Date: Mon, 25 Apr 2005 13:06:49 +0900 From: Joel <rees@ddcom.co.jp> To: freebsd-questions@freebsd.org Subject: Re: Allowing a group to use fstab mount-points Message-ID: <20050425122640.45C8.REES@ddcom.co.jp> In-Reply-To: <200504250419.02530.list-freebsd-2004@morbius.sent.com> References: <44ekczzz4t.fsf@be-well.ilk.org> <200504250419.02530.list-freebsd-2004@morbius.sent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I have fstab entries for several devices that aren't mounted at boot, but
> > > when mounting as an ordinary user, I can only mount a device on a
> > > mount-point that I own.
> > >
> > > Is it possible to relax this so that any user in the operator group can
> > > make use of the same fstab entries? I know I could make separate entries
> > > for each user, but it's a bit cumbersome.
Have you looked at sudo?
(The way I'm recommending sudo for everything, you'd think it was peanut
butter.)
> > Most people don't really want a user to be able to mount devices any
> > time, but only when that user is on the console. fbtab(5) and
> > equivalent functionality under X take care of that quite well.
>
> That's interesting, I wasn't aware of fbtab before. However it doesn't really
> help. As I read it, it only allows the ownership of devices to be changed,
> not mount-points.
?
Mount points are normal directories. Not sure what you're aiming at
there.
> On a desktop machine, without remote access, there isn't really any
> significant problem with users mounting dvds etc. Actually, I normally mount
> devices as root, it's just that when other people (who are definitely never
> going to be in my wheel group) borrow my computer they make patronizing
> comments if this kind of thing isn't straightforward, and clean.
Well, we don't want to be rude about the people who borrow your computer,
but if they make patronizing remarks about something like this, I'm not
sure I'd let them borrow my computer. ;)
> Basically, what I'd like is for users to be able to mount certain devices from
> KDE, without going through hoops, or using strange mount-points.
FWIW, I've done this with sudo, though I don't think if I've done it
with sudo on freebsd. But you ought to be able to set up sudo to allow
the user you loan them mount whatever. Just be careful. If they are
making patronizing remarks, you definitely don't want them being able to
get root. ;-|:
Rough idea --
Set up a new user, maybe named "mounter", member of operator, no login
shell, password blocked, etc. Allocate a /home/mounter for the account,
just in case, and set PATH to empty. Put as many bumps in the road as
you have time.
If the account you loan out to these guys is "loaner", you can put an
entry in sudoers that will allow the "loaner" account to do one command,
and one command only, to mount the CD. (I assume it's the CD.) Be
careful how you specify the parameters, so you don't open a hole for
them. I think mounting is one of the examples for sudoers.
If the command you set up in sudoers is something like
mount /mnt/cdrom
then they will type
sudo -u mounter mount /mnt/cdrom
I'd refrain from giving them NOPASSWD on it, just because they're
obnoxious. But if you've been logging in for them so they won't have a
password, you'll either have to let them have the password to the loaner
account after all so they can enter it after the command, or you'll have
to give them the NOPASSWD option in sudoers .
I'd give you a guess of what the line for sudoers would look like, but,
as I say, mounting is one of the examples you'll see when you man
sudoers.
HTH
--
Joel Rees <rees@ddcom.co.jp>
digitcom, inc. $B3t<02q<R%G%8%3%`(B
Kobe, Japan +81-78-672-8800
** <http://www.ddcom.co.jp>; **
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050425122640.45C8.REES>