From owner-freebsd-questions@FreeBSD.ORG Mon Jan 12 13:00:57 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF90316A4D0 for ; Mon, 12 Jan 2004 13:00:57 -0800 (PST) Received: from radicalv.com (secure.radicalv.com [216.118.91.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29EA643D41 for ; Mon, 12 Jan 2004 12:59:50 -0800 (PST) (envelope-from ecrist@adtechintegrated.com) Received: (qmail 26390 invoked from network); 12 Jan 2004 20:59:43 -0000 Received: from unknown (HELO 192.168.1.104) (66.41.18.160) by mail.radicalv.com with SMTP; 12 Jan 2004 20:59:43 -0000 From: Eric F Crist Organization: AdTech Integrated Systems, Inc To: Gautam Gopalakrishnan Date: Mon, 12 Jan 2004 14:59:38 -0600 User-Agent: KMail/1.5 References: <200401121441.05186.ecrist@adtechintegrated.com> <20040112205042.GA44664@madras.dyndns.org> In-Reply-To: <20040112205042.GA44664@madras.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_DrwAAzixvtw5jVB"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200401121459.47773.ecrist@adtechintegrated.com> cc: freebsd-questions@freebsd.org Subject: Re: Mounting as non-root? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@adtechintegrated.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2004 21:00:57 -0000 --Boundary-02=_DrwAAzixvtw5jVB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Monday 12 January 2004 02:50 pm, Gautam Gopalakrishnan wrote: > On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote: > Content-Description: signed data > > > What is the most secure way to enable mounting of flash drives, cdroms, > > and floppies? I've seen solutions that include setting setuid on mount= =2E=20 > > I would rather not go this route. Is there any other easy, secure way? > > sudo is the easiest I've seen. I've stopped using su nowadays, for anythi= ng Gautam, I guess I should have specified a little clearer. My desktop users have an= =20 icon on their desktops so they can access the cdrom, usb flash drives, etc.= =20 They need the ability to just right-click an select mount or unmount. I ha= ve=20 temporarily setuid on mount and umount, but this allows these users to moun= t=20 and unmount core filesystems, too. I would like to get away from this. =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_DrwAAzixvtw5jVB Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAAwrDzdyDbTMRQIYRApvtAJ9nGJu9iMK4YV0whMF491UfDyI5EQCfY6rm RYj/e59mRhwxlZFxt+BEJcE= =H9fs -----END PGP SIGNATURE----- --Boundary-02=_DrwAAzixvtw5jVB--