Date: Mon, 03 Apr 2006 14:03:51 -0400 From: Joe Marcus Clarke <marcus@FreeBSD.org> To: Colin Percival <cperciva@FreeBSD.org> Cc: hackers@FreeBSD.org Subject: Re: RFC: Adding a ``user'' mount option Message-ID: <44316387.1090609@FreeBSD.org> In-Reply-To: <4430BA79.2030403@freebsd.org> References: <1144042356.824.16.camel@shumai.marcuscom.com> <4430BA79.2030403@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Colin Percival wrote: > Joe Marcus Clarke wrote: >> I know we have vfs.usermount, but this is not always sufficient since >> the user has to own the mount point in question. What I propose is to >> add a ``user'' mount option à la Linux. This would make mount and >> umount setuid root, but would allow much more flexibility when it comes >> to removable media and desktop systems. > > If I understand the patch correctly, you're proposing that some filesystems > be marked as "this can be mounted or unmounted by non-root users". If this > is correct, it seems to me that a more appropriate solution is to add an > /etc/usermount.conf file and a new setuid utility usermount(8) which would > look at the invoking user and the filesystem requested and either pass the > request to mount(8) or reject it. As others have pointed out, the way mounting works now is fine for most advanced users (it's fine for me, as I wrote the FAQ for GNOME). However, for newer users, they don't get that removable media mounting doesn't work out-of-the-box. Other operating systems don't have this extra complexity. For example, Linux uses the user mount notation. Solaris has volume management such that media like CDs are auto-mounted, and instantly made available to users. > > Generally speaking it's much better to add a new setuid program which does > exactly what you need, rather than making an existing and possibly insecure > program setuid. What I'd like to achieve is a simple out-of-the-box way of mounting media such as CDs, and floppy disks without users necessarily needing to know about sysctl. While I can't speak for KDE, I know GNOME already has the ability to detect user-mountable media, and gives the users icons on the desktop to mount said volumes. I was hoping we could make this solution secure and flexible without the need for another utility. Joe - -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFEMWOHb2iPiv4Uz4cRAu8uAJjr8GMUcLMmf764FVtfdq/ZAkSbAJ9qLVxK mtV+SNR6h+/YDjCD8mKA5Q== =rc6p -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44316387.1090609>