Ok - so I tried several things and it looks like amd is definitely the 
most elegant solution.

I also noticed that just changing the permissions on the devices and on 
the mount points does not allow unprivileged users the ability to mount 
cds...

$ grep cd /etc/fstab
/dev/cd0a /cdrom cd9660 ro,noauto 0 0

$ ls -l /dev/cd0* /dev/rcd0*
brw-rw-rw-  1 root  operator   6, 0 Dec 29 01:38 /dev/cd0a
brw-rw-rw-  1 root  operator   6, 3 Dec 29 01:38 /dev/cd0d
crw-rw-rw-  1 root  operator  15, 0 Dec 29 01:38 /dev/rcd0a
crw-rw-rw-  1 root  operator  15, 3 Dec 29 01:38 /dev/rcd0d

$ ls -dl /cdrom
drwxrwxrwx  2 root  wheel  512 Dec 15 16:39 /cdrom

$ sysctl vfs.generic.usermount
vfs.generic.usermount = 1

$ mount /cdrom
mount_cd9660: /dev/cd0a on /cdrom: Operation not permitted

... it does, however work if the mount point is within the user's home 
directory. This is on 1.6ZF and 1.6ZG, GENERIC.MP/i386 and GENERIC/i386.

But anyway, my preference is now amd.

Should there not be SOME mechanism in place for this after a sysinst 
install? e.g. sysinst sets up a small amd map for the cd drive and 
amd=YES in /etc/defaults/rc.conf.

Also keep in mind that this is not for a server, so I'm not primarily 
thinking security. It's a workstation in a very controlled environment, 
where the risk of anyone doing anything evil is really not likely to 
ever happen, nor will it really be able to do much harm to anything.

A global enabling of something like this could be a problem but just how 
big of a security risk would it be (and why), if a publicly accessible 
server had the cd writer writable by the world? The attacker would 
surely need to access the system first via some other means and at that 
point what harm could possibly come from writing to the cd or dvd drive.

Thanks for all the discussion on this, it really helps,

Louis




> In message <Pine.NEB.4.58.0401021104330.23244@chylonia.3miasto.net>, Wojciech P
> uchar writes:
> 
>>>of devices such as the cd-rom or dvd drive?
>>>
>>>The standard install (1.6Zx, current) produces devices files owned by
>>>root and only readable by root and the group "operator". This is pretty
>>>restrictive and I understand that it's a reasonable default in general.
>>>
>>>However, things like cd-roms and dvds or any other removable media are
>>>desirable to most users - they want to play a cd or dvd, or perhaps burn
>>>a cd.
>>>
>>
>>use vfs.generic.usermount=1 in sysctl
>>
>>and set user/group privilege to directory to which cd/dvd have to be
>>mounted like /cdrom
>>
>>then put in /etc/fstab something like
>>
>>/dev/cd0a /cdrom cd9660 ro,noauto 0 0
>>
> 
> 
> There's an important warning here: you probably want to specify
> 'nosuid,nodev' as well, unless you trust all of your users.  (I confess 
> that I'm not sure if it's even possible to have setuid or device files 
> on ISO 9660 CDs.  But it is possible on ffs-formatted floppies, vnd 
> images, and the like.)
> 
> Regardless, a better solution might be to use amd.  I do that even on 
> machines where I'm the sole user -- it's just an easier way to operate.
> 
> 		--Steve Bellovin, http://www.research.att.com/~smb
> 
>