On 2006.04.03 01:32:36 -0400, Joe Marcus Clarke wrote: > I know we have vfs.usermount, but this is not always sufficient since > the user has to own the mount point in question. What I propose is to > add a ``user'' mount option à la Linux. This would make mount and > umount setuid root, but would allow much more flexibility when it comes > to removable media and desktop systems.
Any reason you can't just use sudo... ? I simply have lines like: simon ALL=NOPASSWD:/sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom in my sudoers file [1]. This way I can also restrict exactly who can mount. I really dislike setuid root binaries, so I really prefer if we could avoid adding more. As Colin noted, if this is to be done via a setuid program, it probably should be a new program, since setuid programs has to have a lot of special handling of things like file descriptors etc. which normal programs can safely ignore. [1] Note I haven't checked if this opens new and interesting holes, but it doesn't matter too much on my laptop, since if somebody has access to "simon" that's just as bad as someone getting root. -- Simon L. Nielsen
pgpyE4Mezbwos.pgp
Description: PGP signature
