Re: Mounting as non-root?
On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote: Content-Description: signed data What is the most secure way to enable mounting of flash drives, cdroms, and floppies? I've seen solutions that include setting setuid on mount. I would rather not go this route. Is there any other easy, secure way? sudo is the easiest I've seen. I've stopped using su nowadays, for anything Gautam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting as non-root?
On Monday 12 January 2004 02:50 pm, Gautam Gopalakrishnan wrote: On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote: Content-Description: signed data What is the most secure way to enable mounting of flash drives, cdroms, and floppies? I've seen solutions that include setting setuid on mount. I would rather not go this route. Is there any other easy, secure way? sudo is the easiest I've seen. I've stopped using su nowadays, for anything Gautam, I guess I should have specified a little clearer. My desktop users have an icon on their desktops so they can access the cdrom, usb flash drives, etc. They need the ability to just right-click an select mount or unmount. I have temporarily setuid on mount and umount, but this allows these users to mount and unmount core filesystems, too. I would like to get away from this. -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 pgp0.pgp Description: signature
Re: Mounting as non-root?
On Mon, Jan 12, 2004 at 02:59:38PM -0600, Eric F Crist wrote: Content-Description: signed data On Monday 12 January 2004 02:50 pm, Gautam Gopalakrishnan wrote: On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote: Content-Description: signed data What is the most secure way to enable mounting of flash drives, cdroms, and floppies? I've seen solutions that include setting setuid on mount. I would rather not go this route. Is there any other easy, secure way? sudo is the easiest I've seen. I've stopped using su nowadays, for anything Gautam, I guess I should have specified a little clearer. My desktop users have an icon on their desktops so they can access the cdrom, usb flash drives, etc. They need the ability to just right-click an select mount or unmount. I have temporarily setuid on mount and umount, but this allows these users to mount and unmount core filesystems, too. I would like to get away from this. My newbie suggestion would be to make mount and umount a shell script which just execs sudo. In sudo, you could specify which users could (un)mount which devices. You would obviously need to rename mount and umount and remember to keep track when you do a buildworld... My 0.02 Gautam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting as non-root?
Eric, Use amd, the auto-mounting daemon. See: http://www.daemonnews.org/200202/automounting.html Let me know how this works for you. I've got some problems with it, probably mainly due to an Audio CD program getting in the way. Ernst On Monday 12 January 2004 20:59, Eric F Crist wrote: On Monday 12 January 2004 02:50 pm, Gautam Gopalakrishnan wrote: On Mon, Jan 12, 2004 at 02:40:54PM -0600, Eric F Crist wrote: Content-Description: signed data What is the most secure way to enable mounting of flash drives, cdroms, and floppies? I've seen solutions that include setting setuid on mount. I would rather not go this route. Is there any other easy, secure way? sudo is the easiest I've seen. I've stopped using su nowadays, for anything Gautam, I guess I should have specified a little clearer. My desktop users have an icon on their desktops so they can access the cdrom, usb flash drives, etc. They need the ability to just right-click an select mount or unmount. I have temporarily setuid on mount and umount, but this allows these users to mount and unmount core filesystems, too. I would like to get away from this. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting as non-root?
Hi, What is the most secure way to enable mounting of flash drives, cdroms, and floppies? I've seen solutions that include setting setuid on mount. I would rather not go this route. Is there any other easy, secure way? You can allow mounting for ordinary users with the following sysctl(8): vfs.usermount With Gnome 2.5 (probably also with 2.4, but I need to run the development version in order to help with some ports) users can mount cdroms and floppies on mount points in their home directories (~/cdrom and ~/floppies). Unfortunately, you will need appropriate entries into /etc/fstab for every user. Simon signature.asc Description: Digital signature
