On Wed, 5 Apr 2006, Stefan Sperling wrote:
I wasn't serious. Sudo is fine by me as well. However, having something that
is in the base system (and not in ports) to allow user mounts would be neat.
Still, KDE and GNOME and even xorg are in ports as well, so that point is
not a really strong one either.
The only thing that still nags me about the sudo solution is that if you
have to use sudo anyway, why was vfs.usermount even implemented in the first
place? Using sudo makes it redundant.
Well, there are some notions that vfs.usermount captures that other variations
currently don't. One of those is the idea that the kernel will have direct
access to the credentials used to authorize the mount, rather than the kernel
being passed a root credential. This becomes interesting when there are file
systems without an integrated notion of file ownership (such as msdosfs), or
for file systems that will make use of user keying material or access files
and services using the privileges of the user (i.e., distributed file
systems). For example, NFS uses the privileges of the user performing the
mount to create sockets, access the network, etc. Whether this ends up being
important in the big picture is another question, but there is an important
semantic difference there from the perspective of kernel access control.
Robert N M Watson
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
