[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: at-boot smbmount security.
On Tue, Aug 14, 2001, Ira Abramov wrote about "Re: at-boot smbmount security.":
> On Mon, 13 Aug 2001, Nadav Har'El wrote:
>
> > My /etc/fstab has always been root-only readable, and I never saw any
> > problem.
>
> never tried, but logic tells me a command like "mv" will need to know
> the partition structure from somewhere to know if it is doing
> copy-unlink or jusr relink. then again, I suppose that info is available
> from /proc if the programmer knows his job.
mv doesn't need to know the "partition structure" - mv should call the
rename(2) system call, and if it fails with errno==EXDEV (oldpath and
newpath are not on the same filesystem), it should resort to copying
instead.
Anyway, as I said /etc/fstab is only the superuser's "wishlist" as to which
filesystems should be mounted and how. It is *not* a list of currently-mounted
filesystems. A list of currently mounted filesystems is kept (in most Unix
systems, including Linux) in /etc/mtab, and it does not contain the Samba
passwords so it can be kept world-readable. In Linux, the list of currently
mounted filesystems can also be found in /proc/mounts.
> but yes, KDE likes (u)mounting floppies and CDROM drives itself. so that
> is not a solution.
So what: it is possible (for the superuser) to set up /etc/fstab lines
which will allow ordinary users to mount/unmount floppies and cdroms (see
mount(8) for more information). Then KDE only needs to do 'mount /mnt/floppy',
and so on. It has no need for reading /etc/fstab when not running as a super
user. If it does have such a "need", it can (and should) be fixed.
--
Nadav Har'El | Tuesday, Aug 14 2001, 25 Av 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |If you drink, don't park; Accidents cause
http://nadav.harel.org.il |people.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il