From owner-freebsd-hackers@FreeBSD.ORG  Wed Apr  5 17:14:34 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: hackers@freebsd.org
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 44FCD16A400
	for <hackers@freebsd.org>; Wed,  5 Apr 2006 17:14:34 +0000 (UTC)
	(envelope-from rick@kiwi-computer.com)
Received: from kiwi-computer.com (megan.kiwi-computer.com [63.224.10.3])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8769A43D45
	for <hackers@freebsd.org>; Wed,  5 Apr 2006 17:14:31 +0000 (GMT)
	(envelope-from rick@kiwi-computer.com)
Received: (qmail 3204 invoked by uid 2001); 5 Apr 2006 17:14:29 -0000
Date: Wed, 5 Apr 2006 12:14:29 -0500
From: "Rick C. Petty" <rick-freebsd@kiwi-computer.com>
To: babkin@users.sf.net
Message-ID: <20060405171429.GA3067@megan.kiwi-computer.com>
References: <21929145.3307121144162800285.JavaMail.root@vms172.mailsrvcs.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <21929145.3307121144162800285.JavaMail.root@vms172.mailsrvcs.net>
User-Agent: Mutt/1.4.2.1i
Cc: hackers@freebsd.org
Subject: Re: Re: RFC: Adding a ``user'' mount option
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2006 17:14:34 -0000

On Tue, Apr 04, 2006 at 10:00:00AM -0500, Sergey Babkin wrote:
> 
> Would it make sense to be able to specify a group in fstab?
> Then the users can be simply given membership of this
> group to mount the devices.

Why not just assume allowable users are in the "operator" group.  Isn't
this what that group was designed for?  I certainly setup my boxes to give
users permission to access the soundcard and other "operators of this
machine" devices...

If not operator, then maybe one configurable group, defaulting to operator.
Admins who want special circumstances can use devfs rules to set the group
for certain devices.

This way, we use unix-isms such as:
1). can the user mount filesystems?  (vfs.usermount)
2). does the user have permissions to the device?  (e.g. group-read/write
to said device)
3). does the user have permissions to the mountpoint?  (e.g. user
read/write/execute)

-- Rick C. Petty