From: Mike Waychison <Michael.Waychison@Sun.COM>
To: Paul Jakma <paul@clubi.ie>
Cc: autofs@linux.kernel.org, raven@themaw.net
Subject: Re: submount vs automount
Date: Mon, 28 Jun 2004 11:44:02 -0400 [thread overview]
Message-ID: <40E03CC2.7020601@sun.com> (raw)
In-Reply-To: <Pine.LNX.4.60.0406280220160.13910@fogarty.jakma.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Jakma wrote:
> On Fri, 25 Jun 2004, Mike Waychison wrote:
>
>> This is just semantically racy. If someone ssh'es into you laptop and
>> accesses the mount before you do, you can't access it. A better
>> approach IMHO is to mount with the UID of the user on :0, unmounting
>> it on logout if possible. Thoughts?
>
>
> Why should the user on :0 be special?
Cause this is the kind of policy I'd like to see :)
>
> This is a question of policy. And there are really two questions here.
> The important one:
>
> - Does the user have the credentials to be allowed to mount this device?
>
> we already have things like pam_console and logindevperm to assist with
> answering this question, if an admin so desires.
>
Yup. However, this doesn't connect nicely with mount(8). mount(8) only
mounts as a user according to /etc/fstab rules, not by block device
owner :\ Maybe this should be fixed up somehow.
> The lesser question of, applying mainly to removable media with certain
> non-POSIX fs's:
>
> - what credentials should the mount apply to files?
>
> The answer to last one, given you have an answer to first question, is
> almost certainly "the credentials which triggered the mount".
>
> no?
>
Sure, but 'who is allowed to trigger the mount'?
- --
Mike Waychison
Sun Microsystems, Inc.
1 (650) 352-5299 voice
1 (416) 202-8336 voice
http://www.sun.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: The opinions expressed in this email are held by me,
and may not represent the views of Sun Microsystems, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA4DzBdQs4kOxk3/MRAvROAJ49u+Fa7l2cPubk0SbL/r83Nohi1gCgieZs
SIBJRsZbX5Q+rGWZQFYD8A8=
=ufzo
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2004-06-28 15:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-22 16:10 is there an autofs roadmap somewhere? Lever, Charles
2004-06-25 14:46 ` raven
2004-06-25 17:03 ` submount vs automount Jim Carter
2004-06-25 18:31 ` Mike Waychison
2004-06-26 0:19 ` Jim Carter
2004-06-28 1:32 ` Paul Jakma
2004-06-28 15:44 ` Mike Waychison [this message]
2004-06-28 15:46 ` Mike Waychison
2004-06-28 16:02 ` Paul Jakma
2004-06-28 15:59 ` Paul Jakma
2004-06-28 16:25 ` Mike Waychison
2004-06-28 17:00 ` Paul Jakma
2004-06-29 1:41 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40E03CC2.7020601@sun.com \
--to=michael.waychison@sun.com \
--cc=autofs@linux.kernel.org \
--cc=paul@clubi.ie \
--cc=raven@themaw.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.