Solved

non-root to umount /mnt/cdrom ?

Posted on 2000-04-05
9
358 Views
Last Modified: 2010-08-05
Along similar lines as my question above, what would be the correct way to allow a non-root user to umount /mnt/cdrom ?
thanks,
0
Comment
Question by:frenomulax
9 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2688716
Change the entry in fstab to include "owner". Something like:

/dev/cdrom              /cdrom                  iso9660 noauto,owner,ro 0 0
0
 
LVL 1

Expert Comment

by:caramilk
ID: 2688841
Give the user permissions to unmount the cdrom
0
 
LVL 4

Expert Comment

by:Robson
ID: 2689194
Add option 'user' to /dev/cdrom's entry in /etc/fstab (man fstab tells everything).
0
 

Author Comment

by:frenomulax
ID: 2692246
Sorry,
I probably wasn't explicit enough. What I maent was, what is the best way to let a specific user do this, not all users.
thanks,
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:frenomulax
ID: 2692247
Adjusted points from 50 to 100
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2693066
For that, you need something that runs the mount/unmount commands as root only for that user. You can do it with a suid script, but I prefer to use a small executable (as it's a bit more secure). I've got one that could be modified slightly to do it if you are interested.
0
 

Author Comment

by:frenomulax
ID: 2695459
I don't know much yet about suid. I know that there are security concerns w/ such scripts, but don't really know much about why. I'm not afraid of compiling a little code, if it is something a beginning programmer could understand. The truth is, on my home machine I am the only user, so modifying /etc/fstab would be acceptable, but what I'd like to do is learn the best way to handle this, in preperation of someday administering a system w/ multiple users.

I'll take your advise as to the best way to proceed.
thanks,
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 2695536
I don't like suid scripts either. There's no way to hide their contents like there is with a properly installed executable and it takes extreme caution to make sure that the script can't be abused. As far as I've been able to determine (and that includes peer review) my C code is safe if properly installed. And, in fact, there are numerous suid programs on Linux or any other Unix. There have to be for certain things, so it's a necessary evil that we put up with. As long as the executable is properly written and installed it doesn't create a security risk.

I'll modify the code and post it tomorrow. It's pretty late where I am right now...
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2720635
Well, shucky darn. Either I didn't manage to get my comment containing the code posted or it got lost... One more time... If you have trouble getting the code out of the comment and into a file, send me an email and I'll mail it to you (jlevie@bellsouth.net)

---begin cdutil.c---
/*
 * NAME
 *              cdutil - User level CD mount/umount
 *
 * SYNOPSIS
 *              cdutil mount | umount
 *
 * DESCRIPTION
 *              Allows those users listed in the "names" array access to "mount/umount"
 *              with root privs. You can include one or more users as desired as long as "NULL"
 *              terminates the array. You certainly will need to edit the "names" array to
 *              suit local use.
 *
 *              This utility is safe if installed properly. The executable should be placed in
 *              the user's PATH (/usr/bin comes to mind), owned by root, group root or bin,
 *              suid to root, and executable only by group & other. This can be easily done
 *              with:
 *
 *              root> cc -o cdutil cdutil.c
 *              root> cp cdutil /usr/bin
 *              root> chown root:root /usr/bin/cdutil
 *              root> chmod 6511 /usr/bin/cdutil
 *
 * AUTHOR; Jim Levie
 */

#include <stdio.h>
#include <pwd.h>

struct passwd *getpwuid();
extern char **environ;

char *names[] =
{ "first-user", "second-user", NULL};

char *mount[] = {"/bin/mount", "/mnt/cdrom", '\0'};
char *umount[] = {"/bin/umount", "/mnt/cdrom", '\0'};

char **cmd;

main(argc, argv)
int argc;
char **argv;
{
  char user[9];
  register int okay = 0, i;

  if(argc != 2)
  {
    puts("Usage: cdutil mount | umount\n");
    exit(1);
  }

  /*
     * Get and check the users name against our builtin names.
     */
  strcpy(user, getpwuid(getuid())->pw_name);
  for(i = 0; names[i]; i++)
  {
    if(!strcmp(user, names[i]))
    {
      okay = 1;
      break;
    }
  }  
  if(okay)
  {
    if(!strcmp(argv[1], "mount"))
    {
      cmd = mount;
    }
    else if(!strcmp(argv[1], "umount"))
    {  
      cmd = umount;      
    }
    else
    {
      puts("Usage: cdutil [mount | umount]\n");
      exit(1);
    }
    setuid(0);
    execvp(*cmd, cmd);
    puts("\nCan't execute.\n");
  }
  else
  {
    puts("Not by the hair of my chinny chin chin!\n");
  }
}
---end cdutil.c---
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now