Date: Wed, 5 Apr 2006 14:47:43 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Stefan Sperling <stsp@stsp.in-berlin.de> Cc: Jan Grant <jan.grant@bristol.ac.uk>, hackers@freebsd.org Subject: Re: RFC: Adding a ``user'' mount option Message-ID: <20060405144435.Y82516@fledge.watson.org> In-Reply-To: <20060405124840.GA1696@dice.stsp.lan> References: <1144042356.824.16.camel@shumai.marcuscom.com> <1144133238.9725.32.camel@shumai.marcuscom.com> <20060404114547.GA1613@dice.stsp.lan> <200604042252.17806.soralx@cydem.org> <20060405120035.GA1372@dice.stsp.lan> <20060405133507.G15367@tribble.ilrt.bris.ac.uk> <20060405124840.GA1696@dice.stsp.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 5 Apr 2006, Stefan Sperling wrote: > I wasn't serious. Sudo is fine by me as well. However, having something that > is in the base system (and not in ports) to allow user mounts would be neat. > Still, KDE and GNOME and even xorg are in ports as well, so that point is > not a really strong one either. > > The only thing that still nags me about the sudo solution is that if you > have to use sudo anyway, why was vfs.usermount even implemented in the first > place? Using sudo makes it redundant. Well, there are some notions that vfs.usermount captures that other variations currently don't. One of those is the idea that the kernel will have direct access to the credentials used to authorize the mount, rather than the kernel being passed a root credential. This becomes interesting when there are file systems without an integrated notion of file ownership (such as msdosfs), or for file systems that will make use of user keying material or access files and services using the privileges of the user (i.e., distributed file systems). For example, NFS uses the privileges of the user performing the mount to create sockets, access the network, etc. Whether this ends up being important in the big picture is another question, but there is an important semantic difference there from the perspective of kernel access control. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060405144435.Y82516>