Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261461AbVDSL5Y (ORCPT ); Tue, 19 Apr 2005 07:57:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261465AbVDSL5Y (ORCPT ); Tue, 19 Apr 2005 07:57:24 -0400 Received: from wproxy.gmail.com ([64.233.184.203]:56164 "EHLO wproxy.gmail.com") by vger.kernel.org with ESMTP id S261461AbVDSL5T convert rfc822-to-8bit (ORCPT ); Tue, 19 Apr 2005 07:57:19 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VWmBUgaf/yducJone3mvHmaHEi6+jQg4AI906CV4pwWsio+d541icjDdkNlaFV17EZlbAKrpM/M7cW0rYMaWdHahg0jkjgQyGhdw4+4f6d8Yk4+FewCbEXt2ItVyziqgGXbl8nyLjdaQpx+CyRgmtK5Suowhqy8WUfbBATuqCRM= Message-ID: Date: Tue, 19 Apr 2005 06:57:17 -0500 From: Eric Van Hensbergen Reply-To: Eric Van Hensbergen To: 7eggert@gmx.de Subject: Re: [RFC] FUSE permission modell (Was: fuse review bits) Cc: Miklos Szeredi , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, hch@infradead.org, akpm@osdl.org, viro@parcelfarce.linux.theplanet.co.uk In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Content-Disposition: inline References: <3Ki1W-2pt-1@gated-at.bofh.it> <3S8oN-So-17@gated-at.bofh.it> <3S8oN-So-19@gated-at.bofh.it> <3S8oN-So-21@gated-at.bofh.it> <3S8oN-So-23@gated-at.bofh.it> <3S8oN-So-25@gated-at.bofh.it> <3S8oN-So-27@gated-at.bofh.it> <3S8oM-So-7@gated-at.bofh.it> <3UmnD-6Fy-7@gated-at.bofh.it> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1341 Lines: 28 On 4/17/05, Bodo Eggert <7eggert@gmx.de> wrote: > > > I was thinking about this a while back and thought having a user-mount > > permissions file might be the right way to address lots of these > > issues. Essentially it would contain information about what > > users/groups were allowed to mount what sources to what destinations > > and with what mandatory options. > > Users being able to mount random fs containing suid or device nodes > are root whenever they want to. If you want to mount with dev or suid, > use sudo and restrict the mount to a limited set of images/devices/whatever. > Well, that would kinda be the intent behind the permissions file -- it can specify what restricted set of images/devices/whatever the user can mount, I suppose the sensible thing would be to always enforce nosuid and nsgid, but I'd rather keep these as the default version of options (allowing admins to shoot themselves in the foot perhaps, but in the single-user workstation case, is seems like there's less reason to be so paranoid). -eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/