Date: Tue, 10 Jun 2003 08:58:06 -0600 From: Brett Glass <brett@lariat.org> To: Jon DeShirley <jond@uidaho.edu> Cc: security@freebsd.org Subject: Re: Removable media security in FreeBSD Message-ID: <4.3.2.7.2.20030610085402.02756390@localhost> In-Reply-To: <3EE58562.1070601@uidaho.edu> References: <4.3.2.7.2.20030610010227.02a68ed0@localhost> <200306092254.QAA10240@lariat.org> <200306092254.QAA10240@lariat.org> <4.3.2.7.2.20030610010227.02a68ed0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:14 AM 6/10/2003, Jon DeShirley wrote: >Example: > >%users NOPASSWD:ALL=/sbin/mount /cdrom,/sbin/umount /cdrom > >What does this do? It allows users in the group 'users' to run the explicit commands ONLY. Ah, but the commands will be different for each user, because one needs to change permissions and ownership to a specific user (and, if you mount in the user's home directory, a specific path). What's more, the command must only be allowed to execute if the user is logged in via an X Windows desktop manager at the console, and the effects must be undone when s/he logs out. So, there are a lot of logistics that may make it infeasible to use this approach. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030610085402.02756390>