Date: Thu, 22 Apr 1999 11:28:28 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Jorge Aldana <jorge@salk.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Users mounting CD's or Audio CD's Message-ID: <Pine.BSF.4.03.9904221125450.7869-100000@resnet.uoregon.edu> In-Reply-To: <Pine.BSF.3.96.990421144013.2782J-100000@davinci.salk.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Apr 1999, Jorge Aldana wrote: > Yes, but which permissions need to be set on what? I'd like to do this and > avoid any security holes if possible. Allowing (regular) users to mount/umount FSs is already a security problem; it's quite trivial to panic the kernel with a floppy drive, remount /usr to a trojaned NFS share, or other Bad Things. There's a reason why every other UNIX hardware vendor uses power eject floppies. :) > I've seen code that uses setgid? or setuid? to do this but I'm not sure I > want to go down that road if there is an offical way of doing this with > FreeBSD. Also, others have mentioned super? but I still get permissions > errors? Super/sudo should allow it; I've done it myself. > I'm currently looking through the archive mail lists but so far no > concrete info. All I can find is use app this and that but no config > parameters? With sudo you can restrict the users to running only /sbin/mount and /sbin/umount. You can't restrict what they can do with those commands, only the ability to execute them as root. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9904221125450.7869-100000>