From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 5 13:47:46 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1B0916A432 for ; Wed, 5 Apr 2006 13:47:46 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6167343D48 for ; Wed, 5 Apr 2006 13:47:46 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id BEEE446C38; Wed, 5 Apr 2006 09:47:43 -0400 (EDT) Date: Wed, 5 Apr 2006 14:47:43 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Stefan Sperling In-Reply-To: <20060405124840.GA1696@dice.stsp.lan> Message-ID: <20060405144435.Y82516@fledge.watson.org> References: <1144042356.824.16.camel@shumai.marcuscom.com> <1144133238.9725.32.camel@shumai.marcuscom.com> <20060404114547.GA1613@dice.stsp.lan> <200604042252.17806.soralx@cydem.org> <20060405120035.GA1372@dice.stsp.lan> <20060405133507.G15367@tribble.ilrt.bris.ac.uk> <20060405124840.GA1696@dice.stsp.lan> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Jan Grant , hackers@freebsd.org Subject: Re: RFC: Adding a ``user'' mount option X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2006 13:47:47 -0000 On Wed, 5 Apr 2006, Stefan Sperling wrote: > I wasn't serious. Sudo is fine by me as well. However, having something that > is in the base system (and not in ports) to allow user mounts would be neat. > Still, KDE and GNOME and even xorg are in ports as well, so that point is > not a really strong one either. > > The only thing that still nags me about the sudo solution is that if you > have to use sudo anyway, why was vfs.usermount even implemented in the first > place? Using sudo makes it redundant. Well, there are some notions that vfs.usermount captures that other variations currently don't. One of those is the idea that the kernel will have direct access to the credentials used to authorize the mount, rather than the kernel being passed a root credential. This becomes interesting when there are file systems without an integrated notion of file ownership (such as msdosfs), or for file systems that will make use of user keying material or access files and services using the privileges of the user (i.e., distributed file systems). For example, NFS uses the privileges of the user performing the mount to create sockets, access the network, etc. Whether this ends up being important in the big picture is another question, but there is an important semantic difference there from the perspective of kernel access control. Robert N M Watson