On Wed, Apr 17, 2002 at 09:31:45AM +0200, Martin Weber wrote:
> Pardon me, but I do not understand the underlying system.
> That is, the mountpoint must be mine, and I need direct
> read/write access on the underlying device node (dev/cd0d)
> to mount the thing ? I wonder what the sense in the
> vfs.generic.usermount sysctl is then. Mind throwing some
> light in that dark corner someone ?

vfs.generic.usermount allows the mount syscall to be used by non-root. It was
added to deny the ability for non-root users to use mount, even if the
user is owner of the mount point and has access to the source.
Denying this by perms on devices isn't enouth because there are mounts
that don't use a device as source (nfs, null/union/umap, kernfs, etc ...)
This caused security problems in the past.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--