From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 3 06:04:25 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2386A16A401; Mon, 3 Apr 2006 06:04:25 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96FE343D48; Mon, 3 Apr 2006 06:04:24 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mr7so.prod.shaw.ca (pd4mr7so-qfe3.prod.shaw.ca [10.0.141.84]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IX400ECXU4ABD50@l-daemon>; Mon, 03 Apr 2006 00:02:34 -0600 (MDT) Received: from pn2ml10so.prod.shaw.ca ([10.0.121.80]) by pd4mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IX400MP4U4AF980@pd4mr7so.prod.shaw.ca>; Mon, 03 Apr 2006 00:02:34 -0600 (MDT) Received: from [192.168.0.60] ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IX40067BU49Z450@l-daemon>; Mon, 03 Apr 2006 00:02:34 -0600 (MDT) Date: Sun, 02 Apr 2006 23:02:33 -0700 From: Colin Percival In-reply-to: <1144042356.824.16.camel@shumai.marcuscom.com> To: Joe Marcus Clarke Message-id: <4430BA79.2030403@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 8BIT X-Enigmail-Version: 0.94.0.0 References: <1144042356.824.16.camel@shumai.marcuscom.com> User-Agent: Thunderbird 1.5 (X11/20060112) Cc: hackers@freebsd.org Subject: Re: RFC: Adding a ``user'' mount option X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 06:04:25 -0000 Joe Marcus Clarke wrote: > I know we have vfs.usermount, but this is not always sufficient since > the user has to own the mount point in question. What I propose is to > add a ``user'' mount option à la Linux. This would make mount and > umount setuid root, but would allow much more flexibility when it comes > to removable media and desktop systems. If I understand the patch correctly, you're proposing that some filesystems be marked as "this can be mounted or unmounted by non-root users". If this is correct, it seems to me that a more appropriate solution is to add an /etc/usermount.conf file and a new setuid utility usermount(8) which would look at the invoking user and the filesystem requested and either pass the request to mount(8) or reject it. Generally speaking it's much better to add a new setuid program which does exactly what you need, rather than making an existing and possibly insecure program setuid. Colin Percival