[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user can't mount loop device...

>>>>> " " == Dale Scheetz <dwarf@polaris.net> writes:

     > I've run into a security bottleneck that interferes with
     > desired use of unprivilaged user diskspace.

     > I want User to be able to mount a file image, owned by User, on
     > a mount point, also owned by User, but most of the tools aren't
     > available to User.

     > I suppose I can assign User to the group with read/write
     > permission to /dev/loopN which should give User access to all
     > three elements of the mount.

     > The stopper is that neither losetup, nor mke2fs are executable
     > by User.  Can I pull the same group permission "magic" as
     > described for the loop device, and make them setgid, to gain
     > access by User?

mount runs a root. The only thing you need is an appropriate entry in
/etc/fstab for the file to be mounted, the mountpoint, the option
(loop). The user doesn't need to run losetup and he can already run

Only drawback is that you have to know the filename to be mounted and
that you need one entry per user.

If you give permissions for /dev/loop to the users they can choose
what file to mount, but you would still need one entry per user.


PS: I did this to build boot-floppies as user. Works fine.

Reply to: