From owner-freebsd-questions Wed Dec 5 7:19:40 2001 Delivered-To: freebsd-questions@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 34CF037B421; Wed, 5 Dec 2001 07:19:20 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA07651; Wed, 5 Dec 2001 07:19:10 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda07649; Wed Dec 5 07:18:54 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id fB5FImJ11768; Wed, 5 Dec 2001 07:18:48 -0800 (PST) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdc11755; Wed Dec 5 07:18:19 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id fB5FIIQ12646; Wed, 5 Dec 2001 07:18:18 -0800 (PST) Message-Id: <200112051518.fB5FIIQ12646@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdA12642; Wed Dec 5 07:18:08 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: "Hartmann, O." Cc: freebsd-ports@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: SUDO trouble in FBSD 4.4-STABLE In-reply-to: Your message of "Wed, 05 Dec 2001 13:14:17 +0100." <20011205125758.L648-100000@klima.physik.uni-mainz.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 05 Dec 2001 07:18:08 -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20011205125758.L648-100000@klima.physik.uni-mainz.de>, "Hartmann, O ." writes: > Hello. > > Using 'sudo' from the ports collection the first time on FBSD 4.4-STABLE > I run into trouble. I will try a lateral approach to answering (or not answering) your question. First, I think that giving users the open ability to mount and unmount filesystems is probably not the best thing to do. However you can specify arguments as in your last example. I think that an easier and more secure approach would be to use amd. For example, I use the following amd config to mount a 2 GB Orb disk (a removable hard disk). /defaults opts:=rw,intr,timo=10,retrans=5,nosuid,nodev archives host!=cwsys;rhost:=cwsys;rfs:=/vol/${key};type:=nfs;fs:=${autodi r}/${key}; \ host==cwsys;type:=ufs;dev:=/dev/da2c;opts:=rw You dan set up a shell script with: amq -u /vol/archives to unmount the device. Users that you wish to give access to mount the device only need to be in the group that has permission to traverse /vol, e.g. /vol would have permissions of 550 owned by user root and group cdrom. Then add users to the cdrom group to give them permission to mount CDROMs. Advantage? Well, all users need to do is pop the CDROM into the drive and use it, e.g. cd /vol/cdrom. Disadvantage? They still need to issue an amq -u command (which can be put into a shell script and executed via sudo). For example: umount_cdrom: #!/bin/sh - sudo /usr/sbin/amq -u /vol/cdrom In your sudoers file you would have: USERS HOSTNAMES=(root) NOPASSWD: /usr/sbin/amq -u /vol/cdrom You can solve the last disadvantage through an unmount amd specification, however users would have to wait until the mount times out and furthermore you may not want to unmount your CDROMs automatically. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message