Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Dec 1999 13:38:30 -0500 (EST)
From:      danh@wzrd.com (Dan Harnett)
To:        mark@ukug.uk.freebsd.org (Mark Ovens)
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Non-root mounting of CD-ROMs
Message-ID:  <19991205183830.B76BD5D05A@mail.wzrd.com>
In-Reply-To: <19991205175354.B696@marder-1> from Mark Ovens at "Dec 5, 1999  5:53:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
You should be able to allow anyone to mount anything without setting the setuid
bit on /sbin/mount*.   First, the permissions on the actual device need to be
changed so a user can access that device.   Second, a simple sysctl will let
the user mount a device:

sysctl -w vfs.usermount=1

As an alternative, you could put the user into the operator group, but this will
give the user more privileges than probably intended.

Dan Harnett


> A thread on the UK User Group mailing list about non-root users
> mounting CD-ROMs included posts from a couple of people running
> -STABLE who could do this. I tried and it doesn't work for me. A
> ktrace(1) showed the call to mount(2) returning EPERM, which is what I
> would expect.
> 
> After several posts we established that the only differences we could
> find between my setup and theirs is that I'm using a SCSI CD-ROM and
> they both have IDE. Additionally, their systems were cvsup'd more
> recently than mine (mine was around the end of September) and no-one
> has made /sbin/mount* setuid.
> 
> A look through the CVS logs on the web-site shows that there have been
> quite a few changes to mount in the last couple of months.
> 
> So, the question is, should a non-root user be able to mount a CD-ROM
> (without making /sbin/mount* setuid)?
> 
> -- 
> PERL has been described as "the duct tape of the Internet"
> and "the Unix Swiss Army chainsaw"
> 				- Computer Shopper 12/99
> ________________________________________________________________
>       FreeBSD - The Power To Serve http://www.freebsd.org
>       My Webpage http://ukug.uk.freebsd.org/~mark/
> mailto:mark@ukug.uk.freebsd.org              http://www.radan.com
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991205183830.B76BD5D05A>