Re: Mounting CDROM as user under 5.x
The operator trick worked. Thanks again and happy new year. Since I've started the FreeBSD experience, I've collected about 20 pages of tips and tricks to get stuff running. I will probably publish something so others can enjoy it. Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 16:37, Dany wrote: Thanks Harry for taking the time to answer my questions. I think based on your comments it should work. Is there any security concern having a user belonging to the group operator ? I never really cared about. AnonFTP is owned by operator, but in general I think wheel is worse than operator. Please correct me anybody, I don't really care on my workstation ;) Best is to have a look through the (default) filesystem and see if operator has any write permissions where it was no good. I'm quiet sure wheel has much too much read permissions for normal users. But that doesn't matter for useres who can su ;) Happy new year, -Harry Thanks again Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 16:07, Dany wrote: Harald Schmalzbauer wrote: *SNIP* This is pretty much what I've tried. My user is in the Wheel group. Would this exact configuration work ?Should I set any other permission in order to have the user from the wheel group to mount drives? Thanks for posting your configuration. PS: One thing I've noticed with this specific user, whenever he creates something the file/directory will show owner:username group:username. I've used the command groups as well as chpass I think and they gave me only one group for this username... wheel. Why doesn't wheel appear as the group owner for stuff that username is creating ? When you add a user with adduser by default FreeBSD creates a group similar named like the username. If you later say that this user should be in group wheel it's additional. added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 This line just gives write access to group. You can either add the line: ownacd0 root:wheel or you edit /etc/groups and add your user to the group operator. I'd prefere the latter. Here's my simple /etc/group example: # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ # wheel:*:0:root,harry daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root,harry mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: harry:*:: uli:*:: schowi:*:: administrator:*:: alle:*::root,harry,uli,schowi,administrator setiathome:*:: -Harry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting CDROM as user under 5.x
On Tuesday 30 December 2003 11:39 pm, Dany wrote: Hello, Because I didn't get any response on BSDforums, I've decided to try my chance here. I'm trying to get my single user (belonging to the wheel group) mounting a CD drive under 5.x using devfs (5.2RC2). Could somebody post a very simple howto showing the files to modify ? Thanx So far I've tried the following things without success : mkdir /home/username/mount/cdrom chown username /home/username/mount/cdrom chmod 755 /home/username/mount/cdrom added the following to /etc/sysctl.conf vfs.usermount=1 added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 added /etc/devfs.rules with [my_ruleset=10] add path 'acd*' mode 660 added the following to /etc/rc.conf devfs_system_ruleset=my_ruleset /dev/cdrom now shows up and root can use it to play a DVD for example but user cannot use it either directly (/dev/cdrom) or when trying to mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the result is Operation not permitted Thank you Dany All I do for my user that's a member of wheel under FreeBSD 4.* is: chmod u+s /sbin/*mount Does this not work in FreeBSD 5.*? Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting CDROM as user under 5.x
On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote: On Tuesday 30 December 2003 11:39 pm, Dany wrote: Hello, Because I didn't get any response on BSDforums, I've decided to try my chance here. I'm trying to get my single user (belonging to the wheel group) mounting a CD drive under 5.x using devfs (5.2RC2). Could somebody post a very simple howto showing the files to modify ? Thanx So far I've tried the following things without success : mkdir /home/username/mount/cdrom chown username /home/username/mount/cdrom chmod 755 /home/username/mount/cdrom added the following to /etc/sysctl.conf vfs.usermount=1 added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 added /etc/devfs.rules with [my_ruleset=10] add path 'acd*' mode 660 added the following to /etc/rc.conf devfs_system_ruleset=my_ruleset /dev/cdrom now shows up and root can use it to play a DVD for example but user cannot use it either directly (/dev/cdrom) or when trying to mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the result is “Operation not permitted” Thank you Dany All I do for my user that's a member of wheel under FreeBSD 4.* is: chmod u+s /sbin/*mount Does this not work in FreeBSD 5.*? No, 5 has devfs. Dany, make sure you have CD9660 compiled into the kernel, normal user aren't allowed to load kernel modules. Also securemode should net be set. And the mountpoint should be owned by the user (which is in your case I think since its under $home). I had the same problem and it was simply the missing CD9660 bits in the kernel -Harry Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgp0.pgp Description: signature
Re: Mounting CDROM as user under 5.x
I'v checked my kernel config and it had the Options CD9660. Beside the mounting problem as I said the user cannot use the linked device (/dev/dvd) to just watch a DVD (not need for mounting, just access to the device). Can you post the system configuration files that you're using in order to allow your users to mount CD drives ? Thank you Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote: On Tuesday 30 December 2003 11:39 pm, Dany wrote: Hello, Because I didn't get any response on BSDforums, I've decided to try my chance here. I'm trying to get my single user (belonging to the wheel group) mounting a CD drive under 5.x using devfs (5.2RC2). Could somebody post a very simple howto showing the files to modify ? Thanx So far I've tried the following things without success : mkdir /home/username/mount/cdrom chown username /home/username/mount/cdrom chmod 755 /home/username/mount/cdrom added the following to /etc/sysctl.conf vfs.usermount=1 added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 added /etc/devfs.rules with [my_ruleset=10] add path 'acd*' mode 660 added the following to /etc/rc.conf devfs_system_ruleset=my_ruleset /dev/cdrom now shows up and root can use it to play a DVD for example but user cannot use it either directly (/dev/cdrom) or when trying to mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the result is ?Operation not permitted? Thank you Dany All I do for my user that's a member of wheel under FreeBSD 4.* is: chmod u+s /sbin/*mount Does this not work in FreeBSD 5.*? No, 5 has devfs. Dany, make sure you have CD9660 compiled into the kernel, normal user aren't allowed to load kernel modules. Also securemode should net be set. And the mountpoint should be owned by the user (which is in your case I think since its under $home). I had the same problem and it was simply the missing CD9660 bits in the kernel -Harry Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting CDROM as user under 5.x
On Wednesday 31 December 2003 15:48, Dany wrote: I'v checked my kernel config and it had the Options CD9660. Beside the mounting problem as I said the user cannot use the linked device (/dev/dvd) to just watch a DVD (not need for mounting, just access to the device). Can you post the system configuration files that you're using in order to allow your users to mount CD drives ? cale:/tmp# sysctl vfs.usermount vfs.usermount: 1 in /etc/devfs.conf: permxpt00660 permpass0 0660 permcd0 0660 linkcd0 cdrom linkacd0acd0c cale:/dev# ll cd* crw-rw 1 root operator - 4, 27 28 Dez 21:57:24 2003 cd0 lrwxr-xr-x 1 root wheel -5 28 Dez 21:57:40 2003 cdrom - cd0 Is your user in the correct group? (operator in my example) Note: I'm using atapicam so you should consider cd0 as acd0 -Harry Thank you Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote: On Tuesday 30 December 2003 11:39 pm, Dany wrote: Hello, Because I didn't get any response on BSDforums, I've decided to try my chance here. I'm trying to get my single user (belonging to the wheel group) mounting a CD drive under 5.x using devfs (5.2RC2). Could somebody post a very simple howto showing the files to modify ? Thanx So far I've tried the following things without success : mkdir /home/username/mount/cdrom chown username /home/username/mount/cdrom chmod 755 /home/username/mount/cdrom added the following to /etc/sysctl.conf vfs.usermount=1 added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 added /etc/devfs.rules with [my_ruleset=10] add path 'acd*' mode 660 added the following to /etc/rc.conf devfs_system_ruleset=my_ruleset /dev/cdrom now shows up and root can use it to play a DVD for example but user cannot use it either directly (/dev/cdrom) or when trying to mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the result is ?Operation not permitted? Thank you Dany All I do for my user that's a member of wheel under FreeBSD 4.* is: chmod u+s /sbin/*mount Does this not work in FreeBSD 5.*? No, 5 has devfs. Dany, make sure you have CD9660 compiled into the kernel, normal user aren't allowed to load kernel modules. Also securemode should net be set. And the mountpoint should be owned by the user (which is in your case I think since its under $home). I had the same problem and it was simply the missing CD9660 bits in the kernel -Harry Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] pgp0.pgp Description: signature
Re: Mounting CDROM as user under 5.x
On Wednesday 31 December 2003 16:07, Dany wrote: Harald Schmalzbauer wrote: *SNIP* This is pretty much what I've tried. My user is in the Wheel group. Would this exact configuration work ?Should I set any other permission in order to have the user from the wheel group to mount drives? Thanks for posting your configuration. PS: One thing I've noticed with this specific user, whenever he creates something the file/directory will show owner:username group:username. I've used the command groups as well as chpass I think and they gave me only one group for this username... wheel. Why doesn't wheel appear as the group owner for stuff that username is creating ? When you add a user with adduser by default FreeBSD creates a group similar named like the username. If you later say that this user should be in group wheel it's additional. added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 This line just gives write access to group. You can either add the line: ownacd0 root:wheel or you edit /etc/groups and add your user to the group operator. I'd prefere the latter. Here's my simple /etc/group example: # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ # wheel:*:0:root,harry daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root,harry mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: harry:*:: uli:*:: schowi:*:: administrator:*:: alle:*::root,harry,uli,schowi,administrator setiathome:*:: -Harry pgp0.pgp Description: signature
Re: Mounting CDROM as user under 5.x
Thanks Harry for taking the time to answer my questions. I think based on your comments it should work. Is there any security concern having a user belonging to the group operator ? Thanks again Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 16:07, Dany wrote: Harald Schmalzbauer wrote: *SNIP* This is pretty much what I've tried. My user is in the Wheel group. Would this exact configuration work ?Should I set any other permission in order to have the user from the wheel group to mount drives? Thanks for posting your configuration. PS: One thing I've noticed with this specific user, whenever he creates something the file/directory will show owner:username group:username. I've used the command groups as well as chpass I think and they gave me only one group for this username... wheel. Why doesn't wheel appear as the group owner for stuff that username is creating ? When you add a user with adduser by default FreeBSD creates a group similar named like the username. If you later say that this user should be in group wheel it's additional. added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 This line just gives write access to group. You can either add the line: ownacd0 root:wheel or you edit /etc/groups and add your user to the group operator. I'd prefere the latter. Here's my simple /etc/group example: # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ # wheel:*:0:root,harry daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root,harry mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: harry:*:: uli:*:: schowi:*:: administrator:*:: alle:*::root,harry,uli,schowi,administrator setiathome:*:: -Harry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mounting CDROM as user under 5.x
On Wednesday 31 December 2003 16:37, Dany wrote: Thanks Harry for taking the time to answer my questions. I think based on your comments it should work. Is there any security concern having a user belonging to the group operator ? I never really cared about. AnonFTP is owned by operator, but in general I think wheel is worse than operator. Please correct me anybody, I don't really care on my workstation ;) Best is to have a look through the (default) filesystem and see if operator has any write permissions where it was no good. I'm quiet sure wheel has much too much read permissions for normal users. But that doesn't matter for useres who can su ;) Happy new year, -Harry Thanks again Dany Harald Schmalzbauer wrote: On Wednesday 31 December 2003 16:07, Dany wrote: Harald Schmalzbauer wrote: *SNIP* This is pretty much what I've tried. My user is in the Wheel group. Would this exact configuration work ?Should I set any other permission in order to have the user from the wheel group to mount drives? Thanks for posting your configuration. PS: One thing I've noticed with this specific user, whenever he creates something the file/directory will show owner:username group:username. I've used the command groups as well as chpass I think and they gave me only one group for this username... wheel. Why doesn't wheel appear as the group owner for stuff that username is creating ? When you add a user with adduser by default FreeBSD creates a group similar named like the username. If you later say that this user should be in group wheel it's additional. added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 This line just gives write access to group. You can either add the line: ownacd0 root:wheel or you edit /etc/groups and add your user to the group operator. I'd prefere the latter. Here's my simple /etc/group example: # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $ # wheel:*:0:root,harry daemon:*:1: kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root,harry mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: guest:*:31: bind:*:53: uucp:*:66: dialer:*:68: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: harry:*:: uli:*:: schowi:*:: administrator:*:: alle:*::root,harry,uli,schowi,administrator setiathome:*:: -Harry pgp0.pgp Description: signature
Re: Mounting CDROM as user under 5.x
If anyone's interested in a programmed solution, you can download my supermounter from http://www.neuro.mcw.edu/~bacon/fmri.html. It runs SUID root (you can change this to SUID whatever you want by modifying the Install script if you're concerned about security) and lets you specify which devices users are allowed to mount/unmount, and whether to automatically eject on unmount. ( Also download the eject program if you want this feature ) Cheers, Jason ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mounting CDROM as user under 5.x
Hello, Because I didn't get any response on BSDforums, I've decided to try my chance here. I'm trying to get my single user (belonging to the wheel group) mounting a CD drive under 5.x using devfs (5.2RC2). Could somebody post a very simple howto showing the files to modify ? Thanx So far I've tried the following things without success : mkdir /home/username/mount/cdrom chown username /home/username/mount/cdrom chmod 755 /home/username/mount/cdrom added the following to /etc/sysctl.conf vfs.usermount=1 added the following to /dev/devfs.conf link acd0 cdrom perm acd0 0660 added /etc/devfs.rules with [my_ruleset=10] add path 'acd*' mode 660 added the following to /etc/rc.conf devfs_system_ruleset=my_ruleset /dev/cdrom now shows up and root can use it to play a DVD for example but user cannot use it either directly (/dev/cdrom) or when trying to mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the result is Operation not permitted Thank you Dany ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]