, Paul Sander <paul@wakawaka.com>
From: Brian C. Grayson <bgrayson@marvin.ece.utexas.edu>
List: netbsd-help
Date: 01/17/2000 00:38:56
On Wed, Jan 12, 2000 at 07:19:40AM -0600, Richard Rauch wrote:
>
> Currently, a portal-filesystem approach seems much better, though it
> requires super-user manipulation, it isn't portable, and the whole thing
> really shouldn't involve a TCP connection.
nope, maybe, and it doesn't. :)
I added some extensions to mount_portal this summer that allow
all sorts of wonderful(?) stuff to be done. If you are running
anything from before Aug 99, you'll need to download the latest
source for mount_portal (it should work on older systems, perhaps
even 1.1 and before!)
As an ordinary user, follow this recipe to see what happens:
% mkdir /tmp/sig
% echo "rotatesig rfilter rotatesig /tmp/sig.script %s" > /tmp/sig.conf
% cat <<"EOF" > /tmp/sig.script
#!/bin/sh
countfile=$HOME/sigcount
count=`cat $countfile`
if [ x$count = x ]; then count=0; fi
count=`expr $count + 1`
if [ $count -gt 4 ]; then count=1; fi
echo $count > $countfile
case $count in
1) echo "Sig 1";;
2) echo "Sig 2";;
3) echo "Sig 3";;
4) echo "Sig 4";;
esac
EOF
% chmod u+x /tmp/sig.script
% mount_portal /tmp/sig.conf /tmp/sig
% cat /tmp/sig/rotatesig
% cat /tmp/sig/rotatesig
% cat /tmp/sig/rotatesig
% cat /tmp/sig/rotatesig
% cat /tmp/sig/rotatesig
% cat /tmp/sig/rotatesig
Voila! And it only took a few lines of a shell script, plus a
configuration entry.
So it works, without super-user actions, and it should be
portable to any OS that supports the portal filesystem (all of
my rfilter/wfilter changes were purely in userland)
(unfortunately, it looks like only FreeBSD and OpenBSD also
provide the portal filesystem), and it doesn't require any TCP
connections.
Also look at the examples I've written up in
/usr/share/examples/mount_portal. There are lots of cool things
that are possible, with a bit of creativity! :)
Here's a slightly mind-bending example: Download and extract a bzipped
archive, without directly invoking anything besides cat and tar:
% cat /p/bzcat//p/ftp/ftp.netbsd.org:pub/NetBSD/NetBSD-current/tar_files/src/sbin.tar.bz2 | tar xf -
Note for the experienced rfilter user: The %s in the
echo command/configuration file above is to work around a bug
that I found while typing this note.
As far as security, for user mounts, only that user can execute
the scripts -- there is no setuid involved, so other users will
get permission denied. For mounts performed by root, the
filter process does a setuid() to the caller's uid as a special
case, before invoking the command specified in the configuration
file, so your script or program doesn't have to worry about uids.
(With the setuid from root, root can mount /p/ftp or /p/http, and
all users can take advantage of the "virtual" namespace that is
thus provided.) Also, only scripts that are mentioned in the
configuration script are allowed -- everything else gets "No such
file or directory".
Enjoy!
Brian Grayson