RFC: Adding a ``user'' mount option
Simon L. Nielsen
simon at FreeBSD.org
Mon Apr 3 06:36:07 UTC 2006
On 2006.04.03 01:32:36 -0400, Joe Marcus Clarke wrote:
> I know we have vfs.usermount, but this is not always sufficient since
> the user has to own the mount point in question. What I propose is to
> add a ``user'' mount option à la Linux. This would make mount and
> umount setuid root, but would allow much more flexibility when it comes
> to removable media and desktop systems.
Any reason you can't just use sudo... ? I simply have lines like:
simon ALL=NOPASSWD:/sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom
in my sudoers file [1]. This way I can also restrict exactly who can
mount.
I really dislike setuid root binaries, so I really prefer if we could
avoid adding more.
As Colin noted, if this is to be done via a setuid program, it
probably should be a new program, since setuid programs has to have a
lot of special handling of things like file descriptors etc. which
normal programs can safely ignore.
[1] Note I haven't checked if this opens new and interesting holes,
but it doesn't matter too much on my laptop, since if somebody has
access to "simon" that's just as bad as someone getting root.
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060403/13c4d9e8/attachment.pgp
More information about the freebsd-hackers
mailing list