Date: Wed, 31 Dec 2003 16:42:41 +0100 From: Harald Schmalzbauer <h@schmalzbauer.de> To: Dany <dany_list@natzo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Mounting CDROM as user under 5.x Message-ID: <200312311642.47172@harrymail> In-Reply-To: <3FF2ED2E.6040200@natzo.com> References: <3FF2612A.6050903@natzo.com> <200312311625.38220@harrymail> <3FF2ED2E.6040200@natzo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_35u8/7pK+g5LKgl Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 31 December 2003 16:37, Dany wrote: > Thanks Harry for taking the time to answer my questions. I think based > on your comments it should work. > > Is there any security concern having a user belonging to the group > operator ? I never really cared about. AnonFTP is owned by operator, but in general I= =20 think wheel is worse than operator. Please correct me anybody, I don't really care on my workstation ;) Best is to have a look through the (default) filesystem and see if operator= =20 has any write permissions where it was no good. I'm quiet sure wheel has mu= ch=20 too much read permissions for "normal" users. But that doesn't matter for=20 useres who can su ;) Happy new year, =2DHarry > > Thanks again > Dany > > Harald Schmalzbauer wrote: > >On Wednesday 31 December 2003 16:07, Dany wrote: > >>Harald Schmalzbauer wrote: > > > >*SNIP* > > > >>This is pretty much what I've tried. My user is in the Wheel group. > >>Would this exact configuration work ? Should I set any other > >>permission in order to have the user from the wheel group to mount > >> drives? > >> > >>Thanks for posting your configuration. > >> > >>PS: One thing I've noticed with this specific user, whenever he creates > >>something the file/directory will show owner:username group:username. > >>I've used the command "groups" as well as chpass I think and they gave > >>me only one group for this username... wheel. Why doesn't wheel appear > >>as the group owner for stuff that username is creating ? > > > >When you add a user with "adduser" by default FreeBSD creates a group > > similar named like the username. If you later say that this user should > > be in group wheel it's additional. > > > >>>>>>>added the following to /dev/devfs.conf > >>>>>>>link acd0 cdrom > >>>>>>>perm acd0 0660 > > > >This line just gives write access to group. You can either add the line: > >own acd0 root:wheel > > > >or you edit /etc/groups and add your user to the group operator. > >I'd prefere the latter. > > > >Here's my simple /etc/group example: > ># $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ > ># > >wheel:*:0:root,harry > >daemon:*:1: > >kmem:*:2: > >sys:*:3: > >tty:*:4: > >operator:*:5:root,harry > >mail:*:6: > >bin:*:7: > >news:*:8: > >man:*:9: > >games:*:13: > >staff:*:20: > >sshd:*:22: > >smmsp:*:25: > >mailnull:*:26: > >guest:*:31: > >bind:*:53: > >uucp:*:66: > >dialer:*:68: > >network:*:69: > >www:*:80: > >nogroup:*:65533: > >nobody:*:65534: > >harry:*:####: > >uli:*:####: > >schowi:*:####: > >administrator:*:####: > >alle:*:####:root,harry,uli,schowi,administrator > >setiathome:*:####: > > > >-Harry --Boundary-02=_35u8/7pK+g5LKgl Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/8u53Bylq0S4AzzwRApzXAJ4kqUYkaJyA5EevLHTcXh+RLO3j5ACfeA+s B8yvFdkwMtcE6rlDfJldcN8= =fm7K -----END PGP SIGNATURE----- --Boundary-02=_35u8/7pK+g5LKgl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312311642.47172>