Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Jun 2003 19:10:43 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        Brett Glass <brett@lariat.org>
Cc:        security@freebsd.org
Subject:   Re: Removable media security in FreeBSD
Message-ID:  <20030610161043.GG485@straylight.oblivion.bg>
In-Reply-To: <4.3.2.7.2.20030610085402.02756390@localhost>
References:  <4.3.2.7.2.20030610010227.02a68ed0@localhost> <200306092254.QAA10240@lariat.org> <200306092254.QAA10240@lariat.org> <4.3.2.7.2.20030610010227.02a68ed0@localhost> <4.3.2.7.2.20030610085402.02756390@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Sr1nOIr3CvdE5hEN
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 10, 2003 at 08:58:06AM -0600, Brett Glass wrote:
> At 01:14 AM 6/10/2003, Jon DeShirley wrote:
>=20
> >Example:
> >
> >%users  NOPASSWD:ALL=3D/sbin/mount /cdrom,/sbin/umount /cdrom
> >
> >What does this do?  It allows users in the group 'users' to run the expl=
icit commands ONLY.
>=20
> Ah, but the commands will be different for each user, because
> one needs to change permissions and ownership to a specific
> user (and, if you mount in the user's home directory, a
> specific path). What's more, the command must only be
> allowed to execute if the user is logged in via an X Windows
> desktop manager at the console, and the effects must be
> undone when s/he logs out. So, there are a lot of logistics
> that may make it infeasible to use this approach.

So, uhm, make a script to mount/chmod/etc, and another script
to unmount/unchmod/etc, and only allow sudo access to those?
=20
G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence is false.

--Sr1nOIr3CvdE5hEN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE+5gMD7Ri2jRYZRVMRAtGYAJ94EbJ4DeyJAjxCb87O1SN9fkwp6QCghNza
/f+FqcEgVZKS6GkIZ7blO0U=
=x1iB
-----END PGP SIGNATURE-----

--Sr1nOIr3CvdE5hEN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030610161043.GG485>