*BSD News Article 97687


Return to BSD News archive

Newsgroups: comp.unix.bsd.misc,comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!blackbush.xlink.net!ins.net!ruhr.de!devnull.ruhr.de!usenet
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
Subject: Re: User mount possible?
Content-Type: text/plain; charset=iso-8859-1
X-Newsreader: Gnus v5.3/Emacs 19.34
Sender: usenet@devnull.ruhr.de (Usenet Admin)
Content-Transfer-Encoding: 8bit
Organization: Yes we're organized
Lines: 46
Message-ID: <8767vgm5sw.fsf@devnull.ruhr.de>
References: <5nr27n$ees@vestein.arb-phys.uni-dortmund.de>
	<5nu2di$7o@xciv.demon.co.uk>
Date: Sun, 15 Jun 1997 12:03:43 GMT
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:3561 comp.unix.bsd.freebsd.misc:42854

paul@xciv.org (Paul Civati) writes:

> In article <5nr27n$ees@vestein.arb-phys.uni-dortmund.de>,
> 	wb@arb-phys.uni-dortmund.de (Wilhelm B. Kloke) writes:
> 
> > I ran into the following problem. I am serving diskless workstations
> > on FreeBSD (2.2, if that matters). I want the users of these
> > workstations to be able to mount their local disks, floppies and
> > CD-ROM, and use local swap space, if available. The man pages
> 
> Some systems (Linux for one, I think) have a 'user' mount flag, to
> enable ordinary non-root users to mount devices.

Yes.  And once you're at that you also need things flags like
"ignoresuid", "ignoredevs" and another bunch of these.  If anyone is
really going for this you might take a look at Linux first about these
flags.  Simply having a user mount a file system that contains a suid
root file or an improperly protected /dev/kmem doesn't seem such a
good idea...

> > mount(2) tell me, that the mount syscall needs superuser privilege.
> > But I don't want those users to be superusers.
> 
> But I guess, if having the above functionality, mount would have to
> be setuid for it to work.
> 
> Perhaps there is some good reason why FreeBSD (and Net, Open?) don't
> have this feature?

YASB (yet another set[ug]id binary)?  IIRC the Linux mount had some
security problems some time ago.

I think those security flags to mount file systems in a restricted way
are a useful feature, but instead of running mount SUID root or
something I'd rather have it run with appropriate command line
arguments (and environment settings etc.) from a hand-crafted wrapper
or sudo or such.


    Ben

-- 
Ben(edikt)? Stockebrand    Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes.  Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.