Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 7 Apr 2006 01:42:39 +0200
From:      Stefan Sperling <stsp@stsp.in-berlin.de>
To:        Darren Pilgrim <darren.pilgrim@bitfreak.org>
Cc:        hackers@freebsd.org
Subject:   Re: RFC: Adding a ``user'' mount option
Message-ID:  <20060406234239.GB1913@dice.stsp.lan>
In-Reply-To: <44356DDF.4000702@bitfreak.org>
References:  <1144042356.824.16.camel@shumai.marcuscom.com> <4430BA79.2030403@freebsd.org> <44316387.1090609@FreeBSD.org> <44321277.7040904@FreeBSD.org> <1144133238.9725.32.camel@shumai.marcuscom.com> <20060404114547.GA1613@dice.stsp.lan> <4432B61E.1030403@bitfreak.org> <20060405115853.GA1390@dice.stsp.lan> <44356DDF.4000702@bitfreak.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 06, 2006 at 12:37:03PM -0700, Darren Pilgrim wrote:
> >Access control is done via permissions of files in /dev. If I have
> >proper permissions to a device file, I can mount it at a directory
> >I own. If I don't have proper permissions to a device file, I cannot
> >mount it at all. This has nothing to do with fstab.
> 
> But it does.  GNOME/KDE provides a means of mounting devices by users that 
> would otherwise require a suid mount program.  If GNOME/KDE allowed this 
> functionality to be used directly with devices, rather than through fstab, 
> then without writing an parallel access control system into GNOME/KDE, 
> there would be nothing stopping a user from exploiting it to mount system 
> volumes.

So GNOME/KDE are already using suid binaries for mounting?
I do not see how else users would be able to mount arbitrary volumes.

People said they do not like suid binaries.
This is exactly what could be avoided with just using vfs.usermount
to control mounting from within KDE/GNOME. Proper access control system
is already there with vfs.usermount and /dev permissions. No need to
write a parallel system. There is one already - in fact, it looks
like GNOME/KDE are already duplicating functionality.

I don't really see a reason to have suid binaries at all if you
have something like vfs.usermount. It is much better than how Linux
does it (/bin/mount is setuid in Linux).

> >That's true - but you could provide sane default options, and make
> >them changable via the gui. If there are quotas on a file system,
> >or anything else you don't want the user to mess with, well, don't
> >give the user access to the device node in /dev.
> 
> That's the point exactly, we don't want users having direct access to the 
> device nodes.  fstab allows that by providing a means of referencing device 
> nodes without specifying them to the mount command and also allows devices 
> to be marked with the filesystem and mount options desired.  If GNOME/KDE 
> had code to parallel fstab, then the GNOME/KDE developers have to keep up 
> with changes to available filesystems and mount options for every supported 
> OS out there.  That's a lot of work just to parallel and already adequate 
> system.

It's true that changing the way GNOME and KDE operate involves lots of
porting work. But that's what the FreeBSD/KDE and FreeBSD/Gnome projects
are there for, aren't they? I bet they've made much larger adjustments
than changing they way mounts are handled (but I don't know and I'm just
bluntly guessing here).

And the current system is not adequate:
Consider massive multi-user installations, like university computer pools.
You don't want to list every student in fstab just so they can mount a CD
or a USB stick. I do not administrate an environment on that scale, but
I know people who do and they told me they find it easier to do
administrate large pools with Linux, because it has a user mount option
for fstab.
-- 
stefan
http://stsp.in-berlin.de                                 PGP Key: 0xF59D25F0




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060406234239.GB1913>