Date: Wed, 05 Dec 2001 07:18:08 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de> Cc: freebsd-ports@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: SUDO trouble in FBSD 4.4-STABLE Message-ID: <200112051518.fB5FIIQ12646@cwsys.cwsent.com> In-Reply-To: Your message of "Wed, 05 Dec 2001 13:14:17 %2B0100." <20011205125758.L648-100000@klima.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20011205125758.L648-100000@klima.physik.uni-mainz.de>, "Hartmann, O
." writes:
> Hello.
>
> Using 'sudo' from the ports collection the first time on FBSD 4.4-STABLE
> I run into trouble.
I will try a lateral approach to answering (or not answering) your
question.
First, I think that giving users the open ability to mount and unmount
filesystems is probably not the best thing to do. However you can
specify arguments as in your last example.
I think that an easier and more secure approach would be to use amd.
For example, I use the following amd config to mount a 2 GB Orb disk (a
removable hard disk).
/defaults opts:=rw,intr,timo=10,retrans=5,nosuid,nodev
archives host!=cwsys;rhost:=cwsys;rfs:=/vol/${key};type:=nfs;fs:=${autodi
r}/${key}; \
host==cwsys;type:=ufs;dev:=/dev/da2c;opts:=rw
You dan set up a shell script with:
amq -u /vol/archives
to unmount the device.
Users that you wish to give access to mount the device only need to be
in the group that has permission to traverse /vol, e.g. /vol would
have permissions of 550 owned by user root and group cdrom. Then add
users to the cdrom group to give them permission to mount CDROMs.
Advantage? Well, all users need to do is pop the CDROM into the drive
and use it, e.g. cd /vol/cdrom.
Disadvantage? They still need to issue an amq -u command (which can be
put into a shell script and executed via sudo). For example:
umount_cdrom:
#!/bin/sh -
sudo /usr/sbin/amq -u /vol/cdrom
In your sudoers file you would have:
USERS HOSTNAMES=(root) NOPASSWD: /usr/sbin/amq -u /vol/cdrom
You can solve the last disadvantage through an unmount amd
specification, however users would have to wait until the mount times
out and furthermore you may not want to unmount your CDROMs
automatically.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD
Ministry of Management Services
Province of BC
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112051518.fB5FIIQ12646>