On Mon, Jan 12, 2004 at 02:59:38PM -0600, Eric F Crist wrote:
Content-Description: signed data
> On Monday 12 January 2004 02:50 pm, Gautam Gopalakrishnan wrote:
> > On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote:
> > Content-Description: signed data
> >
> > > What is the most secure way to enable mounting of flash drives, cdroms,
> > > and floppies?  I've seen solutions that include setting setuid on mount. 
> > > I would rather not go this route.  Is there any other easy, secure way?
> >
> > sudo is the easiest I've seen. I've stopped using su nowadays, for anything
> Gautam,
> I guess I should have specified a little clearer.  My desktop users have an 
> icon on their desktops so they can access the cdrom, usb flash drives, etc.  
> They need the ability to just right-click an select mount or unmount.  I have 
> temporarily setuid on mount and umount, but this allows these users to mount 
> and unmount core filesystems, too. I would like to get away from this.

My newbie suggestion would be to make mount and umount a shell
script which just execs sudo. In sudo, you could specify which users
could (un)mount which devices. You would obviously need to rename
mount and umount and remember to keep track when you do a buildworld...
My 0.02


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to