From owner-freebsd-questions@FreeBSD.ORG Wed Dec 31 07:42:59 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCB1416A4CE for ; Wed, 31 Dec 2003 07:42:59 -0800 (PST) Received: from mail-in.m-online.net (svr8.m-online.net [62.245.150.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id D251243D48 for ; Wed, 31 Dec 2003 07:42:48 -0800 (PST) (envelope-from h@schmalzbauer.de) Received: from mail.m-online.net (svr14.m-online.net [192.168.3.144]) by svr8.m-online.net (Postfix) with ESMTP id 103995AF5; Wed, 31 Dec 2003 16:42:48 +0100 (CET) Received: from cale.flintsbach.schmalzbauer.de (ppp-62-245-160-107.mnet-online.de [62.245.160.107]) by mail.m-online.net (Postfix) with ESMTP id C8DBD2F4EB; Wed, 31 Dec 2003 16:42:47 +0100 (CET) From: Harald Schmalzbauer To: Dany Date: Wed, 31 Dec 2003 16:42:41 +0100 User-Agent: KMail/1.5.4 References: <3FF2612A.6050903@natzo.com> <200312311625.38220@harrymail> <3FF2ED2E.6040200@natzo.com> In-Reply-To: <3FF2ED2E.6040200@natzo.com> X-Birthday: 06 Oktober 1972 X-Name: Harald Schmalzbauer X-Phone1: +49 (0) 163 555 3237 X-Phone2: +49 (0) 89 18947781 X-Address: Munich, 80686 X-Country: Germany MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_35u8/7pK+g5LKgl"; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <200312311642.47172@harrymail> cc: freebsd-questions@freebsd.org Subject: Re: Mounting CDROM as user under 5.x X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Dec 2003 15:43:00 -0000 --Boundary-02=_35u8/7pK+g5LKgl Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 31 December 2003 16:37, Dany wrote: > Thanks Harry for taking the time to answer my questions. I think based > on your comments it should work. > > Is there any security concern having a user belonging to the group > operator ? I never really cared about. AnonFTP is owned by operator, but in general I= =20 think wheel is worse than operator. Please correct me anybody, I don't really care on my workstation ;) Best is to have a look through the (default) filesystem and see if operator= =20 has any write permissions where it was no good. I'm quiet sure wheel has mu= ch=20 too much read permissions for "normal" users. But that doesn't matter for=20 useres who can su ;) Happy new year, =2DHarry > > Thanks again > Dany > > Harald Schmalzbauer wrote: > >On Wednesday 31 December 2003 16:07, Dany wrote: > >>Harald Schmalzbauer wrote: > > > >*SNIP* > > > >>This is pretty much what I've tried. My user is in the Wheel group. > >>Would this exact configuration work ? Should I set any other > >>permission in order to have the user from the wheel group to mount > >> drives? > >> > >>Thanks for posting your configuration. > >> > >>PS: One thing I've noticed with this specific user, whenever he creates > >>something the file/directory will show owner:username group:username. > >>I've used the command "groups" as well as chpass I think and they gave > >>me only one group for this username... wheel. Why doesn't wheel appear > >>as the group owner for stuff that username is creating ? > > > >When you add a user with "adduser" by default FreeBSD creates a group > > similar named like the username. If you later say that this user should > > be in group wheel it's additional. > > > >>>>>>>added the following to /dev/devfs.conf > >>>>>>>link acd0 cdrom > >>>>>>>perm acd0 0660 > > > >This line just gives write access to group. You can either add the line: > >own acd0 root:wheel > > > >or you edit /etc/groups and add your user to the group operator. > >I'd prefere the latter. > > > >Here's my simple /etc/group example: > ># $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ > ># > >wheel:*:0:root,harry > >daemon:*:1: > >kmem:*:2: > >sys:*:3: > >tty:*:4: > >operator:*:5:root,harry > >mail:*:6: > >bin:*:7: > >news:*:8: > >man:*:9: > >games:*:13: > >staff:*:20: > >sshd:*:22: > >smmsp:*:25: > >mailnull:*:26: > >guest:*:31: > >bind:*:53: > >uucp:*:66: > >dialer:*:68: > >network:*:69: > >www:*:80: > >nogroup:*:65533: > >nobody:*:65534: > >harry:*:####: > >uli:*:####: > >schowi:*:####: > >administrator:*:####: > >alle:*:####:root,harry,uli,schowi,administrator > >setiathome:*:####: > > > >-Harry --Boundary-02=_35u8/7pK+g5LKgl Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/8u53Bylq0S4AzzwRApzXAJ4kqUYkaJyA5EevLHTcXh+RLO3j5ACfeA+s B8yvFdkwMtcE6rlDfJldcN8= =fm7K -----END PGP SIGNATURE----- --Boundary-02=_35u8/7pK+g5LKgl--