Mike Kupfer wrote:
"Darren" == Darren J Moffat <Darren> writes:
Mike> The idea is to give users
Mike> mount/unmount privileges by putting this entry in /etc/user_attr:
Mike> <user>::::type=normal;defaultpriv=basic,sys_mount
[...]
Darren> It sounds reasonable to me given the other protections you have
Darren> in place.
Thanks for the quick response.
Someone pointed out to me off-list that the dev team has been working on
a new plugin mechanism for sshd, so that it can get authorization
information directly from the Auth app. (Right now we have a cron job
that pulls the user database and updates each user's ssh keys.) There's
a concern about the additional complexity that the privilege-based
approach will introduce to the plugin.
One of the other workarounds that I've discussed with the Ops team is
installing some sort of setuid unmount helper on the server. This could
be something as simple as a setuid copy of /sbin/umount, or it could be
a more sophisticated wrapper that (for example) only allows unmounts
from SCM users' directories.
Do you have any thoughts on the tradeoffs between the 2 approaches
(privileges-based versus setuid-based)?
They are pretty much equivalent. I personally prefer the assignment of
privileges method because it is tied to users rather than having a
setuid program around. Also Having a setuid copy of umount won't
really help because I suspect you aren't actually calling /sbin/umount
but umount(2).
--
Darren J Moffat
_______________________________________________
tools-discuss mailing list
tools-discuss@opensolaris.org
