From owner-freebsd-questions@FreeBSD.ORG  Sat Jul  3 21:55:55 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A1B3016A4CE
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Jul 2004 21:55:55 +0000 (GMT)
Received: from ylpvm29.prodigy.net (ylpvm29-ext.prodigy.net [207.115.57.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 493BB43D3F
	for <freebsd-questions@freebsd.org>;
	Sat,  3 Jul 2004 21:55:55 +0000 (GMT)
	(envelope-from mbsd@pacbell.net)
Received: from sotec.home (adsl-66-126-170-79.dsl.snfc21.pacbell.net
	[66.126.170.79])i63LtpCa008516;	Sat, 3 Jul 2004 17:55:51 -0400
Date: Sat, 3 Jul 2004 14:55:53 -0700 (PDT)
From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= <mbsd@pacbell.net>
X-X-Sender: mikko@sotec.home
To: jobse@yapost.com
In-Reply-To: <1088888955.680.15.camel@localhost.localdomain>
Message-ID: <20040703145317.A12064@sotec.home>
References: <1088888955.680.15.camel@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-questions@freebsd.org
Subject: Re: allowing users to mount cdrom
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2004 21:55:55 -0000

On Sat, 3 Jul 2004, jobse wrote:

> Dear List,
> When trying to mount the cdrom I get Operation not permitted.
> sysctl: vfs.usermount=0(what does that mean and how can I *permanently*
> change it to 1)
> I'd rather not set the sticky bit on mount/umount if I mustn't.
>
> suggestions?
> /jobse

vfs.usermount allows non-root users to perform a mount, provided that
they have sufficient access to both device being mounted and the
mountpoint.  Users won't be permitted to do other privileged
operations, such as loading kernel modules, so in some cases the mount
may still fail.

To set vfs.usermount=1 on every boot, add it to /etc/sysctl.conf (see
sysctl.conf(8)).

One way to give access to assorted files and devices to the user
currently logged in on the local console is to use /etc/fbtab (see
fbtab(5)), thus:

   /dev/ttyv0      0600    /dev/acd0
   /dev/ttyv0      0755    /cdrom

When using some GUI based login doohickey (xdm, gdm, kdm, whatever),
there are usually some kind of "pre-session" script where suitable
code can be inserted to tweak permissions on things when someone
is logging in on the local console (unless they are already reading
/etc/fbtab... I dunno, I'm not using a GUI login thingy).

   $.02,
   /Mikko