From owner-freebsd-questions@FreeBSD.ORG Fri Oct 27 15:51:11 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD6A416A492 for ; Fri, 27 Oct 2006 15:51:11 +0000 (UTC) (envelope-from malcolm.kay@internode.on.net) Received: from ash25e.internode.on.net (ash25e.internode.on.net [203.16.214.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2946343D46 for ; Fri, 27 Oct 2006 15:51:10 +0000 (GMT) (envelope-from malcolm.kay@internode.on.net) Received: from alpha.home (ppp66-14.lns3.adl2.internode.on.net [121.44.66.14]) by ash25e.internode.on.net (8.13.6/8.13.5) with ESMTP id k9RFp8pW069006 for ; Sat, 28 Oct 2006 01:21:09 +0930 (CST) (envelope-from malcolm.kay@internode.on.net) From: Malcolm Kay Organization: at home To: freebsd-questions@freebsd.org Date: Sat, 28 Oct 2006 01:21:07 +0930 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200610280121.07939.malcolm.kay@internode.on.net> Subject: mount_smbfs/umount for non root user. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Oct 2006 15:51:11 -0000 Running mount_smbfs as a regular user generates a permission denial in relation to iconv in the kernel. This is apparently a well known problem which can be circumvented by setting the set-user-id-on-execution bit for mount_smbfs. This works for me but leads to the problem that the mount is now seen as belonging to root and the regular user gets a denial on umount. Allowing regular users to mount smb shares with mount_smbfs seems to me fairly benign but to set the set-user-id-on-execution bit for umount would be extremely dangerous. Is there a way around this problem -- this is under FreeBSD 5.4. Taking a look at the sources for mount_smbfs and the associated library, libsmb, I see that conditional compilation for APPLE (Darwin?) switches the effective user id when the set-user-id-on-execution bit is set with the code executed mostly under the identity of the real user and switching to privileged mode only for a few brief activities - notably for installing the iconv table and a few error conditions. Apart from this the code looks very similar to (but not quite identical with) the FreeBSD code. I presume (without any real justification) that these differences in the APPLE version are intended to circumvent the difficulty I am having when running under Darwin. The question is if I modify the FreeBSD code to perform similar switchings of effective user id and recompile am I likely to achieve my desired goal? Has anyone else tried this? Any comments would be welcome. Malcolm