View previous topic :: View next topic |
Author |
Message |
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Mon May 31, 2010 7:25 am Post subject: Users to have permission to mount loopbacks. |
|
|
How can I let my users have the permission to mount loopback files? I have some encrypted block files, some ISOs and such, that I want my user (not root) to be able to mount onto a mount point. |
|
Back to top |
|
|
Jimini l33t
Joined: 31 Oct 2006 Posts: 601 Location: Germany
|
Posted: Mon May 31, 2010 7:45 am Post subject: |
|
|
What about sudo?
Best regards,
Jimini _________________ "The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu) |
|
Back to top |
|
|
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Mon May 31, 2010 8:10 am Post subject: |
|
|
Jimini wrote: | What about sudo?
Best regards,
Jimini |
that's fine, but I don't want all users to know my password
and I want to write a script that mounts an iso and start a game from there, without prompting the user or anything... |
|
Back to top |
|
|
Jimini l33t
Joined: 31 Oct 2006 Posts: 601 Location: Germany
|
Posted: Mon May 31, 2010 8:17 am Post subject: |
|
|
As far as I know, you can configure sudo not to ask for passwords - but you're right, sudo seems more light a workaround to me here. I keep googleing ;)
Best regards,
Jimini _________________ "The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." (H.P. Lovecraft: The Call of Cthulhu) |
|
Back to top |
|
|
chithanh Developer
Joined: 05 Aug 2006 Posts: 2158 Location: Berlin, Germany
|
Posted: Mon May 31, 2010 9:05 am Post subject: |
|
|
It is a bit dangerous to allow users to mount stuff outside fstab/udev. They could mount filesystems with setuid binaries and use them for privilege escalation. |
|
Back to top |
|
|
iss Tux's lil' helper
Joined: 30 Oct 2006 Posts: 134 Location: Poland/Bydgoszcz
|
Posted: Mon May 31, 2010 9:31 am Post subject: |
|
|
wilsonsamm wrote: | Jimini wrote: | What about sudo?
Best regards,
Jimini |
that's fine, but I don't want all users to know my password :wink:
and I want to write a script that mounts an iso and start a game from there, without prompting the user or anything... |
Sudo wouldn't ask for your password but for users own. |
|
Back to top |
|
|
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Tue Jun 01, 2010 12:51 pm Post subject: |
|
|
chithanh wrote: | It is a bit dangerous to allow users to mount stuff outside fstab/udev. They could mount filesystems with setuid binaries and use them for privilege escalation. |
Is there a way to mark an .ISO as "permissible to mount with read-only permission"? |
|
Back to top |
|
|
chithanh Developer
Joined: 05 Aug 2006 Posts: 2158 Location: Berlin, Germany
|
Posted: Fri Jun 04, 2010 11:20 am Post subject: |
|
|
If it is just to allow users to access files in ISO images, these can be extracted with p7zip or similar.
Else maybe write a script that creates symlink to the ISO file in a special directory, which is monitored by another process and which mounts them with safe options. |
|
Back to top |
|
|
Sven Vermeulen Retired Dev
Joined: 29 Aug 2002 Posts: 1345 Location: Mechelen, Belgium
|
Posted: Sun Jun 06, 2010 6:29 am Post subject: |
|
|
Or create a wrapper script that takes one argument: the file to mount. The script is then responsible for selecting the right location (like /mnt/loop/0, 1, 2 ...) and mount the file with safe privileges for the user. Then allow users to call this script from sudo. The script returns the mountpoint.
You definitely don't want users to be able to mount something everywhere (otherwise they can mount a fake /etc with their own root password stuff inside at /etc), and the script should check that one argument for sane values (like a-zA-Z0-9._- or something akin to that).
Using something else with setuid is dangerous. _________________ Please add "[solved]" to the initial topic title when it is solved. |
|
Back to top |
|
|
|