Interactions between POSIX.1e privileges and "user mounts"
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Wed Dec 17 13:01:39 GMT 2003
On Tue, Dec 16, 2003 at 04:35:29PM -0500, Robert Watson wrote:
+> [...] Should an unprivileged root user be able
+> to mount/update a file system mounted by a privileged root user?
+>
+> The first two answers to pop into my head were:
+>
+> (1) Yes. If the administrator enables usermounts, and there's not another
+> policy (such as MAC) that prohibits the operation, the root user
+> should be able to unmount a file systems it "owns".
+>
+> (2) No. We should track whether a file system was mounted with privilege,
+> and only permit update/unmount with privilege, or some of the inherit
+> tie-in with integrity models will break down.
Yes, the main problem is not sufficient definition of root user, because
it can be privileged user or not. Answer 2 is of course much more complete
and correct. So 'privileged' attribute should be absolutely not related
to uid. If we will define 'privileged' as current definition of root user
and we introduce some process flag (cred flag better) IS_PRIVILEGED that
could be set to any uid this will be most complete solution.
Of course we want to run away from today's 'god, root, what difference?',
but any capabilities should be totally uid-independent and only for
backward compatibility those attributes should be set for uid 0 by default.
It this example we should add information to file system if it was
mounted with or without privileges.
I'm wondering if there aren't more issues releated to this possibility
(possibility to change root user to unprivileged user).
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/posix1e/attachments/20031217/27554351/attachment.bin
More information about the posix1e
mailing list