Return to BSD News archive
Newsgroups: comp.unix.bsd.misc,comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!blackbush.xlink.net!ins.net!ruhr.de!devnull.ruhr.de!usenet From: Benedikt Stockebrand <benedikt@devnull.ruhr.de> Subject: Re: User mount possible? Content-Type: text/plain; charset=iso-8859-1 X-Newsreader: Gnus v5.3/Emacs 19.34 Sender: usenet@devnull.ruhr.de (Usenet Admin) Content-Transfer-Encoding: 8bit Organization: Yes we're organized Lines: 46 Message-ID: <8767vgm5sw.fsf@devnull.ruhr.de> References: <5nr27n$ees@vestein.arb-phys.uni-dortmund.de> <5nu2di$7o@xciv.demon.co.uk> Date: Sun, 15 Jun 1997 12:03:43 GMT Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:3561 comp.unix.bsd.freebsd.misc:42854 paul@xciv.org (Paul Civati) writes: > In article <5nr27n$ees@vestein.arb-phys.uni-dortmund.de>, > wb@arb-phys.uni-dortmund.de (Wilhelm B. Kloke) writes: > > > I ran into the following problem. I am serving diskless workstations > > on FreeBSD (2.2, if that matters). I want the users of these > > workstations to be able to mount their local disks, floppies and > > CD-ROM, and use local swap space, if available. The man pages > > Some systems (Linux for one, I think) have a 'user' mount flag, to > enable ordinary non-root users to mount devices. Yes. And once you're at that you also need things flags like "ignoresuid", "ignoredevs" and another bunch of these. If anyone is really going for this you might take a look at Linux first about these flags. Simply having a user mount a file system that contains a suid root file or an improperly protected /dev/kmem doesn't seem such a good idea... > > mount(2) tell me, that the mount syscall needs superuser privilege. > > But I don't want those users to be superusers. > > But I guess, if having the above functionality, mount would have to > be setuid for it to work. > > Perhaps there is some good reason why FreeBSD (and Net, Open?) don't > have this feature? YASB (yet another set[ug]id binary)? IIRC the Linux mount had some security problems some time ago. I think those security flags to mount file systems in a restricted way are a useful feature, but instead of running mount SUID root or something I'd rather have it run with appropriate command line arguments (and environment settings etc.) from a hand-crafted wrapper or sudo or such. Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.