On Tue, 2004-05-11 at 18:41, Chadley Wilson wrote: > Take shares and removable media they all require root access and > although there are work arounds, I find myself driving out to a client > only to find that he needs to open a terminal, su to root to mount a > flash drive, I check the config files and they are right, and I have > done many. He can use his stick, it works, he saw it work, I saw it > work, He unplugs it and later plugs it in again now he only has read > only access and doesn't have permissions. Get in my car drive there, I > see the flash is already mounted, and without un-mounting it I log into > a terminl as root and touch a file in the flash dir and guess what > suddenly the user has RW access again.Without unmounting? mmmm Thats > without changing anything, it seems the system wants root to first > access the drive before any other user. > O.K so now he reboots his PC and can't get it mounted at all at all > because he needs to be root to mount. > > The point is: it is his memstick, it has his junk on it, he doesn't care > who root is, its not roots memstick it is his. He plugged it in as a It may be his memstick, but when it is mounted, it becomes one of the filesystems available to the operating system. If a user decided they wanted their memory stick to mount somewhere under "/etc", they could simply subvert system security, controls or existing configuration. This is why a mount should require system authorisation. This is fundamental security and trading it off for convenience is just that - a trade-off. It is your decision - just be sure you are aware of what you sacrifice for the convenience. <snip> > > > I just think that to many tools and apps require root access where the > user should have full rights. So change them - but they are that way for many good reasons. Cheers, Ben
