Re: mount: only root can do that??

To: Debian Userslist <debian-user@lists.debian.org>
Subject: Re: mount: only root can do that??
From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>
Date: 27 Jan 1998 18:24:03 +0100
Message-id: <[🔎] 87vhv5akzw.fsf@haitech.internet-treff.de>
In-reply-to: Remco Blaakmeer's message of "Tue, 27 Jan 1998 16:00:42 +0100 (CET)"
References: <[🔎] Pine.LNX.3.96.980127155727.486B-100000@blaakmeer.student.utwente.nl>

Remco Blaakmeer <remco@Cal011205.student.utwente.nl> writes:

> But what I want is this:
> 
> 1 root can mount anything
> 2 users in group floppy can mount the floppy drive
> 3 users not in group floppy can not mount the floppy drive
> 
> Of course, 1 is always true. But I can't get 2 and 3 at the same time.
> Either mount is setuid and then all users can mount the floppy, or it is
> not setuid and then only root can mount the floppy.

I use "super" for something similar for my ZIP-drive. 

In /etc/super.tab :

zon /usr/local/bin/zon.sh          :zipmount uid=root
zoff /usr/local/bin/zoff.sh        :zipmount uid=root   

This will allow users in group zipmount to use these commands. I didn't
put anyone in this group, but added zipmount to the "CONSOLE_GROUPS" line
in /etc/login.defs. So anyone is able to mount the ZIP, if he logs on from
the console.

*** Security warning ***

And I wouldn't use the floppy group either. If you have 
brw-rw----   1 root     floppy     2,   0 Apr 14  1997 /dev/fd0
everyone in group floppy would have access to rawdevice and could read the
floppy without mounting it. 

I saw a posting with the advice to chmod 666 the device. DON'T DO
THIS. This will allow anyone (even remoteusers) to cat the contents of the
device. Just try cat /dev/fd0.

This is important, if the user at the console doesn't like it, if others
can read the contents of his floppy.

Now back to my solution:

bash-2.01$ cat /usr/local/bin/zon.sh
#!/bin/sh
modprobe ppa 2>/dev/null
uid=`grep $ORIG_USER /etc/passwd|perl -e '$_=(split /:/,<>)[2];print'`
mount -t vfat -o rw,nodev,noexec,uid=$uid,umask=077,quiet /dev/sda4 /zip &&
echo ZIP gemountet unter /zip    

bash-2.01$ cat /usr/local/bin/zoff.sh
#!/bin/sh
umount /zip && echo ZIP unmounted
rmmod ppa 2>/dev/null

Then do

ln -s /usr/bin/super /usr/local/bin/zon
ln -s /usr/bin/super /usr/local/bin/zon

and you are done.

Summery:

With this method, anyone who logs on to the console (including xdm login
from localhost) can mount the ZIP. Only he will be able to access the
filesystem, raw access to the device is not possible.

Use zon to mount the ZIP and zoff to unmount it.

Sounds like a perfect solution, doesn't it :-)

Ciao,
	Martin

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: mount: only root can do that??
  - From: Remco Blaakmeer <remco@blaakmeer.student.utwente.nl>

Prev by Date: Re: adduser in hamm dumps core !
Next by Date: Re: Problem with mc
Previous by thread: Re: mount: only root can do that??
Next by thread: Re: mount: only root can do that??
Index(es):
- Date
- Thread