Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Dec 2003 16:42:41 +0100
From:      Harald Schmalzbauer <h@schmalzbauer.de>
To:        Dany <dany_list@natzo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Mounting CDROM as user under 5.x
Message-ID:  <200312311642.47172@harrymail>
In-Reply-To: <3FF2ED2E.6040200@natzo.com>
References:  <3FF2612A.6050903@natzo.com> <200312311625.38220@harrymail> <3FF2ED2E.6040200@natzo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--Boundary-02=_35u8/7pK+g5LKgl
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 31 December 2003 16:37, Dany wrote:
> Thanks Harry for taking the time to answer my questions. I think based
> on your comments it should work.
>
> Is there any security concern having a user belonging to the group
> operator ?

I never really cared about. AnonFTP is owned by operator, but in general I=
=20
think wheel is worse than operator.
Please correct me anybody, I don't really care on my workstation ;)
Best is to have a look through the (default) filesystem and see if operator=
=20
has any write permissions where it was no good. I'm quiet sure wheel has mu=
ch=20
too much read permissions for "normal" users. But that doesn't matter for=20
useres who can su ;)

Happy new year,

=2DHarry

>
> Thanks again
> Dany
>
> Harald Schmalzbauer wrote:
> >On Wednesday 31 December 2003 16:07, Dany wrote:
> >>Harald Schmalzbauer wrote:
> >
> >*SNIP*
> >
> >>This is pretty much what I've tried. My user is in the Wheel group.
> >>Would this exact configuration work ?    Should I set any other
> >>permission in order to have the user from the wheel group to mount
> >> drives?
> >>
> >>Thanks for posting your configuration.
> >>
> >>PS: One thing I've noticed with this specific user, whenever he creates
> >>something the file/directory will show owner:username   group:username.
> >>I've used the command "groups" as well as chpass I think and they gave
> >>me only one group for this username... wheel.  Why doesn't wheel appear
> >>as the group owner for stuff that username is creating ?
> >
> >When you add a user with "adduser" by default FreeBSD creates a group
> > similar named like the username. If you later say that this user should
> > be in group wheel it's additional.
> >
> >>>>>>>added the following to /dev/devfs.conf
> >>>>>>>link acd0 cdrom
> >>>>>>>perm acd0 0660
> >
> >This line just gives write access to group. You can either add the line:
> >own    acd0 root:wheel
> >
> >or you edit /etc/groups and add your user to the group operator.
> >I'd prefere the latter.
> >
> >Here's my simple /etc/group example:
> ># $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $
> >#
> >wheel:*:0:root,harry
> >daemon:*:1:
> >kmem:*:2:
> >sys:*:3:
> >tty:*:4:
> >operator:*:5:root,harry
> >mail:*:6:
> >bin:*:7:
> >news:*:8:
> >man:*:9:
> >games:*:13:
> >staff:*:20:
> >sshd:*:22:
> >smmsp:*:25:
> >mailnull:*:26:
> >guest:*:31:
> >bind:*:53:
> >uucp:*:66:
> >dialer:*:68:
> >network:*:69:
> >www:*:80:
> >nogroup:*:65533:
> >nobody:*:65534:
> >harry:*:####:
> >uli:*:####:
> >schowi:*:####:
> >administrator:*:####:
> >alle:*:####:root,harry,uli,schowi,administrator
> >setiathome:*:####:
> >
> >-Harry

--Boundary-02=_35u8/7pK+g5LKgl
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQA/8u53Bylq0S4AzzwRApzXAJ4kqUYkaJyA5EevLHTcXh+RLO3j5ACfeA+s
B8yvFdkwMtcE6rlDfJldcN8=
=fm7K
-----END PGP SIGNATURE-----

--Boundary-02=_35u8/7pK+g5LKgl--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200312311642.47172>