mount by php-script/apache

Question

for a mobile backup-solution (rpi) I need to mount devices controlled by a webinterface (apache/php7.4). I know, there is a risk, but I added www-data to the sodoers.

My problem is, mounting seems to work, seen from webinterface, from commandline the device seems not to be mounted. And my backup-scripts can not access the devices.

To reproduce I have a test-script lsblk.php:

<?php
        echo (shell_exec("whoami"));
        echo (shell_exec("sudo whoami"));

        echo ("\n\numount\n");
        echo (shell_exec("sudo umount /media/storage"));
        echo (shell_exec("sudo lsblk"));

        echo ("\n\nmount\n");
        echo (shell_exec("sudo mount /dev/sda1 /media/storage"));
        echo (shell_exec("sudo lsblk"));
?>

Called by webinterface I get this back to the browser:

www-data
root


umount
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
`-sda1        8:1    0 931.5G  0 part 
mmcblk0     179:0    0  29.7G  0 disk 
|-mmcblk0p1 179:1    0   256M  0 part /boot
`-mmcblk0p2 179:2    0  29.5G  0 part /


mount
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
`-sda1        8:1    0 931.5G  0 part /media/storage
mmcblk0     179:0    0  29.7G  0 disk 
|-mmcblk0p1 179:1    0   256M  0 part /boot
`-mmcblk0p2 179:2    0  29.5G  0 part /

/media/storage seems to be mounted. But lsblk (as pi, root or www-data) always gives back:

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
└─sda1        8:1    0 931.5G  0 part 
mmcblk0     179:0    0  29.7G  0 disk 
├─mmcblk0p1 179:1    0   256M  0 part /boot
└─mmcblk0p2 179:2    0  29.5G  0 part /

So it's not mounted?

sudo -u www-data php ./lsblk.php shows the same like the webinterface:

www-data
root


umount
umount: /media/storage: not mounted.
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
└─sda1        8:1    0 931.5G  0 part 
mmcblk0     179:0    0  29.7G  0 disk 
├─mmcblk0p1 179:1    0   256M  0 part /boot
└─mmcblk0p2 179:2    0  29.5G  0 part /


mount
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
└─sda1        8:1    0 931.5G  0 part /media/storage
mmcblk0     179:0    0  29.7G  0 disk 
├─mmcblk0p1 179:1    0   256M  0 part /boot
└─mmcblk0p2 179:2    0  29.5G  0 part /

But lsblk from commandline now shows the mounted device:

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 931.5G  0 disk 
└─sda1        8:1    0 931.5G  0 part /media/storage
mmcblk0     179:0    0  29.7G  0 disk 
├─mmcblk0p1 179:1    0   256M  0 part /boot
└─mmcblk0p2 179:2    0  29.5G  0 part /

Now I can access the storage: ls /media/storage/

test.txt

This was not possible after webinterface-based mounting.

I am out of ideas, any help? Thank you!

Answer 1

The main issue here is presumably an systemd option in the service settings. apache2 example: /lib/systemd/system/apache2.service: PrivateTmp=true causes this behaviour, see details here.

In short: If PrivateTmp is enabled in the systemd settings for a service, a file system namespace is being set up for the service.