On Wed, 2002-10-09 at 15:15, Mario Lombardo wrote:
> Matt, thanks; it works. For conversation's sake, there are a few
> different approaches to this solution, correct?
>
Linux (for that matter most UNICES) offer many ways to approach a
problem. There is not always a "right way" to accomplish a task. Some
solutions are preferable in terms of security, resources available/used,
etc.
> I mean, I can suid to the VMware application to give it superuser or
> root rights to do things despite who is logged in or using it.
>
Setuid should only be used sparingly and very carefully. In your
scenario, you only wanted to grant access to a single user. Setuid
applies to all users who have execute permissions on the file in
question. The smallest flaw in the vmware code could grant a restricted
user full privilege over the box. Why expose the entire box to a
potentially huge security hole by setting the vmware binary to setuid --
especially when you are only concerned about a single user?
> I can set the partition in /etc/fstab with a particular gid or uid
> limit so a user with a rating par or better can have full use of the
> disk/partition.
I have never tried that, but I suspect it may not be viable.
fstab options I am aware of that may be applicable:
user = any user can mount this file system, but does not necessarily set
permissions for any user to use as raw device.
owner = only the owner of the disk can mount it. The disk would need to
be owned by a specific user. In other words, a privileged userid would
need to chown the disk to the same specific user. The user would then
have rw permissions as owner.
uid=n/gid=n = which sets the default uid/gid for the filesystem. (IIRC,
this only applies to fat filesystems.)
HTH
-- Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:57:13 EDT