From owner-freebsd-stable Sun Dec 5 12:56:32 1999 Delivered-To: freebsd-stable@freebsd.org Received: from monsoon.mail.pipex.net (monsoon.mail.pipex.net [158.43.128.69]) by hub.freebsd.org (Postfix) with SMTP id 70ADB15452 for ; Sun, 5 Dec 1999 12:56:28 -0800 (PST) (envelope-from mark@dogma.freebsd-uk.eu.org) Received: (qmail 3652 invoked from network); 5 Dec 1999 20:56:26 -0000 Received: from useraf59.uk.uudial.com (HELO marder-1.) (62.188.132.46) by smtp.dial.pipex.com with SMTP; 5 Dec 1999 20:56:26 -0000 Received: (from mark@localhost) by marder-1. (8.9.3/8.8.8) id UAA01912; Sun, 5 Dec 1999 20:56:23 GMT (envelope-from mark) Date: Sun, 5 Dec 1999 20:56:23 +0000 From: Mark Ovens To: Dan Harnett Cc: freebsd-stable@freebsd.org Subject: Re: Non-root mounting of CD-ROMs Message-ID: <19991205205623.B1071@marder-1> References: <19991205175354.B696@marder-1> <19991205183830.B76BD5D05A@mail.wzrd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <19991205183830.B76BD5D05A@mail.wzrd.com> Organization: Total lack of Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Dec 05, 1999 at 01:38:30PM -0500, Dan Harnett wrote: > You should be able to allow anyone to mount anything without setting > the setuid bit on /sbin/mount*. First, the permissions on the actual > device need to be changed so a user can access that device. Doh! That was it. The one thing no-one checked. > Second, a simple sysctl will let the user mount a device: > > sysctl -w vfs.usermount=1 > > As an alternative, you could put the user into the operator group, > but this will give the user more privileges than probably intended. > It seems that you *must* use ``sysctl -w vfs.usermount=1'', even if the user in the operator group else it still gives "Operation not permitted", although it is possible for the user to umount(8) it :-/ Thanks for the help. > Dan Harnett > > > > A thread on the UK User Group mailing list about non-root users > > mounting CD-ROMs included posts from a couple of people running > > -STABLE who could do this. I tried and it doesn't work for me. A > > ktrace(1) showed the call to mount(2) returning EPERM, which is what I > > would expect. > > > > After several posts we established that the only differences we could > > find between my setup and theirs is that I'm using a SCSI CD-ROM and > > they both have IDE. Additionally, their systems were cvsup'd more > > recently than mine (mine was around the end of September) and no-one > > has made /sbin/mount* setuid. > > > > A look through the CVS logs on the web-site shows that there have been > > quite a few changes to mount in the last couple of months. > > > > So, the question is, should a non-root user be able to mount a CD-ROM > > (without making /sbin/mount* setuid)? > > > > -- > > PERL has been described as "the duct tape of the Internet" > > and "the Unix Swiss Army chainsaw" > > - Computer Shopper 12/99 > > ________________________________________________________________ > > FreeBSD - The Power To Serve http://www.freebsd.org > > My Webpage http://ukug.uk.freebsd.org/~mark/ > > mailto:mark@ukug.uk.freebsd.org http://www.radan.com > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > -- PERL has been described as "the duct tape of the Internet" and "the Unix Swiss Army chainsaw" - Computer Shopper 12/99 ________________________________________________________________ FreeBSD - The Power To Serve http://www.freebsd.org My Webpage http://ukug.uk.freebsd.org/~mark/ mailto:mark@ukug.uk.freebsd.org http://www.radan.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message