Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Apr 2006 14:47:43 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Stefan Sperling <stsp@stsp.in-berlin.de>
Cc:        Jan Grant <jan.grant@bristol.ac.uk>, hackers@freebsd.org
Subject:   Re: RFC: Adding a ``user'' mount option
Message-ID:  <20060405144435.Y82516@fledge.watson.org>
In-Reply-To: <20060405124840.GA1696@dice.stsp.lan>
References:  <1144042356.824.16.camel@shumai.marcuscom.com> <1144133238.9725.32.camel@shumai.marcuscom.com> <20060404114547.GA1613@dice.stsp.lan> <200604042252.17806.soralx@cydem.org> <20060405120035.GA1372@dice.stsp.lan> <20060405133507.G15367@tribble.ilrt.bris.ac.uk> <20060405124840.GA1696@dice.stsp.lan>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 5 Apr 2006, Stefan Sperling wrote:

> I wasn't serious. Sudo is fine by me as well. However, having something that 
> is in the base system (and not in ports) to allow user mounts would be neat. 
> Still, KDE and GNOME and even xorg are in ports as well, so that point is 
> not a really strong one either.
>
> The only thing that still nags me about the sudo solution is that if you 
> have to use sudo anyway, why was vfs.usermount even implemented in the first 
> place? Using sudo makes it redundant.

Well, there are some notions that vfs.usermount captures that other variations 
currently don't.  One of those is the idea that the kernel will have direct 
access to the credentials used to authorize the mount, rather than the kernel 
being passed a root credential.  This becomes interesting when there are file 
systems without an integrated notion of file ownership (such as msdosfs), or 
for file systems that will make use of user keying material or access files 
and services using the privileges of the user (i.e., distributed file 
systems).  For example, NFS uses the privileges of the user performing the 
mount to create sockets, access the network, etc.  Whether this ends up being 
important in the big picture is another question, but there is an important 
semantic difference there from the perspective of kernel access control.

Robert N M Watson



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060405144435.Y82516>