Date: Sun, 02 Apr 2006 23:02:33 -0700 From: Colin Percival <cperciva@freebsd.org> To: Joe Marcus Clarke <marcus@freebsd.org> Cc: hackers@freebsd.org Subject: Re: RFC: Adding a ``user'' mount option Message-ID: <4430BA79.2030403@freebsd.org> In-Reply-To: <1144042356.824.16.camel@shumai.marcuscom.com> References: <1144042356.824.16.camel@shumai.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Marcus Clarke wrote: > I know we have vfs.usermount, but this is not always sufficient since > the user has to own the mount point in question. What I propose is to > add a ``user'' mount option à la Linux. This would make mount and > umount setuid root, but would allow much more flexibility when it comes > to removable media and desktop systems. If I understand the patch correctly, you're proposing that some filesystems be marked as "this can be mounted or unmounted by non-root users". If this is correct, it seems to me that a more appropriate solution is to add an /etc/usermount.conf file and a new setuid utility usermount(8) which would look at the invoking user and the filesystem requested and either pass the request to mount(8) or reject it. Generally speaking it's much better to add a new setuid program which does exactly what you need, rather than making an existing and possibly insecure program setuid. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4430BA79.2030403>