Re: [SLUG] Permission problems w/ hard disk

From: Matt Miller (mmiller1@mptotalcare.com)
Date: Thu Oct 10 2002 - 11:37:40 EDT


On Wed, 2002-10-09 at 15:15, Mario Lombardo wrote:
> Matt, thanks; it works. For conversation's sake, there are a few
> different approaches to this solution, correct?
>

Linux (for that matter most UNICES) offer many ways to approach a
problem. There is not always a "right way" to accomplish a task. Some
solutions are preferable in terms of security, resources available/used,
etc.

> I mean, I can suid to the VMware application to give it superuser or
> root rights to do things despite who is logged in or using it.
>

Setuid should only be used sparingly and very carefully. In your
scenario, you only wanted to grant access to a single user. Setuid
applies to all users who have execute permissions on the file in
question. The smallest flaw in the vmware code could grant a restricted
user full privilege over the box. Why expose the entire box to a
potentially huge security hole by setting the vmware binary to setuid --
especially when you are only concerned about a single user?

> I can set the partition in /etc/fstab with a particular gid or uid
> limit so a user with a rating par or better can have full use of the
> disk/partition.

I have never tried that, but I suspect it may not be viable.
fstab options I am aware of that may be applicable:

user = any user can mount this file system, but does not necessarily set
permissions for any user to use as raw device.

owner = only the owner of the disk can mount it. The disk would need to
be owned by a specific user. In other words, a privileged userid would
need to chown the disk to the same specific user. The user would then
have rw permissions as owner.

uid=n/gid=n = which sets the default uid/gid for the filesystem. (IIRC,
this only applies to fat filesystems.)

HTH

-- 
Matt Miller
Systems Administrator
MP TotalCare
gpg public key id: 
08BC7B06




This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:57:13 EDT