tech-userlevel: Re: RE: Need some advice regarding portable user IDs

Subject: Re: RE: Need some advice regarding portable user IDs
To: Daniel O'Connor <doconnor@gsoft.com.au>
From: Christopher Masto <chris@netmonger.net>
List: tech-userlevel
Date: 08/18/1999 00:24:50

On Tue, Aug 17, 1999 at 07:46:37PM -0700, Wilfredo Sanchez wrote:
>   Yes, the fancy command is what the Finder does for him.  Options  
> are details, and not really interesting.  The question is what should  
> the behaviour be, and what's happening underneath the covers to  
> support that?  Are we mapping UID's to something meaningful?  How?   
> Or is Joe a superuser for that volume?  Which volumes get treated  
> this way, and how to you choose them?

I think it's pretty much a given that there's going to have to be
configuration for this to say which devices are "special" in this way
(and perhaps for which users and under what conditions they are
special).

Ok, so given that /dev/fd0, for example, is marked as "insecure", some
mechanism lets me say "anyone who is in group 'operator' can mount
/dev/fd0 in such a way that they appear to own all the files (and
when they do so, default to turning on nosuid and such)".

I think you're looking for a solution to the common problem of someone
popping a Zip disk in the drive.  Devising a mechanism to perform a
complicated mapping and carrying around of user information on
removable media sounds like overkill (not to mention it wouldn't work
for "just any" UFS Zip disk you have lying around, only the ones that
were built on MacOS).  I don't know what the administration model is
for MacOS, but I think that if someone's moving a hard drive from one
machine to another, it isn't unfair to expect a step up in complexity
and privileges required, versus a simple floppy.. er, I mean Zip
drive.  You can lead a Unix to Macintosh, but you can't make it drool.

Under the hood, performing the gyrations necessary to mount it through
umap is an interesting approach, although last time I touched
mount_umap it easily panicked my machine.  It certainly seems better
than hacking the kernel directly (an approach which the other BSDs
will be less keen to accept).

Good luck with it.
-- 
Christopher Masto         Senior Network Monkey      NetMonger Communications
chris@netmonger.net        info@netmonger.net        http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/