Subject: Re: Mount permissions
To: Ian Dall <email@example.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 01/24/2000 06:20:37
In message <firstname.lastname@example.org>Ian Dall writes
>Mount(2) is currently restricted to root or the owner of the mount
>point. I think it would be helpful if it were root or anyone with
>write and search access to the mount point.
>This would allow one to have a group of users authorised to mount
>things in a standard location. Floppy disks, cdroms, and other removable
>media are obvious candidates. This seems to be the linux does it.
Which to some people raises a concern the idea is not very well
>So this doesn't really allow anything which could not have been faked
>up before, but it does make things more convenient. Assuming I haven't
>missed anything, of course!
Like the kernel enforcing non-root mounts get nodev,nosuid, and
whatever else a well-behaved wrapper enforces. If the "whatever else"
varies with local policy or taste, the wrapper seems better than
putting policy hooks into the kernel.
Specially if the policy is "the person logged into the console can
mount a floppy".
If I want to mount a floppy, but I dont want other people who're
privileged to mount their floppies digging around in my floppy while
it's mounted, that makes some sense. Specially if I also want to let
them do an unmount of the floppy if I remove it from the drive, but
forget to unmount it -- provided the unmounter is logged in via the
console, and so presumably has physical access to the drive.
That's how I recall SunOS 4 doing it. It was great for lab setups, but
it may have been a local hack.