Date: Thu, 02 Sep 1999 13:43:26 -0500 From: "Andrew J. Korty" <ajk@purdue.edu> To: adrian@FreeBSD.ORG Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: [mount.c]: Option "user"-patch Message-ID: <199909021843.NAA78051@galileo.physics.purdue.edu> In-Reply-To: Message from adrian@FreeBSD.ORG of "Fri, 03 Sep 1999 00:49:11 %2B0800." <19990903004910.D1215@ewok.creative.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Sep 02, 1999, Andrew J. Korty wrote: > > > > > You realise that this kind of stuff can be done in kernelspace, > > > > without needing yet another setuid binary/binaries.. > > > > > > Well, sysctl with list of pathes for user mounts looks good. > > > Configuration is simple and can be easliy changed at runtime. It is > > > always better to avoid setuid'ed binaries, this is more worse that > > > mount(8) can execute other mount_* binaries. > > > > My code provides needed features that all implementations I've seen > > of the sysctl approach do not. Our users need to mount removable > > volumes just by clicking on a KDE icon, without having to know what > > type of filesystem is present on the media. Non-console users > > should not be permitted to mount removable volumes. Both of these > > features are provided by my patch, which I have had in production > > since I submitted it. > > There are saner ways than using a suid binary. > Countering your arguement.. > > sysctl -w vfs.usermount="/floppy:/cdrom" > > And they can mount/umount at whim if they own the mountpoint/have done the > mount (and the permission checking can be extended to suit..) > > Then all you need to do is think of a sane way to chown console devices > (floppy, cdrom, etc..) to the user when they login? Perhaps an extension > to login/xdm/whatever kde uses ? The user would still have to know what type of filesystem is on the volume. My code tries filesystem types from a list, one by one, so the same command or desktop icon will mount a FAT, UFS, or EXT2FS floppy, for example. The system administrator can also specify default mount options on a device or filesystem-type basis. ajk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909021843.NAA78051>