From owner-freebsd-hackers@FreeBSD.ORG Fri Apr 7 17:09:51 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BDB216A411 for ; Fri, 7 Apr 2006 17:09:51 +0000 (UTC) (envelope-from vvp@unicom.tomica.ru) Received: from unicom.tomica.ru (office-gw.dgs.ru [213.183.124.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE26C43DB4 for ; Fri, 7 Apr 2006 17:09:10 +0000 (GMT) (envelope-from vvp@unicom.tomica.ru) Received: from unicom6.unicom.tomica.ru (unicom16 [192.168.1.16]) by unicom.tomica.ru (Postfix) with ESMTP id DA443797E6 for ; Fri, 7 Apr 2006 16:21:06 +0400 (MSD) From: "Vladimir V. Pavluk" Organization: Unicom To: freebsd-hackers@freebsd.org Date: Fri, 7 Apr 2006 16:19:18 +0700 User-Agent: KMail/1.8 References: <1144042356.824.16.camel@shumai.marcuscom.com> <20060406234239.GB1913@dice.stsp.lan> <200604071013.38486.aren.tyr@gawab.com> In-Reply-To: <200604071013.38486.aren.tyr@gawab.com> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604071619.18686.vvp@unicom.tomica.ru> X-Mailman-Approved-At: Fri, 07 Apr 2006 17:18:33 +0000 Subject: Re: RFC: Adding a ``user'' mount option X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 17:09:51 -0000 Anyway, I consider this to be a "hack" too :-) > Hello all, > > I've been watching this thread with some interest. > > I have actually found quite a straightforward solution to this problem that > works for me under FreeBSD, and requires no extra entries in fstab, scripts > changing permissions on login, or any other fairly ugly workaround. > > I assume that basically what we are looking for is to make > mounting/unmounting of devices as simple as possible for non-technical > users so they do not have to run mount manually at the command line. > > As mentioned before, you can easily globally restrict which users you wish > to allow mounting of a particular device by simply using group permissions > on the device. > > Then, assuming you've set vfs.usermount = 1: > > 1. ) First create some suitable directories under the user's /home folder > for mounting the devices. For example, I have: > > [= Yggdrasil | aren | /usr/home/aren =]% ls -l media > total 8 > drwxr-xr-x 2 aren aren 512 Apr 6 21:37 cdrw/ > drwxr-xr-x 2 aren aren 512 Apr 6 13:19 dvdrom/ > drwxr-xr-x 2 aren aren 512 Apr 6 15:03 floppy/ > drwxr-xr-x 2 aren aren 512 Apr 6 14:04 usbflash/ > > 2.) Next, add the devices icons to your KDE (or whichever) desktop. > > 3.) Now KDE by default will use the mount point specified under > /etc/fstab. Obviously this is no good, since the current user will not own > the mount point specified. However, if you simply open up the actual > desktop device file, it is a very straightforward text file. You can then > simply edit the "MountPoint" entry to point to the new mount location under > your home folder. > > For example, for my DVD-ROM drive desktop link: > > [= Yggdrasil | aren | /usr/home/aren/Desktop =]% cat DVD-ROM > [Desktop Action Eject] > Exec=kdeeject %v > Name=Eject > > [Desktop Entry] > Actions=Eject; > Dev=/dev/cd1 > Encoding=UTF-8 > Icon=dvd_mount > MountPoint=/home/aren/media/dvdrom > FSType=cd9660 > ReadOnly=true > Type=FSDevice > UnmountIcon=dvd_unmount > X-KDE-Priority=TopLevel > > > The "FSType" entry is not usually there by default either, but it helps to > make sure that the correct option is called to mount. > > > > Mounting a device is as simple as just clicking on the desktop icon now, > which is exactly what we wanted. It will mount the device under the mount > location in my /home, which I own, and everything works great. > > This method requires no alteration/extra entries in /etc/fstab, no chown on > a global mount location (since the user always owns their own local mount > point), no sudo and no setuid. Minimal security compromise. > > For a large network, it should be fairly trivial to create a script that > will add the users to the correct group(s) for mouting the given device(s), > create the necessary mount directories under the user's /home directory, > and populate their KDE (or whichever) desktop with the correct (modified) > desktop entries. Job done. > > Regards, > > Aren.