From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 3 18:03:46 2006 Return-Path: X-Original-To: hackers@FreeBSD.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 893D816A433; Mon, 3 Apr 2006 18:03:46 +0000 (UTC) (envelope-from marcus@FreeBSD.org) Received: from av-tac-rtp.cisco.com (bantam.cisco.com [64.102.19.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60C4B43D60; Mon, 3 Apr 2006 18:03:42 +0000 (GMT) (envelope-from marcus@FreeBSD.org) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost [127.0.0.1]) by av-tac-rtp.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id k33I3fu25508; Mon, 3 Apr 2006 14:03:41 -0400 (EDT) Received: from [64.102.193.244] (dhcp-64-102-193-244.cisco.com [64.102.193.244]) by rooster.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id k33I3fm02387; Mon, 3 Apr 2006 14:03:41 -0400 (EDT) Message-ID: <44316387.1090609@FreeBSD.org> Date: Mon, 03 Apr 2006 14:03:51 -0400 From: Joe Marcus Clarke Organization: FreeBSD, Inc. User-Agent: Thunderbird 1.5 (Macintosh/20051201) MIME-Version: 1.0 To: Colin Percival References: <1144042356.824.16.camel@shumai.marcuscom.com> <4430BA79.2030403@freebsd.org> In-Reply-To: <4430BA79.2030403@freebsd.org> X-Enigmail-Version: 0.93.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: hackers@FreeBSD.org Subject: Re: RFC: Adding a ``user'' mount option X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 18:03:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Colin Percival wrote: > Joe Marcus Clarke wrote: >> I know we have vfs.usermount, but this is not always sufficient since >> the user has to own the mount point in question. What I propose is to >> add a ``user'' mount option à la Linux. This would make mount and >> umount setuid root, but would allow much more flexibility when it comes >> to removable media and desktop systems. > > If I understand the patch correctly, you're proposing that some filesystems > be marked as "this can be mounted or unmounted by non-root users". If this > is correct, it seems to me that a more appropriate solution is to add an > /etc/usermount.conf file and a new setuid utility usermount(8) which would > look at the invoking user and the filesystem requested and either pass the > request to mount(8) or reject it. As others have pointed out, the way mounting works now is fine for most advanced users (it's fine for me, as I wrote the FAQ for GNOME). However, for newer users, they don't get that removable media mounting doesn't work out-of-the-box. Other operating systems don't have this extra complexity. For example, Linux uses the user mount notation. Solaris has volume management such that media like CDs are auto-mounted, and instantly made available to users. > > Generally speaking it's much better to add a new setuid program which does > exactly what you need, rather than making an existing and possibly insecure > program setuid. What I'd like to achieve is a simple out-of-the-box way of mounting media such as CDs, and floppy disks without users necessarily needing to know about sysctl. While I can't speak for KDE, I know GNOME already has the ability to detect user-mountable media, and gives the users icons on the desktop to mount said volumes. I was hoping we could make this solution secure and flexible without the need for another utility. Joe - -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFEMWOHb2iPiv4Uz4cRAu8uAJjr8GMUcLMmf764FVtfdq/ZAkSbAJ9qLVxK mtV+SNR6h+/YDjCD8mKA5Q== =rc6p -----END PGP SIGNATURE-----