Subject: Re: Mount permissions
To: Chris G. Demetriou <firstname.lastname@example.org>
From: David Brownlee <email@example.com>
Date: 01/25/2000 01:01:31
On 24 Jan 2000, Chris G. Demetriou wrote:
> Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
> > Like the kernel enforcing non-root mounts get nodev,nosuid, and
> > whatever else a well-behaved wrapper enforces. If the "whatever else"
> > varies with local policy or taste, the wrapper seems better than
> > putting policy hooks into the kernel.
> Certianly, I know people who'd want 'noexec' to be a part of any such
> flags (though typically I would not).
> Some things do require kernel support, though: e.g. I'd like to see a
> way to do user-mountable file systems which include nodev,nosuid, but
> which the mounting user can do anything do, including create files as
> other UIDs and even make them set-id. (It'd be Nice to be able to
> make file system images without needing root.)
How about an extra option that could be added to entries in
fstab that would specify a group that had permission to perform
that mount command. You could then set whatever appropriate
additional options on that line.