Subject: RE: Need some advice regarding portable user IDs
To: Wilfredo Sanchez <wsanchez@apple.com>
From: Daniel O'Connor <doconnor@gsoft.com.au>
List: tech-userlevel
Date: 08/18/1999 12:04:28
This message is in MIME format
--_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_
Content-Type: text/plain; charset=us-ascii


On 18-Aug-99 Wilfredo Sanchez wrote:
>    I think the desired behaviour would be that since this is  
>  effectively now Joe's zip disk, he should be able to do as he  
>  pleases.  One proposal might be to give the console user the  
>  equivalent of root's priveledges on any removeable media he inserts  
>  into the machine while he's logged in on the console.  This solves  
>  the immediate problem of permissions for Joe, since the file owners  
>  are, on his machine and in this situation, largely irrelevant.   
>  Presumably the console user is the one fiddling with the external  
>  media.

How about just adding some flags to mount and modifying UFS so that you can
override the uid/gid on mount.. I assume you mean Joe uses something like sudo
so he can mount the disk..

So allow users to use the fancy new mount command (with certain limitations on
the mountable device node of course...)

>    As another example, a similar situation often comes up on the net  
>  with tar files containing UIDs and GIDs other than zero.

Add an option to tar to override UID's and GID's.. Not that you can chown a
file as non root anyway, but it IS annoying when you untar something as root to
find the files are owned by some weird UID:GID.

>    One problem with my proposal (setting security and perhaps other  
>  implications aside for the moment), is that knowing what media is  
>  removeable is becoming increasingly difficult.  Hot-swappable drives  
>  (eg. FireWire) are effectively removeable, and may be transported  
>  between machines fairly regularly.  Furthermore, your "internal"  
>  drives, which are presently presumed to be local, may be on the same  
>  bus and indistinguishable from the "external" drives.

And hot swappable internal drives don't help the distinction either :)

>  "foreign" that you need to do something special.  Certainly you might  
>  want to ignore setuid bits, for starters.  This could simply be  
>  something like fstab, which lists the local drives, and everything  
>  else isn't considered local.

Another mount option? You could have UID:GID override mount options, and you
can already mount an FS and have the kernel ignore setuid. (-o nosuid, nodev,
noexec(maybe))


You could even use umapfs (assuming it works) and write some nice shell scripts
to do it automatically..

Alternativly you could just use MSDOSFS for all intermachine transfers, its
crap, but everything reads it and you don't get those nasty UID:GID problems
either ;)

---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum

--_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia

iQCVAwUBN7obtFbYW/HEoF9pAQFe8QP+Pjv/dDqkvueN9UZRUBiTZktVpIjwVsMl
qCxVpjWazu6n0dyBK2Fr0wZs9mUe1WnxXvqvSI6W38wUNegfWYU3OAEaOpsZXfNP
/9lPPQnkccwiDJYKj97HahIlVqWDx+9TGb0Ajx67sbzdBX7rIxOReJ7jDzJLFvTv
/4ctMyFKwHU=
=y33O
-----END PGP MESSAGE-----

--_=XFMail.1.3.p0.FreeBSD:990818120428:5786=_--
End of MIME message