Date: Tue, 20 Oct 1998 10:09:39 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: jm7996@devrycols.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: mount for users Message-ID: <199810201709.KAA29132@pau-amma.whistle.com> In-Reply-To: <Pine.BSF.4.02.9810161709490.832-100000@insomnia.local.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Fri, 16 Oct 1998 17:12:05 -0400 (EDT) >From: "James A. Mutter" <jmutter@devrycols.edu> >Is there any way to allow normal users to mount / unmount drives? Yes, but I really don't expect that you want to do this the "easy" way. >I've looked at the man pages for mount, mount_msdos, and mount_nfs. >I've got a single machine here and it's just a pain in the arse for me to >su and then mount, and such. I'd like to do this without changing >permissions/groups on any of the binaries. I'd imagine that has to be a >configuration option for this, but it has so far escaped me. Well, it's possible that FreeBSD might have a way, but I'd be inclined to doubt it. First, mounting & unmounting requires root privelege, period. (Consider the ramifications of someone placing a floppy with "interesting" contents on it in the drive & mounting it on /etc -- or on /dev.) So the "easy" (and the quotes are there because in the long term, I don't think this is really *easy*) way would be to make mount & umount setuid root. As mentioned above, though, this is only OK if you don't care about the system or you're absolutely certain that you can trust everyone who can login. As another approach, you might be able to cobble up a "wrapper" program that is setuid root, and which does some appropriate "reality checks"; if those all pass, it then would perform the requested action. Such a program would need to be *very* carefully written, to be sure that it could not fall victim to abuse, as well as to ensure that any mode of failure is benign. As a reference for something similar to this latter approach, please note the Solaris 2 "vold" -- and please note that it has had a significant share of problems. david -- David Wolfskill UNIX System Administrator dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810201709.KAA29132>