="CONF_MESSAGE[FS Mount]" description="CONF_MESSAGE[Mount a remote location on the file system before accessing the repository]" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-             xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd" mixins="credentials_consumer">
+      xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd" mixins="credentials_consumer">
     <class_definition filename="plugins/meta.mount/class.FilesystemMounter.php" classname="FilesystemMounter"/>
     <server_settings>
-   		<param name="FILESYSTEM_TYPE" type="string" label="CONF_MESSAGE[FS Type]" description="CONF_MESSAGE[Filesystem Type, will be used for the -t option of the mount command]" mandatory="true" default="cifs"/>
-   		<param name="UNC_PATH" type="string" label="CONF_MESSAGE[Remote Path]" description="CONF_MESSAGE[Path to the remote share to mount, use //123.456.789.654/path you can use AJXP_USER]" mandatory="true" default=""/>
-   		<param name="MOUNT_POINT" type="string" label="CONF_MESSAGE[Mount Point]" description="CONF_MESSAGE[Mount Path, use AJXP_USER]" mandatory="true" default=""/>
-   		<param name="MOUNT_OPTIONS" type="string" label="CONF_MESSAGE[Mount Options]" description="CONF_MESSAGE[Used with the -o command option, use AJXP_USER, AJXP_PASS, AJXP_SERVER_UID, AJXP_SERVER_GID]" mandatory="false" default="user=AJXP_USER,pass=AJXP_PASS,uid=AJXP_SERVER_UID,gid=AJXP_SERVER_GID"/>
-   		<param name="MOUNT_ENV_PASSWD" type="boolean" label="CONF_MESSAGE[Pass Password via environment instead of command line]" description="CONF_MESSAGE[Instead of setting password through the AJXP_PASS variable in mount options, pass it through the environment variables. Sudo file must be changed accordingly.]" mandatory="false" default="false"/>
-   		<param name="MOUNT_RESULT_SUCCESS" type="string" label="CONF_MESSAGE[Additional result codes to accept as success]" description="CONF_MESSAGE[On some setup result code 32 is often an already mounted code and we want to consider this as a success. Add comma-separated list of codes.]" mandatory="false" default="32"/>
-   		<param name="REMOVE_MOUNTPOINT_ON_UNMOUNT" type="boolean" label="CONF_MESSAGE[Remove mount point on unmount]" description="CONF_MESSAGE[Delete mount folder on unmount. Can be required for security reasons.]" mandatory="false" default="false"/>
+        <param name="FILESYSTEM_TYPE" type="string" label="CONF_MESSAGE[FS Type]" description="CONF_MESSAGE[Filesystem Type, will be used for the -t option of the mount command]" mandatory="true" default="cifs"/>
+        <param name="MOUNT_DEVIL" type="boolean" label="CONF_MESSAGE[Devil]" description="CONF_MESSAGE[Call the mount/umount commands through devil, must be configured on the server]" mandatory="true" default="false"/>
+        <param name="UNC_PATH" type="string" label="CONF_MESSAGE[Remote Path]" description="CONF_MESSAGE[Path to the remote share to mount, use //123.456.789.654/path you can use AJXP_USER]" mandatory="true" default=""/>
+        <param name="MOUNT_POINT" type="string" label="CONF_MESSAGE[Mount Point]" description="CONF_MESSAGE[Mount Path, use AJXP_USER]" mandatory="true" default=""/>
+        <param name="MOUNT_OPTIONS" type="string" label="CONF_MESSAGE[Mount Options]" description="CONF_MESSAGE[Used with the -o command option, use AJXP_USER, AJXP_PASS, AJXP_SERVER_UID, AJXP_SERVER_GID]" mandatory="false" default="user=AJXP_USER,pass=AJXP_PASS,uid=AJXP_SERVER_UID,gid=AJXP_SERVER_GID"/>
+        <param name="MOUNT_ENV_PASSWD" type="boolean" label="CONF_MESSAGE[Pass Password via environment instead of command line]" description="CONF_MESSAGE[Instead of setting password through the AJXP_PASS variable in mount options, pass it through the environment variables. Sudo file must be changed accordingly.]" mandatory="false" default="false"/>
+        <param name="MOUNT_RESULT_SUCCESS" type="string" label="CONF_MESSAGE[Additional result codes to accept as success]" description="CONF_MESSAGE[On some setup result code 32 is often an already mounted code and we want to consider this as a success. Add comma-separated list of codes.]" mandatory="false" default="32"/>
+        <param name="REMOVE_MOUNTPOINT_ON_UNMOUNT" type="boolean" label="CONF_MESSAGE[Remove mount point on unmount]" description="CONF_MESSAGE[Delete mount folder on unmount. Can be required for security reasons.]" mandatory="false" default="false"/>
     </server_settings>
-   	<client_settings>
-   		<resources>
-   			<i18n namespace="meta.mount" path="plugins/meta.mount/i18n" />
-   		</resources>
-   	</client_settings>
-   	<registry_contributions>
-           <actions>
-               <action name="logout">
-                   <pre_processing>
-                       <serverCallback methodName="umountFS"/>
-                   </pre_processing>
-               </action>
-               <action name="switch_repository">
-                   <pre_processing>
-                       <serverCallback methodName="umountFS"/>
-                   </pre_processing>
-               </action>
-           </actions>
+    <client_settings>
+        <resources>
+            <i18n namespace="meta.mount" path="plugins/meta.mount/i18n" />
+        </resources>
+    </client_settings>
+    <registry_contributions>
+        <actions>
+            <action name="logout">
+                <pre_processing>
+                    <serverCallback methodName="umountFS"/>
+                </pre_processing>
+            </action>
+            <action name="switch_repository">
+                <pre_processing>
+                    <serverCallback methodName="umountFS"/>
+                </pre_processing>
+            </action>
+        </actions>
     </registry_contributions>
 </meta>

core/src/plugins/meta.mount/plugin_doc.html

@@ -1,9 +1,38 @@
 <p><b>Linux Only</b> : Generic purpose meta plugin that is triggered before the repository is opened, and can be configured to mount any filesystem and unmount it when the user either switch to another repository or logs out.</p>
-        <p>
-            If you have permissions issues, you can use the "sudo" parameter to sudo all system operations.
-            In that case, make sure to set the sudoers permission accordingly: apache user (www-data or httpd generaly) must be allowed to
-            perform a mount operation using sudo.
-        </p>
-        <p>
-            To strengthen the security, use the parameter to pass password via the system environment and not via the command line itself. Sudo file must also be adapted to be allowed for that ( something like defaults@pydio-*-app* env_keep += "PASSWD").
-        </p>
+<p>
+    <b>Update: version 6.2.1</b>
+    <br/>Due to security reason, we removed 'sudo' parameter on version 6.2.0 and use 'udevil' as an alternative. <b>udevil</b> is a command line program which mounts and unmounts removable devices without requirement of 'sudo'.
+    For more information: https://ignorantguru.github.io/udevil/
+    <br/>
+    <br/><b>Installation</b>
+    <br/>
+    Debian 8 / Ubuntu 14:
+    <br/>sudo apt-get install udevil
+    <br/>
+    <br/>CentOS/RedHat:
+    <br/>Can use self-extracting installer: <b>bash udevil-x.x.x-installer.sh</b> See: https://ignorantguru.github.io/udevil/
+    <br/>
+    <br/>
+    After installation, you can configure udevil in /etc/udevil/udevil.conf to allow mount points and protocols
+    <br/>Testing by using command to mount in terminal
+    <br/><b>udevil mount smb://pydio@192.168.0.3/share /media/test/abc</b>
+    <br/>then:
+    <br/><b>udevil umount smb://pydio@192.168.0.3/share /media/test/abc</b>
+    <br> <b>Note: </b> Make sure that the permission of mount point should be owned by apache when you test from Pydio.
+    <br> <b>Warning: </b> Passing password via system evr PASSWD is not supported in 'udevil'.
+</p>
+<br/>
+<img src="metamount_udevil.png"  width="510" alt="Configuration to mount samba with udevil">
+<br/>
+<br/>
+<p>
+    <b>Version 6.0.8</b>
+</p>
+<p>
+    If you have permissions issues, you can use the "sudo" parameter to sudo all system operations.
+    In that case, make sure to set the sudoers permission accordingly: apache user (www-data or httpd generaly) must be allowed to
+    perform a mount operation using sudo.
+</p>
+<p>
+    To strengthen the security, use the parameter to pass password via the system environment and not via the command line itself. Sudo file must also be adapted to be allowed for that ( something like defaults@pydio-*-app* env_keep += "PASSWD").
+</p>