DragonFly BSD
DragonFly users List (threaded) for 2011-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: user mountable filesystem

From: Oliver Fromme <check+lf6dug00rsk91wtv@xxxxxxxxxx>
Date: 17 Jan 2011 17:31:53 GMT

Pierre Abbat <phma@phma.optus.nu> wrote:
 > On Thursday 13 January 2011 17:02:54 Thomas Nikolajsen wrote:
 > > Either you can login as root to do the mount / umount,
 > > or you can set sysctl vfs.usermount to a non-zero value.
 > >
 > > This is described in mount.2 manual page;
 > > 'mount -a mount' also shows mount options (mount.8);
 > > we don't have 'user', as you found.
 > >
 > > Please be aware of security consequences if you allow all users to mount.
 > That would allow all users to mount *anything*, which is not what I want.

No, there are some restrictions:  The user needs access
to the device he wants to mount, *and* he needs to own the
mount point.

 > I want any user to mount the thumb drive, but I certainly don't want any
 > user but root to mount the hard disk.

That won't be possible because normal uses don't have
the privilege to access the hard disk devices.  Those
are typically accessible for root and the operator group

If you don't want to set sysctl vfs.usermount=1, another
alternative is to use a tool like sudo(8) or super(1).
That's not necessarily more secure, though.

Best regards

Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]