frenomulax
asked on
non-root to umount /mnt/cdrom ?
Along similar lines as my question above, what would be the correct way to allow a non-root user to umount /mnt/cdrom ?
thanks,
thanks,
Give the user permissions to unmount the cdrom
Add option 'user' to /dev/cdrom's entry in /etc/fstab (man fstab tells everything).
ASKER
Sorry,
I probably wasn't explicit enough. What I maent was, what is the best way to let a specific user do this, not all users.
thanks,
I probably wasn't explicit enough. What I maent was, what is the best way to let a specific user do this, not all users.
thanks,
ASKER
Adjusted points from 50 to 100
For that, you need something that runs the mount/unmount commands as root only for that user. You can do it with a suid script, but I prefer to use a small executable (as it's a bit more secure). I've got one that could be modified slightly to do it if you are interested.
ASKER
I don't know much yet about suid. I know that there are security concerns w/ such scripts, but don't really know much about why. I'm not afraid of compiling a little code, if it is something a beginning programmer could understand. The truth is, on my home machine I am the only user, so modifying /etc/fstab would be acceptable, but what I'd like to do is learn the best way to handle this, in preperation of someday administering a system w/ multiple users.
I'll take your advise as to the best way to proceed.
thanks,
I'll take your advise as to the best way to proceed.
thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, shucky darn. Either I didn't manage to get my comment containing the code posted or it got lost... One more time... If you have trouble getting the code out of the comment and into a file, send me an email and I'll mail it to you (jlevie@bellsouth.net)
---begin cdutil.c---
/*
* NAME
* cdutil - User level CD mount/umount
*
* SYNOPSIS
* cdutil mount | umount
*
* DESCRIPTION
* Allows those users listed in the "names" array access to "mount/umount"
* with root privs. You can include one or more users as desired as long as "NULL"
* terminates the array. You certainly will need to edit the "names" array to
* suit local use.
*
* This utility is safe if installed properly. The executable should be placed in
* the user's PATH (/usr/bin comes to mind), owned by root, group root or bin,
* suid to root, and executable only by group & other. This can be easily done
* with:
*
* root> cc -o cdutil cdutil.c
* root> cp cdutil /usr/bin
* root> chown root:root /usr/bin/cdutil
* root> chmod 6511 /usr/bin/cdutil
*
* AUTHOR; Jim Levie
*/
#include <stdio.h>
#include <pwd.h>
struct passwd *getpwuid();
extern char **environ;
char *names[] =
{ "first-user", "second-user", NULL};
char *mount[] = {"/bin/mount", "/mnt/cdrom", '\0'};
char *umount[] = {"/bin/umount", "/mnt/cdrom", '\0'};
char **cmd;
main(argc, argv)
int argc;
char **argv;
{
char user[9];
register int okay = 0, i;
if(argc != 2)
{
puts("Usage: cdutil mount | umount\n");
exit(1);
}
/*
* Get and check the users name against our builtin names.
*/
strcpy(user, getpwuid(getuid())->pw_nam
for(i = 0; names[i]; i++)
{
if(!strcmp(user, names[i]))
{
okay = 1;
break;
}
}
if(okay)
{
if(!strcmp(argv[1], "mount"))
{
cmd = mount;
}
else if(!strcmp(argv[1], "umount"))
{
cmd = umount;
}
else
{
puts("Usage: cdutil [mount | umount]\n");
exit(1);
}
setuid(0);
execvp(*cmd, cmd);
puts("\nCan't execute.\n");
}
else
{
puts("Not by the hair of my chinny chin chin!\n");
}
}
---end cdutil.c---
---begin cdutil.c---
/*
* NAME
* cdutil - User level CD mount/umount
*
* SYNOPSIS
* cdutil mount | umount
*
* DESCRIPTION
* Allows those users listed in the "names" array access to "mount/umount"
* with root privs. You can include one or more users as desired as long as "NULL"
* terminates the array. You certainly will need to edit the "names" array to
* suit local use.
*
* This utility is safe if installed properly. The executable should be placed in
* the user's PATH (/usr/bin comes to mind), owned by root, group root or bin,
* suid to root, and executable only by group & other. This can be easily done
* with:
*
* root> cc -o cdutil cdutil.c
* root> cp cdutil /usr/bin
* root> chown root:root /usr/bin/cdutil
* root> chmod 6511 /usr/bin/cdutil
*
* AUTHOR; Jim Levie
*/
#include <stdio.h>
#include <pwd.h>
struct passwd *getpwuid();
extern char **environ;
char *names[] =
{ "first-user", "second-user", NULL};
char *mount[] = {"/bin/mount", "/mnt/cdrom", '\0'};
char *umount[] = {"/bin/umount", "/mnt/cdrom", '\0'};
char **cmd;
main(argc, argv)
int argc;
char **argv;
{
char user[9];
register int okay = 0, i;
if(argc != 2)
{
puts("Usage: cdutil mount | umount\n");
exit(1);
}
/*
* Get and check the users name against our builtin names.
*/
strcpy(user, getpwuid(getuid())->pw_nam
for(i = 0; names[i]; i++)
{
if(!strcmp(user, names[i]))
{
okay = 1;
break;
}
}
if(okay)
{
if(!strcmp(argv[1], "mount"))
{
cmd = mount;
}
else if(!strcmp(argv[1], "umount"))
{
cmd = umount;
}
else
{
puts("Usage: cdutil [mount | umount]\n");
exit(1);
}
setuid(0);
execvp(*cmd, cmd);
puts("\nCan't execute.\n");
}
else
{
puts("Not by the hair of my chinny chin chin!\n");
}
}
---end cdutil.c---
/dev/cdrom /cdrom iso9660 noauto,owner,ro 0 0