Removable media security in FreeBSD
Brett Glass
brett at lariat.org
Tue Jun 10 07:58:19 PDT 2003
At 01:14 AM 6/10/2003, Jon DeShirley wrote:
>Example:
>
>%users NOPASSWD:ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
>
>What does this do? It allows users in the group 'users' to run the explicit commands ONLY.
Ah, but the commands will be different for each user, because
one needs to change permissions and ownership to a specific
user (and, if you mount in the user's home directory, a
specific path). What's more, the command must only be
allowed to execute if the user is logged in via an X Windows
desktop manager at the console, and the effects must be
undone when s/he logs out. So, there are a lot of logistics
that may make it infeasible to use this approach.
--Brett
More information about the freebsd-security
mailing list