Removable media security in FreeBSD
Peter Pentchev
roam at ringlet.net
Tue Jun 10 09:08:03 PDT 2003
On Tue, Jun 10, 2003 at 08:58:06AM -0600, Brett Glass wrote:
> At 01:14 AM 6/10/2003, Jon DeShirley wrote:
>
> >Example:
> >
> >%users NOPASSWD:ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
> >
> >What does this do? It allows users in the group 'users' to run the explicit commands ONLY.
>
> Ah, but the commands will be different for each user, because
> one needs to change permissions and ownership to a specific
> user (and, if you mount in the user's home directory, a
> specific path). What's more, the command must only be
> allowed to execute if the user is logged in via an X Windows
> desktop manager at the console, and the effects must be
> undone when s/he logs out. So, there are a lot of logistics
> that may make it infeasible to use this approach.
So, uhm, make a script to mount/chmod/etc, and another script
to unmount/unchmod/etc, and only allow sudo access to those?
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at sbnd.net roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence is false.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030610/7adb0fc2/attachment.bin
More information about the freebsd-security
mailing list