Besides the solution for the crash problem, I also received
directions for allowing users to mount and umount different
CDROM volumes (e.g. for the sake of reading documentation.).
As proposed by Colin Walters (walters_at_zk3.dec.com),
the problem can be solved using the facility called
division of privileges (dop).
The "dop" approach is probably more secure than a program
owned by root with set-user-ID permission.
The approach relies on a special database kept by the system
in which users or users groups are allowed to execute
sets of privileged operations are organized in privilege groups.
See man dop and online help for sysman dopconfig for more details.
A first step would therefore be to create a new group, say
CdromManagement consisting of actions cdmount and cdumount.
This step is somewhat tricky since it seems that it can't
be performed in a documented way - one has to figure out
the syntax of the file /etc/doprc, and add the following lines:
CdromManagement {
{groups { users }}
{description { CdromManagement privilege allows executing scripts for
mounting and umounting cd volumes }}
}
(making backup is reccomended before editing).
Consequently, dop -w command must be issued in order to compile
/etc/doprc into binary database.
Then, actions and the corresponding privileged commands can be
created in the created group via the dop command, e.g:
dop -a CdromManagement cdmount "/sbin/mount -r -o nosuid /dev/disk/cdrom0c /cdrom"
dop -a CdromManagement cdumount "/sbin/umount /dev/disk/cdrom0c"
Invoking mount with the nosuid option in order not to allow users to
compromise the system by a "root"-owned setuid-program was kindly
suggested by alan_at_nabeth.cxo.dec.com.
Finally, CdromManagement privileges can be granted to the special
user group, say Cdusers, which need to access CDROM files.
The users can consequently invoke
dop cdmount
and
dop cdumount.
Original question:
: A program from the archive of this list regularly crashes
: Tru64 v5.0 installed on an AlphaStation AS 600 5/333
: when run from user mode (of course, I was interested
: in allowing users to mount documentation CDROMs
: without root privileges).
...
Received on Fri Nov 10 2000 - 14:39:51 NZDT