From owner-freebsd-chat Thu Jan 4 4:55:15 2001 From owner-freebsd-chat@FreeBSD.ORG Thu Jan 4 04:55:13 2001 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from uranus.interscope.ro (unknown [193.226.188.3]) by hub.freebsd.org (Postfix) with ESMTP id 57AFC37B400 for ; Thu, 4 Jan 2001 04:55:10 -0800 (PST) Received: by URANUS with Internet Mail Service (5.5.2650.21) id ; Thu, 4 Jan 2001 14:51:49 +0200 Message-ID: From: Stefan KORONKA To: 'Rahul Siddharthan' Cc: "'chat@freebsd.org'" Subject: RE: desktops and mounting Date: Thu, 4 Jan 2001 14:51:47 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Stefan KORONKA said on Jan 4, 2001 at 14:22:53: > > > From: Rahul Siddharthan > > > > > > Recently while setting up a FreeBSD machine for desktop use, and > > > watching linux users on their machines, it seemed to me that > > > everything that can be done on linux can be done equally easily on > > > FreeBSD -- except non-root mounting of removable media > (like floppies, > > > CDROMs). You can't allow user mounts simply by adding a > "user" option > > > in /etc/fstab, and simple point-and-clicking in KDE/GNOME > doesn't work > > > either. > > > > Yes, I am one of those who don't like to su every time I > need to mount > > something. So I did the following: > > > > chmod 4555 /sbin/mount* > > chmod 4555 /sbin/umount > > > > Read the chmod man page to see what that 4 bit means. You > can do the same > > for all the utilities who need root access. In order to > improve security, > > you can something like: > > > > chgrp somegroup mount* > > chmod 4550 mount* > > > > and add your users to the "somegroup" group. > > Interesting. Now that I look and see, the mount program is already > suid on linux systems. However, won't doing this mean that > an arbitrary > user can mount/dismount any filesystem, not just the CDROM? (linux > has the "user" option in /etc/fstab which is required for non-root > mounting.) > Yes, I know. Of course, you can do only "chmod 4550 mount_cd9660", but you still need to modify the access for the umount. You better ask this on -questions; i am wondering what the answer is too - if there will be some answer. stefan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message