On Tue, 19 Apr 2005, Eric Van Hensbergen wrote: > On 4/17/05, Bodo Eggert <[EMAIL PROTECTED]>
> > > I was thinking about this a while back and thought having a user-mount > > > permissions file might be the right way to address lots of these > > > issues. Essentially it would contain information about what > > > users/groups were allowed to mount what sources to what destinations > > > and with what mandatory options. > > > > Users being able to mount random fs containing suid or device nodes > > are root whenever they want to. If you want to mount with dev or suid, > > use sudo and restrict the mount to a limited set of images/devices/whatever. > > Well, that would kinda be the intent behind the permissions file -- > it can specify what restricted set of images/devices/whatever the user > can mount, I suppose the sensible thing would be to always enforce > nosuid and nsgid, but I'd rather keep these as the default version of > options (allowing admins to shoot themselves in the foot perhaps, but > in the single-user workstation case, is seems like there's less reason > to be so paranoid). I think you shouldn't help the admins by creating shoes with target marks. Allowing user mounts with no* should be allways ok (no config needed besides the ulimit), and mounting specified files to defined locations is allready supported by fstab. -- Top 100 things you don't want the sysadmin to say: 6. We prefer not to change the root password, it's an nice easy one - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
