Re: Mounting CDROM as user under 5.x

2004-01-01 Thread Dany
The operator trick worked. Thanks again and happy new year. Since I've 
started the FreeBSD experience, I've collected about 20 pages of tips 
and tricks to get stuff running. I will probably publish something so 
others can enjoy it.

Dany

Harald Schmalzbauer wrote:

On Wednesday 31 December 2003 16:37, Dany wrote:
 

Thanks Harry for taking the time to answer my questions. I think based
on your comments it should work.
Is there any security concern having a user belonging to the group
operator ?
   

I never really cared about. AnonFTP is owned by operator, but in general I 
think wheel is worse than operator.
Please correct me anybody, I don't really care on my workstation ;)
Best is to have a look through the (default) filesystem and see if operator 
has any write permissions where it was no good. I'm quiet sure wheel has much 
too much read permissions for normal users. But that doesn't matter for 
useres who can su ;)

Happy new year,

-Harry

 

Thanks again
Dany
Harald Schmalzbauer wrote:
   

On Wednesday 31 December 2003 16:07, Dany wrote:
 

Harald Schmalzbauer wrote:
   

*SNIP*

 

This is pretty much what I've tried. My user is in the Wheel group.
Would this exact configuration work ?Should I set any other
permission in order to have the user from the wheel group to mount
drives?
Thanks for posting your configuration.

PS: One thing I've noticed with this specific user, whenever he creates
something the file/directory will show owner:username   group:username.
I've used the command groups as well as chpass I think and they gave
me only one group for this username... wheel.  Why doesn't wheel appear
as the group owner for stuff that username is creating ?
   

When you add a user with adduser by default FreeBSD creates a group
similar named like the username. If you later say that this user should
be in group wheel it's additional.
 

added the following to /dev/devfs.conf
link acd0 cdrom
perm acd0 0660
 

This line just gives write access to group. You can either add the line:
ownacd0 root:wheel
or you edit /etc/groups and add your user to the group operator.
I'd prefere the latter.
Here's my simple /etc/group example:
# $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $
#
wheel:*:0:root,harry
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root,harry
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
uucp:*:66:
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
harry:*::
uli:*::
schowi:*::
administrator:*::
alle:*::root,harry,uli,schowi,administrator
setiathome:*::
-Harry

 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Andrew L. Gould
On Tuesday 30 December 2003 11:39 pm, Dany wrote:
 Hello,

 Because I didn't get any response on BSDforums, I've decided to try my
 chance here.

 I'm trying to get my single user (belonging to the wheel group) mounting
 a CD drive under 5.x using devfs (5.2RC2).
 Could somebody post a very simple howto showing the files to modify ? Thanx

 So far I've tried the following things without success :

 mkdir /home/username/mount/cdrom
 chown username /home/username/mount/cdrom
 chmod 755 /home/username/mount/cdrom

 added the following to /etc/sysctl.conf
 vfs.usermount=1

 added the following to /dev/devfs.conf
 link acd0 cdrom
 perm acd0 0660

 added /etc/devfs.rules with
 [my_ruleset=10]
 add path 'acd*' mode 660

 added the following to /etc/rc.conf
 devfs_system_ruleset=my_ruleset

 /dev/cdrom now shows up and root can use it to play a DVD for example
 but user cannot use it either directly (/dev/cdrom) or when trying to
 mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the
 result is Operation not permitted

 Thank you
 Dany

All I do for my user that's a member of wheel under FreeBSD 4.* is:

chmod u+s /sbin/*mount

Does this not work in FreeBSD 5.*?

Andrew Gould

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Harald Schmalzbauer
On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote:
 On Tuesday 30 December 2003 11:39 pm, Dany wrote:
  Hello,
 
  Because I didn't get any response on BSDforums, I've decided to try my
  chance here.
 
  I'm trying to get my single user (belonging to the wheel group) mounting
  a CD drive under 5.x using devfs (5.2RC2).
  Could somebody post a very simple howto showing the files to modify ?
  Thanx
 
  So far I've tried the following things without success :
 
  mkdir /home/username/mount/cdrom
  chown username /home/username/mount/cdrom
  chmod 755 /home/username/mount/cdrom
 
  added the following to /etc/sysctl.conf
  vfs.usermount=1
 
  added the following to /dev/devfs.conf
  link acd0 cdrom
  perm acd0 0660
 
  added /etc/devfs.rules with
  [my_ruleset=10]
  add path 'acd*' mode 660
 
  added the following to /etc/rc.conf
  devfs_system_ruleset=my_ruleset
 
  /dev/cdrom now shows up and root can use it to play a DVD for example
  but user cannot use it either directly (/dev/cdrom) or when trying to
  mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the
  result is “Operation not permitted”
 
  Thank you
  Dany

 All I do for my user that's a member of wheel under FreeBSD 4.* is:

 chmod u+s /sbin/*mount

 Does this not work in FreeBSD 5.*?

No, 5 has devfs.

Dany, make sure you have CD9660 compiled into the kernel, normal user aren't 
allowed to load kernel modules. Also securemode should net be set.
And the mountpoint should be owned by the user (which is in your case I think 
since its under $home).
I had the same problem and it was simply the missing CD9660 bits in the kernel

-Harry


 Andrew Gould

 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]


pgp0.pgp
Description: signature


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Dany
I'v checked my kernel config and it had the Options CD9660.

Beside the mounting problem as I said the user cannot use the linked 
device (/dev/dvd) to just watch a DVD (not need for mounting, just 
access to the device).

Can you post the system configuration files that you're using in order 
to allow your users to mount CD drives ?

Thank you
Dany
Harald Schmalzbauer wrote:

On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote:
 

On Tuesday 30 December 2003 11:39 pm, Dany wrote:
   

Hello,

Because I didn't get any response on BSDforums, I've decided to try my
chance here.
I'm trying to get my single user (belonging to the wheel group) mounting
a CD drive under 5.x using devfs (5.2RC2).
Could somebody post a very simple howto showing the files to modify ?
Thanx
So far I've tried the following things without success :

mkdir /home/username/mount/cdrom
chown username /home/username/mount/cdrom
chmod 755 /home/username/mount/cdrom
added the following to /etc/sysctl.conf
vfs.usermount=1
added the following to /dev/devfs.conf
link acd0 cdrom
perm acd0 0660
added /etc/devfs.rules with
[my_ruleset=10]
add path 'acd*' mode 660
added the following to /etc/rc.conf
devfs_system_ruleset=my_ruleset
/dev/cdrom now shows up and root can use it to play a DVD for example
but user cannot use it either directly (/dev/cdrom) or when trying to
mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the
result is ?Operation not permitted?
Thank you
Dany
 

All I do for my user that's a member of wheel under FreeBSD 4.* is:

chmod u+s /sbin/*mount

Does this not work in FreeBSD 5.*?
   

No, 5 has devfs.

Dany, make sure you have CD9660 compiled into the kernel, normal user aren't 
allowed to load kernel modules. Also securemode should net be set.
And the mountpoint should be owned by the user (which is in your case I think 
since its under $home).
I had the same problem and it was simply the missing CD9660 bits in the kernel

-Harry

 

Andrew Gould

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Harald Schmalzbauer
On Wednesday 31 December 2003 15:48, Dany wrote:
 I'v checked my kernel config and it had the Options CD9660.

 Beside the mounting problem as I said the user cannot use the linked
 device (/dev/dvd) to just watch a DVD (not need for mounting, just
 access to the device).

 Can you post the system configuration files that you're using in order
 to allow your users to mount CD drives ?

cale:/tmp# sysctl vfs.usermount
vfs.usermount: 1

in /etc/devfs.conf:
permxpt00660
permpass0   0660
permcd0 0660
linkcd0 cdrom
linkacd0acd0c

cale:/dev# ll cd*
crw-rw  1 root  operator  -   4,  27 28 Dez 21:57:24 2003 cd0
lrwxr-xr-x  1 root  wheel -5 28 Dez 21:57:40 2003 cdrom - cd0

Is your user in the correct group? (operator in my example)
Note: I'm using atapicam so you should consider cd0 as acd0

-Harry



 Thank you
 Dany

 Harald Schmalzbauer wrote:
 On Wednesday 31 December 2003 10:08, Andrew L. Gould wrote:
 On Tuesday 30 December 2003 11:39 pm, Dany wrote:
 Hello,
 
 Because I didn't get any response on BSDforums, I've decided to try my
 chance here.
 
 I'm trying to get my single user (belonging to the wheel group) mounting
 a CD drive under 5.x using devfs (5.2RC2).
 Could somebody post a very simple howto showing the files to modify ?
 Thanx
 
 So far I've tried the following things without success :
 
 mkdir /home/username/mount/cdrom
 chown username /home/username/mount/cdrom
 chmod 755 /home/username/mount/cdrom
 
 added the following to /etc/sysctl.conf
 vfs.usermount=1
 
 added the following to /dev/devfs.conf
 link acd0 cdrom
 perm acd0 0660
 
 added /etc/devfs.rules with
 [my_ruleset=10]
 add path 'acd*' mode 660
 
 added the following to /etc/rc.conf
 devfs_system_ruleset=my_ruleset
 
 /dev/cdrom now shows up and root can use it to play a DVD for example
 but user cannot use it either directly (/dev/cdrom) or when trying to
 mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the
 result is ?Operation not permitted?
 
 Thank you
 Dany
 
 All I do for my user that's a member of wheel under FreeBSD 4.* is:
 
 chmod u+s /sbin/*mount
 
 Does this not work in FreeBSD 5.*?
 
 No, 5 has devfs.
 
 Dany, make sure you have CD9660 compiled into the kernel, normal user
  aren't allowed to load kernel modules. Also securemode should net be set.
  And the mountpoint should be owned by the user (which is in your case I
  think since its under $home).
 I had the same problem and it was simply the missing CD9660 bits in the
  kernel
 
 -Harry
 
 Andrew Gould
 
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]


pgp0.pgp
Description: signature


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Harald Schmalzbauer
On Wednesday 31 December 2003 16:07, Dany wrote:
 Harald Schmalzbauer wrote:
*SNIP*

 This is pretty much what I've tried. My user is in the Wheel group.
 Would this exact configuration work ?Should I set any other
 permission in order to have the user from the wheel group to mount drives?

 Thanks for posting your configuration.

 PS: One thing I've noticed with this specific user, whenever he creates
 something the file/directory will show owner:username   group:username.
 I've used the command groups as well as chpass I think and they gave
 me only one group for this username... wheel.  Why doesn't wheel appear
 as the group owner for stuff that username is creating ?

When you add a user with adduser by default FreeBSD creates a group similar 
named like the username. If you later say that this user should be in group 
wheel it's additional.


 added the following to /dev/devfs.conf
 link acd0 cdrom
 perm acd0 0660

This line just gives write access to group. You can either add the line:
ownacd0 root:wheel

or you edit /etc/groups and add your user to the group operator.
I'd prefere the latter.

Here's my simple /etc/group example:
# $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $
#
wheel:*:0:root,harry
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root,harry
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
uucp:*:66:
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
harry:*::
uli:*::
schowi:*::
administrator:*::
alle:*::root,harry,uli,schowi,administrator
setiathome:*::

-Harry


pgp0.pgp
Description: signature


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Dany
Thanks Harry for taking the time to answer my questions. I think based 
on your comments it should work.

Is there any security concern having a user belonging to the group 
operator ?

Thanks again
Dany
Harald Schmalzbauer wrote:

On Wednesday 31 December 2003 16:07, Dany wrote:
 

Harald Schmalzbauer wrote:
   

*SNIP*
 

This is pretty much what I've tried. My user is in the Wheel group.
Would this exact configuration work ?Should I set any other
permission in order to have the user from the wheel group to mount drives?
Thanks for posting your configuration.

PS: One thing I've noticed with this specific user, whenever he creates
something the file/directory will show owner:username   group:username.
I've used the command groups as well as chpass I think and they gave
me only one group for this username... wheel.  Why doesn't wheel appear
as the group owner for stuff that username is creating ?
   

When you add a user with adduser by default FreeBSD creates a group similar 
named like the username. If you later say that this user should be in group 
wheel it's additional.

 

added the following to /dev/devfs.conf
link acd0 cdrom
perm acd0 0660
 

This line just gives write access to group. You can either add the line:
ownacd0 root:wheel
or you edit /etc/groups and add your user to the group operator.
I'd prefere the latter.
Here's my simple /etc/group example:
# $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $
#
wheel:*:0:root,harry
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root,harry
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
uucp:*:66:
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
harry:*::
uli:*::
schowi:*::
administrator:*::
alle:*::root,harry,uli,schowi,administrator
setiathome:*::
-Harry
 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Harald Schmalzbauer
On Wednesday 31 December 2003 16:37, Dany wrote:
 Thanks Harry for taking the time to answer my questions. I think based
 on your comments it should work.

 Is there any security concern having a user belonging to the group
 operator ?

I never really cared about. AnonFTP is owned by operator, but in general I 
think wheel is worse than operator.
Please correct me anybody, I don't really care on my workstation ;)
Best is to have a look through the (default) filesystem and see if operator 
has any write permissions where it was no good. I'm quiet sure wheel has much 
too much read permissions for normal users. But that doesn't matter for 
useres who can su ;)

Happy new year,

-Harry


 Thanks again
 Dany

 Harald Schmalzbauer wrote:
 On Wednesday 31 December 2003 16:07, Dany wrote:
 Harald Schmalzbauer wrote:
 
 *SNIP*
 
 This is pretty much what I've tried. My user is in the Wheel group.
 Would this exact configuration work ?Should I set any other
 permission in order to have the user from the wheel group to mount
  drives?
 
 Thanks for posting your configuration.
 
 PS: One thing I've noticed with this specific user, whenever he creates
 something the file/directory will show owner:username   group:username.
 I've used the command groups as well as chpass I think and they gave
 me only one group for this username... wheel.  Why doesn't wheel appear
 as the group owner for stuff that username is creating ?
 
 When you add a user with adduser by default FreeBSD creates a group
  similar named like the username. If you later say that this user should
  be in group wheel it's additional.
 
 added the following to /dev/devfs.conf
 link acd0 cdrom
 perm acd0 0660
 
 This line just gives write access to group. You can either add the line:
 ownacd0 root:wheel
 
 or you edit /etc/groups and add your user to the group operator.
 I'd prefere the latter.
 
 Here's my simple /etc/group example:
 # $FreeBSD: src/etc/group,v 1.28 2003/04/27 05:49:53 imp Exp $
 #
 wheel:*:0:root,harry
 daemon:*:1:
 kmem:*:2:
 sys:*:3:
 tty:*:4:
 operator:*:5:root,harry
 mail:*:6:
 bin:*:7:
 news:*:8:
 man:*:9:
 games:*:13:
 staff:*:20:
 sshd:*:22:
 smmsp:*:25:
 mailnull:*:26:
 guest:*:31:
 bind:*:53:
 uucp:*:66:
 dialer:*:68:
 network:*:69:
 www:*:80:
 nogroup:*:65533:
 nobody:*:65534:
 harry:*::
 uli:*::
 schowi:*::
 administrator:*::
 alle:*::root,harry,uli,schowi,administrator
 setiathome:*::
 
 -Harry


pgp0.pgp
Description: signature


Re: Mounting CDROM as user under 5.x

2003-12-31 Thread Jason Bacon

If anyone's interested in a programmed solution, you can download
my supermounter from http://www.neuro.mcw.edu/~bacon/fmri.html.

It runs SUID root (you can change this to SUID whatever you want
by modifying the Install script if you're concerned about security)
and lets you specify which devices users are allowed to mount/unmount, and 
whether to automatically eject on unmount.  ( Also download the eject
program if you want this feature )

Cheers,

Jason

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Mounting CDROM as user under 5.x

2003-12-30 Thread Dany
Hello,

Because I didn't get any response on BSDforums, I've decided to try my 
chance here.

I'm trying to get my single user (belonging to the wheel group) mounting 
a CD drive under 5.x using devfs (5.2RC2).
Could somebody post a very simple howto showing the files to modify ? Thanx

So far I've tried the following things without success :

mkdir /home/username/mount/cdrom
chown username /home/username/mount/cdrom
chmod 755 /home/username/mount/cdrom
added the following to /etc/sysctl.conf
vfs.usermount=1
added the following to /dev/devfs.conf
link acd0 cdrom
perm acd0 0660
added /etc/devfs.rules with
[my_ruleset=10]
add path 'acd*' mode 660
added the following to /etc/rc.conf
devfs_system_ruleset=my_ruleset
/dev/cdrom now shows up and root can use it to play a DVD for example 
but user cannot use it either directly (/dev/cdrom) or when trying to 
mount a CD (mount_cd9660 /dev/cdrom /home/username/mount/cdrom) .. the 
result is Operation not permitted

Thank you
Dany
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]