-----BEGIN PGP SIGNED MESSAGE-----
Thanks to
Thomas Leitner <tom_at_radar.tu-graz.ac.at>
Wolfram Klaus <klaus_at_physik.fu-berlin.de>
"Serguei Patchkovskii" <patchkov_at_ucalgary.ca>
John Losey <JOHLOS_at_HBSI.COM>
Nikola Milutinovic <Nikola.Milutinovic_at_ev.co.yu>
Several replies suggested to build cdfs support into the kernel,
(options CDFS) but that was already done (I forgot to mention
this natural fact).
John Losey suggested sudo, but we don't want to bother our users
with too many password requests.
Thomas Leitner provided me with a setuid program to mount the
whole FS, but that was not my intent, since I just want to run my
setuid wrapper to start mount scripts for several devices.
Nevertheless, his program and the hint from Serguei Patchkovskii
yielded the apparent solution:
I had to put another line into my wrapper saying
setuid(geteuid());
With this it appears to work again as used under 4.0[bce].
The wrapper now looks like:
#include <unistd.h>
int main(int argc, char *argv[]) {
char *script="/full/path/to/mount-script";
setuid(geteuid());
execv(script, argv);
}
Appended find my original mail and the replies.
Tschüß,
Dieter
_____________________________*__________________________________
/ * dieter.meinert_at_aip.de \
\ Dieter Meinert (- **
http://www.aip.de/~dieter/ \
\__________________A______*__*___________________________________/
(public pgp key from
http://www.aip.de/~dieter/)
|=>
|=> -----BEGIN PGP SIGNED MESSAGE-----
|=>
|=>
|=>
|=> Dear Managers,
|=> I just upgraded a host to DU4.0f (y2k problem) and now found that
|=> again as in a previous version (4.0d) superuser
|=> privileges are required to load the cdfs modulewhoich had been
|=> fixed in 4.0e. Although I mount through a setuid wrapper it thus
|=> is impossible to noninteractively mount a cdrom.
|=>
|=> Does anyone know where this has been fixed again and where I may
|=> get the correcting patches ?
|=>
|=>
|=> Tschüß,
|=> Dieter
|=>
|=> _____________________________*__________________________________
|=> / * dieter.meinert_at_aip.de \
|=> \ Dieter Meinert (- **
http://www.aip.de/~dieter/ \
|=> \__________________A______*__*___________________________________/
|=> (public pgp key from
http://www.aip.de/~dieter/)
|=>
|=>
|=> -----BEGIN PGP SIGNATURE-----
|=>
|=> iQCVAwUBOFifUPYksnFoaQ6JAQGMQgQAiiTvVlJhXr8NaGxjdiEC8nwEaQZYDYr2
|=> JijV45EX7OJGKZ+639bVja3ObFkx5V9BVZgcbpk7UCVRJc/UEX09AazyxffgVPk8
|=> F54kTEHOBpsHMKCkSrD40Iy4BDhS1/HGmoIxkSUlsi4k4ECiv+nXE4bhjp9PPO4e
|=> MXqW0cNka9o=
|=> =FCpp
|=> -----END PGP SIGNATURE-----
|=>
Thomas Leitner <tom_at_radar.tu-graz.ac.at>:
Versuche diesen Wrapper. Funktioniert bei mir unter 4.0f.
Tom
#include <stdio.h>
#include <string.h>
main(int argc, char** argv)
{
char *av[5];
if (setuid(0) < 0) perror("setuid failed");
if (seteuid(0) < 0) perror("seteuid failed");
if (setruid(0) < 0) perror("setruid failed");
if(strcmp(argv[0],"cdmount")==0 ||
strcmp(argv[0], "/usr/local/bin/cdmount") == 0) {
av[0] = "/sbin/mount";
av[1] = "/cdrom";
av[2] = (char *)0;
printf("Mounting the CD-ROM on FINWAL01\n");
fflush(stdout);
execv(av[0],av);
perror("exec");
}
if(strcmp(argv[0],"cdmount1")==0 ||
strcmp(argv[0], "/usr/local/bin/cdmount1") == 0) {
av[0] = "/sbin/mount";
av[1] = "/cdrom1";
av[2] = (char *)0;
printf("Mounting the CD-ROM 1 on FINWAL01\n");
fflush(stdout);
execv(av[0],av);
perror("exec");
}
if(strcmp(argv[0],"cdumount") == 0 ||
strcmp(argv[0], "/usr/local/bin/cdumount") == 0) {
av[0] = "/sbin/umount";
av[1] = "/cdrom";
av[2] = (char *)0;
printf("Unmounting the CD-ROM on FINWAL01\n");
fflush(stdout);
execv(av[0],av);
perror("exec");
}
if(strcmp(argv[0],"cdumount1") == 0 ||
strcmp(argv[0], "/usr/local/bin/cdumount1") == 0) {
av[0] = "/sbin/umount";
av[1] = "/cdrom1";
av[2] = (char *)0;
printf("Unmounting the CD-ROM 1 on FINWAL01\n");
fflush(stdout);
execv(av[0],av);
perror("exec");
}
}
/* E O F */
Wolfram Klaus <klaus_at_physik.fu-berlin.de>:
Hallo,
ich habe Deine Mail ind der OSF-Managers Mailing List gelesen. Da ich
nicht in dieser Liste subscibed bin, schicke ich Dir die Mail direkt
und nicht als reply.
Eine einfache Moeglichkeit, das Problem zu umgehen, ist, das CDFS
Modul statisch in den Kernel zu linken. Dazu muss einfach "options
CDFS" im Kernel-Configurations-file stehen (/sys/con/<NAME>);
anschliessend den Kernel mit doconfig -c <NAME> neu bauen.
Ciao,
Wolfram
"Serguei Patchkovskii" <patchkov_at_ucalgary.ca>:
Pure speculation, but I would guess that the work-around is the same
as for 4.0D: make sure your wrapper calls
setuid(geteuid());
before exec'ing mount.
Regards,
/Serge.P
John Losey <JOHLOS_at_HBSI.COM>:
We work around that with sudo (
http://www.courtesan.com/sudo/). sudo lets
you grant permissions to users to allow them to run commands as other users
(ie. as root they can use the mount command). However, because you probably
don't want users to be able to mount/unmount all the file systems, I'd
create a shell script that takes 2 arguments "mount" & "unmount" so the user
would type:
sudo cdmount mount
or
sudo cdmount unmount
to mount or unmount the CD.
John
Nikola Milutinovic <Nikola.Milutinovic_at_ev.co.yu>:
So, why don't you build it into the kernel?
Nix.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAwUBOFn7PPYksnFoaQ6JAQHJbQP+JnEn5IWmxmjCk2e0qtySjF83IIQFjvTO
lS2swmUlfL8Z64qT6TpgpA8H+kXI7rorvZHZLDOKQkpTfFYCJ3wWNd1d0Y/U0l7D
uTUem+qby+XCZLYP3zRqt0DMEVsBa272ZUns9HFdKYNcyZ7jxuabVvrGKqcxwhdB
ybVrYmYTffw=
=XfvQ
-----END PGP SIGNATURE-----
Received on Fri Dec 17 1999 - 09:00:36 NZDT