-- Gernot M. Fuchs University of N.C. at Chapel Hill voice: 919-966-3263 UNC Hospitals/School of Medicine email: gfuchs_at_pasteur.med.unc.edu CB #7260, Chapel Hill, N.C. 27599 www : http://russell.med.unc.edu/~gfuchs Return-path: <alan_at_nabeth.cxo.dec.com> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po2.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/8lUDEHq00UdaMrUk4K>; Fri, 26 Apr 1996 12:04:36 -0400 (EDT) Received: from mail13.digital.com (mail13.digital.com [192.208.46.30]) by po2.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id MAA14206 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 12:04:33 -0400 Received: from nabeth.cxo.dec.com by mail13.digital.com (5.65v3.2/1.0/WV) id AA04746; Fri, 26 Apr 1996 11:57:19 -0400 Received: by nabeth.cxo.dec.com (5.65/fma-100391); id AA17725; Fri, 26 Apr 1996 09:58:13 -0600 Date: Fri, 26 Apr 1996 09:58:13 -0600 From: alan_at_nabeth.cxo.dec.com (Alan Rollow - Dr. File System's Home for Wayward Inodes.) Message-Id: <9604261558.AA17725_at_nabeth.cxo.dec.com> To: ar2h+_at_andrew.cmu.edu Subject: Re: Help with cdrom permissions ... I think the mount system call has an explicit check for root when local file systems are mounted. There's an option to allow non-root NFS mounts, but I think it is only for NFS mounts. What you need to do is write a wrapper program for the necessary mount command and set it up to run as root. It would be wise to ensure that it uses mount options that prevent setuid programs from being imported by otherwise non-privilaged users. Return-path: <rioux_at_ip6480nl.ce.utexas.edu> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po4.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/AlUG95m00UdcBHGk4I>; Fri, 26 Apr 1996 15:21:41 -0400 (EDT) Received: from ip6480nl.ce.utexas.edu (ip6480nl.ce.utexas.edu [146.6.89.193]) by po4.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id PAA21319 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 15:21:27 -0400 Received: by ip6480nl.ce.utexas.edu (5.65c/1.921207) id AA20400; Fri, 26 Apr 1996 14:21:23 -0500 From: rioux_at_ip6480nl.ce.utexas.edu (Tom Rioux) Message-Id: <199604261921.AA20400_at_ip6480nl.ce.utexas.edu> Subject: Re: Help with cdrom permissions ... To: ar2h+_at_andrew.cmu.edu Date: Fri, 26 Apr 96 14:21:22 CDT In-Reply-To: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu>; from "Aaron Todd Riccitelli" at Apr 26, 96 11:22 am X-Mailer: ELM [version 07.05.00.00 (2.3 PL11)] alpha1:root:/usr/local/source/mcd# cat makefile CC = cc cflags = CFLAGS = -c -O lflags = LFLAGS = all: /usr/local/bin/mcd_iso /usr/local/bin/mcd_ufs _at_echo "mcd is up to date." /usr/local/bin/mcd_iso: mcd_iso cp mcd_iso /usr/local/bin/mcd_iso chown root /usr/local/bin/mcd_iso chgrp lrc /usr/local/bin/mcd_iso chmod 4755 /usr/local/bin/mcd_iso mcd_iso: mcd_iso.o /lib/libc.a $(CC) $(LFLAGS) $(lflags) mcd_iso.o -lc -o mcd_iso strip mcd_iso mcd_iso.o: mcd_iso.c $(CC) $(CFLAGS) $(cflags) mcd_iso.c /usr/local/bin/mcd_ufs: mcd_ufs cp mcd_ufs /usr/local/bin/mcd_ufs chown root /usr/local/bin/mcd_ufs chgrp lrc /usr/local/bin/mcd_ufs chmod 4755 /usr/local/bin/mcd_ufs mcd_ufs: mcd_ufs.o /lib/libc.a $(CC) $(LFLAGS) $(lflags) mcd_ufs.o -lc -o mcd_ufs strip mcd_ufs mcd_ufs.o: mcd_ufs.c $(CC) $(CFLAGS) $(cflags) mcd_ufs.c alpha1:root:/usr/local/source/mcd# alpha1:root:/usr/local/source/mcd# cat mcd_iso.c #include <stdio.h> #include <stdlib.h> #include <sys/types.h> int main () { int lsiv_return_code; lsiv_return_code = setuid ( (uid_t) 0 ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); lsiv_return_code = setgid ( (gid_t) 0 ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); lsiv_return_code = system ( "/sbin/mount -rt cdfs -o nodefperm,noversion /dev/rz4c /mnt" ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); printf ( "CD-ROM /dev/rz4c mounted in iso9660 format as /mnt\n" ); return ( 0 ); } alpha1:root:/usr/local/source/mcd# alpha1:root:/usr/local/source/mcd# cat mcd_ufs.c #include <stdio.h> #include <stdlib.h> #include <sys/types.h> int main () { int lsiv_return_code; lsiv_return_code = setuid ( (uid_t) 0 ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); lsiv_return_code = setgid ( (gid_t) 0 ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); lsiv_return_code = system ( "/sbin/mount -rd /dev/rz4c /mnt" ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); printf ( "CD-ROM /dev/rz4c mounted in ufs format as /mnt\n" ); return ( 0 ); } alpha1:root:/usr/local/source/mcd# alpha1:root:/usr/local/source/ucd# cat makefile CC = cc cflags = CFLAGS = -c -O lflags = LFLAGS = /usr/local/bin/ucd: ucd cp ucd /usr/local/bin/ucd chown root /usr/local/bin/ucd chgrp system /usr/local/bin/ucd chmod 4755 /usr/local/bin/ucd ucd: ucd.o /lib/libc.a $(CC) $(LFLAGS) $(lflags) ucd.o -lc -o ucd strip ucd ucd.o: ucd.c $(CC) $(CFLAGS) $(cflags) ucd.c alpha1:root:/usr/local/source/ucd# alpha1:root:/usr/local/source/ucd# cat ucd.c #include <stdlib.h> #include <sys/types.h> int main () { int lsiv_return_code; lsiv_return_code = setuid ( (uid_t) 0 ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); lsiv_return_code = system ( "/sbin/umount /mnt" ); if ( lsiv_return_code != 0 ) return ( lsiv_return_code ); printf ( "CD-ROM disk unmounted from /mnt\n" ); return ( 0 ); } alpha1:root:/usr/local/source/ucd# You may have to change "/dev/rz4c" to meet your configuration. Tom Rioux ECJ 3.400.C4 Civil Engineering Department C1700 The University of Texas at Austin Austin, Texas 78712 512-475-6094 512-471-0592 FAX 512-606-8320 digital pager rioux_at_mail.utexas.edu > Hello, > > I am trying to set permissions on configured RRD4x's. I have tried just about> all combinations of permission settings on the cdrom, but only root has > the ability to mount the cdrom now. Basically, I am need of help of letting > my users mount the drive when they want/need to. I have tried resetting the > permissions, exhaustively searching through the man pages, ect., but the > system does not let users mount the device. Any help would be greatly > appreciated, because right now I having taken a tangent and am confusing > myself on what I set out to do. > > As always, > Thanks in advance, > > A. Riccitelli > Dept of Civil Engineering > Carnegie Mellon University > > Return-path: <dwagon_at_alexandra.aaii.oz.au> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po5.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/clV1nEi00Udd53xk4A>; Sun, 28 Apr 1996 21:35:12 -0400 (EDT) Received: from aaii.oz.au (gatekeeper.aaii.oz.AU [192.35.59.253]) by po5.andrew.cmu.edu (8.7.5/8.7.3) with ESMTP id VAA17395 for <ar2h+_at_andrew.cmu.edu>; Sun, 28 Apr 1996 21:35:05 -0400 Received: from alexandra (alexandra.aaii.oz.AU [192.35.59.45]) by aaii.oz.au (8.7.3/8.7.3) with SMTP id LAA29094 for <ar2h+_at_andrew.cmu.edu>; Mon, 29 Apr 1996 11:35:01 +1000 (EST) Received: by alexandra; (5.65v3.2/1.1.8.2/27Jun95-0517PM) id AA32141; Mon, 29 Apr 1996 11:35:00 +1000 Message-Id: <9604290135.AA32141_at_alexandra> To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> From: Dougal Scott <dwagon_at_aaii.oz.au> Reply-To: dwagon_at_aaii.oz.au Subject: Re: Help with cdrom permissions ... In-Reply-To: Message from Aaron Todd Riccitelli of 1996-Apr-26 11:22:4, <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Date: Mon, 29 Apr 1996 11:35:00 +1000 Sender: dwagon_at_aaii.oz.au ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" > Any help would be greatly appreciated, because right now I having > taken a tangent and am confusing myself on what I set out to do. Mount can only be run as root independant of permissions, it's a kernel restriction. Try sudo, which allows you to specify users or groups of users to be able to run specified commands (such as mounting cd-rom) as root. ftp://ftp.cs.colorado.edu/users/millert/sudo/cu-sudo.v1.4.2-GAMMA.tar.Z ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-Description: signature Dougal Scott Australian Artificial Intelligence Institute dwagon_at_aaii.oz.au 6/171 La Trobe St. Melbourne 3000 Programmer and Tech Support Australia Phone: +61 3 9663 7922 Fax: +61 3 9663 7937 ------- =_aaaaaaaaaa0-- Return-path: <CJS35102%US0A20.decnet_at_usav01.glaxo.com> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po2.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/8lUDvSu00UdaR1iE9O>; Fri, 26 Apr 1996 12:50:39 -0400 (EDT) Message-ID: <Added.UlUDvSO00Uda51iE5D_at_andrew.cmu.edu> Received: from usav01.glaxo.com ([152.51.1.8]) by po2.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id MAA16821 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 12:50:36 -0400 Date: 26 Apr 96 12:49:00 EDT From: "US0A20::CJS35102" <CJS35102%US0A20.decnet_at_usav01.glaxo.com> Subject: RE: Help with cdrom permissions ... To: "ar2h+" <ar2h+_at_andrew.cmu.edu> Write a script that does the mount. Put it in a secure area (very important!) Give ownership of the script to root. Set UID (SUID) the file to allow it to runas root. Set permissions so others can execute it. It is important that you understang the SUID function to set this up without creating a security hole. Create a link to it from the /bin directory or give the users the full path name. Hope this helps, Chris. (Something like this, I can't test this so I'll leave it to you to debug) cd /homegrown/scripts ! or whereever you want it to reside vi cdmnt -------------------------------------- #!/bin/sh echo "Enter the CD type [ufs]: \c" read type if [-z $type]; then set type=ufs fi mount -t $type /dev/rz4c /cdrom -------------------------------------- # chown root cdmnt # chmod 4711 cdmnt ! suid, root full privs, grp and world execute only # ln -s /homegrown/scripts/cdmnt /bin/cdmnt Users with /bin in their path should be able to execute it by typing cdmnt and responding to the type prompt. a similar script now needs to be written to let them unmount the CD. Note: Anyone with access to the scripts can mount or unmount anyone's CDs, also users who cd to the CD and forget about it may prevent othersfrom being able to dismount it. Return-path: <lblank_at_chakotay.au.af.mil> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po4.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/QlUDZ5y00UdcEnG04W>; Fri, 26 Apr 1996 12:26:46 -0400 (EDT) Received: from chakotay.au.af.mil (chakotay.au.af.mil [132.60.232.98]) by po4.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id MAA13109 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 12:26:30 -0400 Received: from chakotay.au.af.mil (132.60.232.98) by chakotay.au.af.mil (EMWAC SMTPRS 0.70) with SMTP id <B0000000768_at_chakotay.au.af.mil>; Fri, 26 Apr 1996 11:27:18 -0500 Received: by chakotay.au.af.mil with Microsoft Mail id <01BB3363.5376BCD0_at_chakotay.au.af.mil>; Fri, 26 Apr 1996 11:27:17 -0 500 Message-ID: <01BB3363.5376BCD0_at_chakotay.au.af.mil> From: Lynn Blankenship <lblank_at_chakotay.au.af.mil> To: "'Aaron Todd Riccitelli'" <ar2h+_at_andrew.cmu.edu> Subject: RE: Help with cdrom permissions ... Date: Fri, 26 Apr 1996 11:27:15 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BB3363.5377CE40" ------ =_NextPart_000_01BB3363.5377CE40 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit When I asked the same question, the answer I got was only root can mount. ---------- From: Aaron Todd Riccitelli Sent: Friday, April 26, 1996 10:22 AM To: alpha-osf-managers_at_ornl.gov Subject: Help with cdrom permissions ... Hello, I am trying to set permissions on configured RRD4x's. I have tried just about all combinations of permission settings on the cdrom, but only root has the ability to mount the cdrom now. Basically, I am need of help of letting my users mount the drive when they want/need to. I have tried resetting the permissions, exhaustively searching through the man pages, ect., but the system does not let users mount the device. Any help would be greatly appreciated, because right now I having taken a tangent and am confusing myself on what I set out to do. As always, Thanks in advance, A. Riccitelli Dept of Civil Engineering Carnegie Mellon University ------ =_NextPart_000_01BB3363.5377CE40 Content-Type: application/ms-tnef Content-Transfer-Encoding: base64 eJ8+IhEQAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEkAYAIAEAAAEAAAAMAAAAAwAAMAIAAAAL AA8OAAAAAAIB/w8BAAAASAAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAAAEFhcm9uIFRvZGQgUmlj Y2l0ZWxsaQBTTVRQAGFyMmgrQGFuZHJldy5jbXUuZWR1AB4AAjABAAAABQAAAFNNVFAAAAAAHgAD MAEAAAAVAAAAYXIyaCtAYW5kcmV3LmNtdS5lZHUAAAAAAwAVDAEAAAADAP4PBgAAAB4AATABAAAA GAAAACdBYXJvbiBUb2RkIFJpY2NpdGVsbGknAAIBCzABAAAAGgAAAFNNVFA6QVIySCtAQU5EUkVX LkNNVS5FRFUAAAADAAA5AAAAAAsAQDoBAAAAAgH2DwEAAAAEAAAAAAAAAjEzAQSAAQAkAAAAUkU6 IEhlbHAgd2l0aCBjZHJvbSBwZXJtaXNzaW9ucyAuLi4AEQwBBYADAA4AAADMBwQAGgALABsADwAF ACsBASCAAwAOAAAAzAcEABoACwAaADIABQBNAQEJgAEAIQAAAEUzOEI2QzdGNzU5RkNGMTFCRDE0 MDgwMDJCQkY3MERDAFsHAQOQBgAkBQAAFAAAAAsAIwAAAAAAAwAmAAAAAAALACkAAAAAAAMALgAA AAAAAwA2AAAAAABAADkAcH2lOo0zuwEeAHAAAQAAACQAAABSRTogSGVscCB3aXRoIGNkcm9tIHBl cm1pc3Npb25zIC4uLgACAXEAAQAAABYAAAABuzONOqN/bIv1n3URz70UCAArv3DcAAAeAB4MAQAA AAMAAABNUwAAHgAfDAEAAAAWAAAAV2luZG93cy9ORUVMSVgvbGJsYW5rAAAAAwAGELLDBToDAAcQ zQIAAB4ACBABAAAAZQAAAFdIRU5JQVNLRURUSEVTQU1FUVVFU1RJT04sVEhFQU5TV0VSSUdPVFdB U09OTFlST09UQ0FOTU9VTlQtLS0tLS0tLS0tRlJPTTpBQVJPTlRPRERSSUNDSVRFTExJU0VOVDpG UkkAAAAAAgEJEAEAAACQAwAAjAMAAFYGAABMWkZ1Y+hK3P8ACgEPAhUCpAPkBesCgwBQEwNUAgBj aArAc2V07jIGAAbDAoMyA8YHEwKDujMTDX0KgAjPCdk7Ff94MjU1AoAKgQ2xC2Bu8GcxMDMUIAsK EvIMASJjAEAgV2gJ8CBJkCBhc2sJgCB0GvBIIHNhB4AgcQpQc7R0aQIgLBujAHF3BJCpGyFnbwVA dxtQIAIg2Gx5IANgHcFjA5EEYBp1AjAuCoUKi2xpMQQ4MALRaS0xNDTPDfAM0CFTC1kxNgqgA2D2 dAWQBUAtI3cKhyIrDDD1IvZGA2E6JH4i9gyCE3AzCsACICBUBHAbkFJp6GNjaSMgbCCwJB8lLR8G YAIwJl8nayYQaWRhmnkcwEEi8AMRMjYcwBAxOTk2LrAwOjL5EiBBTSmPJS0okCvPJ2sFB0BwEcAt b3NmLckDgWFnBJBzQAWwHkAaLh2wdi+fKp51YmrXIzExvydrSClAcB3gKSBKaB7AZANhIHAEkG13 BAEckQQgLjtQH38ggzN+NiH3FCIMASL2OZEVkCxHO4wbMTpwdHJ5C4BnfRugbxvgEgA6iyhhBaBu DSEgZwhwG4FSUkQ0YHgncy4gGyERwHbPG9BAEAiQG5BqdRxwG0D5BuB1dAqFB0ADIAWgBtDtC4Bh HIIeEWY6iUCiHIDfGQBBkxuyOjMcwGJEgB4pvRHAcwqFHONFgCCwdB5gh0CBHxNHuCBub3dDAb5C G1Ao8EURLfE/w24J4N8bkEYhGvA5sUYhbEcUCoW+bR5gRBA0gUrZOkBpQ3G+dxryG7EeYB3wAjAv TUP/QIBDDhYARwUbogqFOpkcwPxleBHARBFQcR5REfAKwOcRsFN0A2B1ZzoQG7IDgm8KsDRwVPIj QC5IVFO4c8p5HHBlOnBkbweRS+CvBUBOQU9PDbB2KPBlQwGsQW4eYE3DdwhgbBuQvmIb0AnBRbAe UESmcCLw9wWQBzAjIGRIUQWQVVEb0L8FEFbgBUBL4UMkQENhG3D9A6BhYIEZACuRHREbkD/h70Hi RBBOihHwbEYwKGFQsH9FsBshQLJEcUByWbA7fUFfBCAHQB3wWVA+1lQRwG7OawQgC4AbQGR2AHBb wM0+3UFDACjvRGUFMUYh9kNQcAMRRRkAC4AJ4AUQvU6XQwrATUBrIBvQTT6S/QOgVQMAQ3AR4Epx O4w7j188nho1IvYKhRUhAHJQAwAQEAAAAAADABEQAAAAAEAABzDw4yIsjTO7AUAACDDw4yIsjTO7 AR4APQABAAAABQAAAFJFOiAAAAAAAwANNP03AACvfA== ------ =_NextPart_000_01BB3363.5377CE40-- Return-path: <szgyula_at_skysrv.Pha.Jhu.EDU> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po2.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/YlUEQha00Uda19ME47>; Fri, 26 Apr 1996 13:26:05 -0400 (EDT) Received: from skysrv.Pha.Jhu.EDU (skysrv.pha.jhu.edu [128.220.26.123]) by po2.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id NAA18778 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 13:25:58 -0400 Received: from tarkus.pha.jhu.edu by skysrv.Pha.Jhu.EDU; Fri, 26 Apr 1996 13:25:51 -0400 Sender: szgyula_at_skysrv.Pha.Jhu.EDU Received: by tarkus.pha.jhu.edu; (5.65/1.1.8.2/30Jan95-0100PM) id AA11095; Fri, 26 Apr 1996 13:26:08 -0400 From: Gyula Szokoly <szgyula_at_skysrv.Pha.Jhu.EDU> Message-Id: <9604261726.AA11095_at_tarkus.pha.jhu.edu> Subject: Re: Help with cdrom permissions ... To: ar2h+_at_andrew.cmu.edu Date: Fri, 26 Apr 1996 13:26:08 -0400 (EDT) In-Reply-To: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> from "Aaron Todd Riccitelli" at Apr 26, 96 11:22:04 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text > I am trying to set permissions on configured RRD4x's. I have tried just about> all combinations of permission settings on the cdrom, but only root has > the ability to mount the cdrom now. Basically, I am need of help of letting What about a setuid C program that does this through the 'system()' call? Gyula Return-path: <mike_at_lib.utexas.edu> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po3.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/AlUCwCG00Udb4vHU4f>; Fri, 26 Apr 1996 11:43:10 -0400 (EDT) Received: from pcl-a61.lib.utexas.edu (pcl-a61.lib.utexas.edu [128.83.205.181]) by po3.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id LAA15172 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 11:43:04 -0400 Received: from localhost by pcl-a61.lib.utexas.edu; (5.65/1.1.8.2/12Dec94-0228PM) id AA07218; Fri, 26 Apr 1996 10:46:38 -0500 Sender: mike_at_lib.utexas.edu Message-Id: <3180EFDE.5656_at_lib.utexas.edu> Date: Fri, 26 Apr 1996 10:46:38 -0500 From: "Michael R. Kline" <mike_at_lib.utexas.edu> Organization: University of Texas at Austin General Libraries X-Mailer: Mozilla 2.0 (X11; I; OSF1 V3.0 alpha) Mime-Version: 1.0 To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> Subject: Re: Help with cdrom permissions ... References: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Aaron, Only root has permission to use the mount command. You need to write a wrapper program with setuid root to allow other users to mount the cdrom. Mike Aaron Todd Riccitelli wrote: > > Hello, > > I am trying to set permissions on configured RRD4x's. I have tried just about> all combinations of permission settings on the cdrom, but only root has > the ability to mount the cdrom now. Basically, I am need of help of letting > my users mount the drive when they want/need to. I have tried resetting the > permissions, exhaustively searching through the man pages, ect., but the > system does not let users mount the device. Any help would be greatly > appreciated, because right now I having taken a tangent and am confusing > myself on what I set out to do. > > As always, > Thanks in advance, > > A. Riccitelli > Dept of Civil Engineering > Carnegie Mellon University -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Michael R. Kline mike_at_lib.utexas.edu General Libraries Office: (512) 495-4391 University of Texas at Austin FAX : (512) 495-4347 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Return-path: <beb_at_rosat.mpe-garching.mpg.de> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po5.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/8lV5=Ci00Udd9PeE4T>; Mon, 29 Apr 1996 01:25:34 -0400 (EDT) Received: from o01.rosat.mpe-garching.mpg.de (o01.rosat.mpe-garching.mpg.de [130.183.72.2]) by po5.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id BAA23461 for <ar2h+_at_andrew.cmu.edu>; Mon, 29 Apr 1996 01:25:31 -0400 Received: by o01.rosat.mpe-garching.mpg.de; id AA04696; Mon, 29 Apr 1996 07:25:51 +0200 Message-Id: <9604290525.AA04696_at_o01.rosat.mpe-garching.mpg.de> References: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> Subject: Re: Help with cdrom permissions ... In-Reply-To: Your message of "Fri, 26 Apr 1996 11:22:04 EDT." <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 29 Apr 1996 07:25:51 +0200 From: "Bernt Christandl" <beb_at_rosat.mpe-garching.mpg.de> Aaron, if you are still interested, we have such a construction running, and i can send you the details (including some small c-files) The main problem is that (u)mount under DU is a command that only root has the priviledges to use. Our solution is a program (the "user_interface") which lets the user select what kind of cd-mount he want to do. Then this program starts the appropriate suid-installed routine which actually (u)mounts the cd. With regards Bernt Christandl ------------------------------------------------------------------------- - Bernt Christandl / Max Planck Institut fuer Extraterrestrische Physik - - D-85740 Garching / Phone: +49/89/3299-3342 / Fax: +49/89/3299-3569 - - Internet: beb_at_mpe-garching.mpg.de - ------------------------------------------------------------------------- Return-path: <roddy_at_visual-ra.swmed.edu> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po4.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/MlUELzC00UdcIwvE4G>; Fri, 26 Apr 1996 13:21:05 -0400 (EDT) Received: from UTSW.SWMED.EDU (utsw.swmed.edu [129.112.1.12]) by po4.andrew.cmu.edu (8.7.5/8.7.3) with ESMTP id NAA15569 for <ar2h+_at_andrew.cmu.edu>; Fri, 26 Apr 1996 13:20:19 -0400 Received: from visual-ra.swmed.edu by UTSW.SWMED.EDU (PMDF V5.0-6 #13099) id <01I3ZWOPY7H48ZYZBJ_at_UTSW.SWMED.EDU> for ar2h+_at_andrew.cmu.edu; Fri, 26 Apr 1996 12:17:32 -0500 (CDT) Received: by visual-ra.swmed.edu (5.x/SMI-SVR4) id AA04865; Fri, 26 Apr 1996 12:23:44 -0500 Date: Fri, 26 Apr 1996 12:23:44 -0500 From: Roddy McColl <roddy_at_visual-ra.SWMED.EDU> Subject: Help with cdrom permissions ... In-reply-to: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> Message-id: <9604261723.AA04865_at_visual-ra.swmed.edu> Content-transfer-encoding: 7BIT Newsgroups: poster References: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> Aaron Todd Riccitelli writes: > Hello, > > I am trying to set permissions on configured RRD4x's. I have tried just about > all combinations of permission settings on the cdrom, but only root has > the ability to mount the cdrom now. Basically, I am need of help of letting > my users mount the drive when they want/need to. I have tried resetting the > permissions, exhaustively searching through the man pages, ect., but the > system does not let users mount the device. Any help would be greatly > appreciated, because right now I having taken a tangent and am confusing > myself on what I set out to do. > > As always, > Thanks in advance, > > A. Riccitelli > Dept of Civil Engineering > Carnegie Mellon University > > > This is my version of the cdmount / cdumount program which has been around in PD land for a while. I have a 4/300 and it works just fine, allowing the users to mount / umount by making the program setuid to root. ----------- Makefile (run as root) ------------------------- ########################################################## # # _at_(#)Makefile 1.1 8/17/91 - CDmount # # This software is Copyright (c) 1991 by Kent Landfield. # # Permission is hereby granted to copy, distribute or otherwise # use any part of this package as long as you do not try to make # money from it or pretend that you wrote it. This copyright # notice must be maintained in any copy made. # # Use of this software constitutes acceptance for use in an AS IS # condition. There are NO warranties with regard to this software. # In no event shall the author be liable for any damages whatsoever # arising out of or in connection with the use or performance of this # software. Any use of this software is at the user's own risk. # # If you make modifications to this software that you feel # increases it usefulness for the rest of the community, please # email the changes, enhancements, bug fixes as well as any and # all ideas to me. This software is going to be maintained and # enhanced as deemed necessary by the community. # # Kent Landfield # sparky!kent # kent_at_sparky.imd.sterling.com # ########################################################## DESTDIR=/usr/local/bin MANDIR=/usr/man/manl all: cdmount cdumount cdmount: $(CC) $(CFLAGS) -o cdmount cdmount.c cdumount: cdmount.c chown root cdmount chgrp bin cdmount chmod u+s cdmount rm -f cdumount ln cdmount cdumount install: all _at_echo "install according to local conventions" install -c -s -o root -g bin -m 6755 cdmount $(DESTDIR) rm -f $(DESTDIR)/cdumount ln $(DESTDIR)/cdmount $(DESTDIR)/cdumount install -c -o bin -g bin -m 0644 cdmount.1 $(MANDIR)/cdmount.l install -c -o bin -g bin -m 0644 cdumount.1 $(MANDIR)/cdumount.l clean: rm -f cdmount cdumount print: cprint Makefile | lpr -Plw cprint README | lpr -Plw cprint cdmount.c | lpr -Plw psroff -man cdmount.1 psroff -man cdumount.1 ------------------ end of Makefile --------------------------- ------------------ cdmount.c --------------------------- /* ** Subsystem: User Level mount for CD-ROM ** File Name: cdmount.c ** ** This software is Copyright (c) 1991 by Kent Landfield. ** ** Permission is hereby granted to copy, distribute or otherwise ** use any part of this package as long as you do not try to make ** money from it or pretend that you wrote it. This copyright ** notice must be maintained in any copy made. ** ** Use of this software constitutes acceptance for use in an AS IS ** condition. There are NO warranties with regard to this software. ** In no event shall the author be liable for any damages whatsoever ** arising out of or in connection with the use or performance of this ** software. Any use of this software is at the user's own risk. ** ** If you make modifications to this software that you feel ** increases it usefulness for the rest of the community, please ** email the changes, enhancements, bug fixes as well as any and ** all ideas to me. This software is going to be maintained and ** enhanced as deemed necessary by the community. ** ** Kent Landfield ** sparky!kent ** kent_at_sparky.imd.sterling.com */ #if !defined(lint) && !defined(SABER) static char SID[] = "_at_(#)cdmount.c 1.2 8/19/91"; #endif #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> /*#define MOUNT "/etc/mount"*/ #define MOUNT "/sbin/mount" /*#define UMOUNT "/etc/umount"*/ #define UMOUNT "/sbin/umount" /*#define EJECT "/usr/bin/eject"*/ #define MOUNTPOINT "/cdrom" /*#define MOUNTDEVICE "/dev/sr0"*/ #define MOUNTDEVICE "/dev/rz4c" /*#define MOUNTDEVICE "/dev/rz12c"*/ void usage(progname) char *progname; { /* The next line is commented out since there is no hsfs option */ /* for the OSF. 12/21/95 Alex Krimkevich */ /* -h mount an ISO 9660 or High Sierra CD_ROM Filesystem\n\*/ (void) fprintf(stderr, "\nusage: %s [ -cdv ]\ \n\noptions:\n\ -c mount the cdfs CD_ROM Filesystem\n\ -d show the mount command without executing it\n\ -v show the mount command and execute it\n\ \n", progname); } int main(argc, argv) int argc; char **argv; { int getopt(); char *strrchr(); extern char *optarg; extern int optind; extern int opterr; char *cp; char cmd[256]; int rc; int cdfs; int debug; int iso9660; struct stat stb; if ((cp = strrchr(argv[0],'/')) != NULL) ++cp; else cp = argv[0]; /* ** Setup IFS for system() protection... */ if (putenv("IFS= \t\n") != 0) { (void) fprintf(stderr,"%s: IFS putenv failed...\n", cp); return(1); } /* ** Setup PATH for execlp() protection... */ if (putenv("PATH=/etc:/usr/etc:/bin:/sbin:/usr/bin") != 0) { (void) fprintf(stderr,"%s: PATH putenv failed...\n", cp); return(1); } /* ** If the user is requesting to mount a CD.. */ if (strcmp(cp, "cdmount") == 0) { cdfs = 0; iso9660 = 0; opterr = 0; debug = 0; /* ** Assure that the mount point is there and in a ** directory and not a symbolic link .. */ if (lstat(MOUNTPOINT, &stb) != 0) { (void) fprintf(stderr, "%s: mount point missing\n", MOUNTPOINT); return(1); } if ((stb.st_mode & S_IFMT) != S_IFDIR) { (void) fprintf(stderr, "%s: invalid mount point\n", MOUNTPOINT); return(1); } if (argc > 1) { while ((rc = getopt(argc, argv, "dcv")) != EOF) { switch (rc) { case 'c': /* ** mount the cdfs type CD_ROM ** which is supposed to be ISO 9660 */ cdfs++; break; case 'd': /* debugging - does not run command. */ debug = 1; break; case 'v': /* verbose - runs command. */ debug = 2; break; /* case 'h': /* ** mount an ISO 9660 Standard or High ** Sierra Standard CD-ROM filesystem. ** Not applicable for the OSF, so commented out iso9660++; break;*/ default: usage(cp); return(1); } } } /* if (cdfs && iso9660) { (void) fprintf(stderr,"%s: Cannot use ISO9660 and CDFS\n", cp); return(1); }*/ /* build the command line.. */ if (cdfs) (void) sprintf(cmd, "%s -r -t cdfs -o nosuid %s %s", MOUNT, MOUNTDEVICE, MOUNTPOINT); /* else if (iso9660) (void) sprintf(cmd, "%s -r -t hsfs -o nosuid %s %s", MOUNT, MOUNTDEVICE, MOUNTPOINT);*/ else (void) sprintf(cmd, "%s -r -o nosuid %s %s", MOUNT, MOUNTDEVICE, MOUNTPOINT); if (debug) (void) fprintf(stderr, "%s\n", cmd); if (debug != 1) rc = system(cmd); } /* ** The user is requesting to dismount a CD... */ else if (strcmp(cp, "cdumount") == 0) { #ifdef EJECT (void) sprintf(cmd, "%s %s && %s %s", UMOUNT, MOUNTDEVICE, EJECT, MOUNTDEVICE); #else (void) sprintf(cmd, "%s %s", UMOUNT, MOUNTDEVICE); #endif rc = system(cmd); if (!rc) fprintf(stderr, "%s: Note: You must manually eject the CD-ROM\n", cp); } /* ** Improperly named/linked executables, I'm confused... */ else { (void) fprintf(stderr, "%s: I don't know who I am... ? \n", cp); rc = 1; } return(rc >> 8); } ------------------ end of cdmount.c ------------------ Good luck! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Roddy McColl PhD Assistant Professor of Radiology Radiology Imaging Center UT Southwestern Medical Center at Dallas 5323 Harry Hines Blvd Dallas TX 75235-9058 (214) 648-2910 (214) 648-4538 FAX roddy_at_mri.swmed.edu http://www-mri.swmed.edu/homes/roddy.html -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Return-path: <Knut.Hellebo_at_nho.hydro.com> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail Received: from po5.andrew.cmu.edu via trymail ID </afs/andrew.cmu.edu/usr20/ar2h/Mailbox/IlV5nDW00Udd5SME4f>; Mon, 29 Apr 1996 02:08:19 -0400 (EDT) Received: from bgedsu04.nho.hydro.com (bgedsu04.nho.hydro.com [136.164.209.10]) by po5.andrew.cmu.edu (8.7.5/8.7.3) with SMTP id CAA24157 for <ar2h+_at_andrew.cmu.edu>; Mon, 29 Apr 1996 02:08:10 -0400 Received: from bgptu1.nho.hydro.com by bgedsu04.nho.hydro.com with SMTP id AA04114 (5.67a8/IDA-1.5 for <ar2h+_at_andrew.cmu.edu>); Mon, 29 Apr 1996 08:08:01 +0200 Received: (from bgk1142_at_localhost) by bgptu1.nho.hydro.com (8.6.12/8.6.6) id IAA01103 for ar2h+_at_andrew.cmu.edu; Mon, 29 Apr 1996 08:07:59 +0200 Date: Mon, 29 Apr 1996 08:07:59 +0200 From: Hellebo Knut <Knut.Hellebo_at_nho.hydro.com> Message-Id: <9604290807.ZM1101_at_bgptu1.nho.hydro.com> In-Reply-To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> "Help with cdrom permissions ..." (Apr 26, 11:22am) References: <ElUCcQS00YUqIF40lt_at_andrew.cmu.edu> Reply-To: Knut.Hellebo_at_nho.hydro.com X-Mailer: Z-Mail (3.2.2 10apr95 MediaMail) To: Aaron Todd Riccitelli <ar2h+_at_andrew.cmu.edu> Subject: Re: Help with cdrom permissions ... Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Regards, Generally, filesystems can only be mounted by root. This holds whether the filesystem is of cdrom type or ufs/advfs. To let every user be able to mount cdrom's you must either write your own little C-program (NOT shellscript !) or get a freewarepackage, e.g 'sudo' -- ****************************************************************** * Knut Helleboe | DAMN GOOD COFFEE !! * * Norsk Hydro a.s | (and hot too) * * Phone: +47 55 996870, Fax: +47 55 996342 | * * Pager: +47 96 500718 | * * E-mail: Knut.Hellebo_at_nho.hydro.com | Dale Cooper, FBI * ******************************************************************Received on Mon Apr 29 1996 - 17:40:23 NZST
This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:46 NZDT