From owner-freebsd-hackers Tue Aug 17 19:35: 7 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161]) by hub.freebsd.org (Postfix) with ESMTP id 7346614E73 for ; Tue, 17 Aug 1999 19:34:54 -0700 (PDT) (envelope-from doconnor@gsoft.com.au) Received: from cain.gsoft.com.au (doconnor@cain [203.38.152.97]) by cain.gsoft.com.au (8.8.8/8.8.8) with ESMTP id MAA26487; Wed, 18 Aug 1999 12:04:28 +0930 (CST) (envelope-from doconnor@gsoft.com.au) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <199908180217.TAA03970@scv1.apple.com> Date: Wed, 18 Aug 1999 12:04:28 +0930 (CST) From: "Daniel O'Connor" To: Wilfredo Sanchez Subject: RE: Need some advice regarding portable user IDs Cc: umeshv@apple.com, warner.c@apple.com, pwd@apple.com, tech-userlevel@netbsd.org, freebsd-hackers@freebsd.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_ Content-Type: text/plain; charset=us-ascii On 18-Aug-99 Wilfredo Sanchez wrote: > I think the desired behaviour would be that since this is > effectively now Joe's zip disk, he should be able to do as he > pleases. One proposal might be to give the console user the > equivalent of root's priveledges on any removeable media he inserts > into the machine while he's logged in on the console. This solves > the immediate problem of permissions for Joe, since the file owners > are, on his machine and in this situation, largely irrelevant. > Presumably the console user is the one fiddling with the external > media. How about just adding some flags to mount and modifying UFS so that you can override the uid/gid on mount.. I assume you mean Joe uses something like sudo so he can mount the disk.. So allow users to use the fancy new mount command (with certain limitations on the mountable device node of course...) > As another example, a similar situation often comes up on the net > with tar files containing UIDs and GIDs other than zero. Add an option to tar to override UID's and GID's.. Not that you can chown a file as non root anyway, but it IS annoying when you untar something as root to find the files are owned by some weird UID:GID. > One problem with my proposal (setting security and perhaps other > implications aside for the moment), is that knowing what media is > removeable is becoming increasingly difficult. Hot-swappable drives > (eg. FireWire) are effectively removeable, and may be transported > between machines fairly regularly. Furthermore, your "internal" > drives, which are presently presumed to be local, may be on the same > bus and indistinguishable from the "external" drives. And hot swappable internal drives don't help the distinction either :) > "foreign" that you need to do something special. Certainly you might > want to ignore setuid bits, for starters. This could simply be > something like fstab, which lists the local drives, and everything > else isn't considered local. Another mount option? You could have UID:GID override mount options, and you can already mount an FS and have the kernel ignore setuid. (-o nosuid, nodev, noexec(maybe)) You could even use umapfs (assuming it works) and write some nice shell scripts to do it automatically.. Alternativly you could just use MSDOSFS for all intermachine transfers, its crap, but everything reads it and you don't get those nasty UID:GID problems either ;) --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum --_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_ Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia iQCVAwUBN7obtFbYW/HEoF9pAQFe8QP+Pjv/dDqkvueN9UZRUBiTZktVpIjwVsMl qCxVpjWazu6n0dyBK2Fr0wZs9mUe1WnxXvqvSI6W38wUNegfWYU3OAEaOpsZXfNP /9lPPQnkccwiDJYKj97HahIlVqWDx+9TGb0Ajx67sbzdBX7rIxOReJ7jDzJLFvTv /4ctMyFKwHU= =y33O -----END PGP MESSAGE----- --_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message