user mountable filesystem

Oliver Fromme check+lf6dug00rsk91wtv at fromme.com
Mon Jan 17 09:31:53 PST 2011


Pierre Abbat <phma at phma.optus.nu> wrote:
 > On Thursday 13 January 2011 17:02:54 Thomas Nikolajsen wrote:
 > > Either you can login as root to do the mount / umount,
 > > or you can set sysctl vfs.usermount to a non-zero value.
 > >
 > > This is described in mount.2 manual page;
 > > 'mount -a mount' also shows mount options (mount.8);
 > > we don't have 'user', as you found.
 > >
 > > Please be aware of security consequences if you allow all users to mount.
 > 
 > That would allow all users to mount *anything*, which is not what I want.

No, there are some restrictions:  The user needs access
to the device he wants to mount, *and* he needs to own the
mount point.

 > I want any user to mount the thumb drive, but I certainly don't want any
 > user but root to mount the hard disk.

That won't be possible because normal uses don't have
the privilege to access the hard disk devices.  Those
are typically accessible for root and the operator group
only.

If you don't want to set sysctl vfs.usermount=1, another
alternative is to use a tool like sudo(8) or super(1).
That's not necessarily more secure, though.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd





More information about the Users mailing list