Hello Sun Managers,
-----------------------------------------------------------
My question .
How to mount /pcfs without root privileges ?
------------------------------------------------------------
Thanks to all who responded .
I got 37 answers which fall into mainly three categories.
One of the mail I got is a summary that was posted in the past to
sun managers, I will use it and add new informations.
[1] setuid scripts.
This approach was frowned upon due to the security implications.
Essentially make a script which will do what you want,
make it owned by root and then set the setuid bit.
Many persons said DO NOT DO THIS. You have been warned.
Here is scripts provided by herbert@afis.gn.paramax.COM (Marc L. Herbert)
The contents of pcfsmnt:
#! /bin/csh -b
/usr/etc/mountpcfs /dev/fd0 /pcfs pcfs rw
The contents of ejectpcfs:
/usr/etc/umount /pcfs
/usr/bin/eject /dev/fd0
[2] setuid programs.
This is similar to above, though more secure.
Write a quick and dirty C program to do it. This way you
get around the security risk of a setuid script.
Here are C programs and instructions provided by
Tami Shoham tami@orbot-instr.co.il
-----------------------------------------------------
/* MOUNT /pcfs WITH suid bit */
main ()
{
system ("/etc/mount /pcfs") ;
}
/* UMOUNT /pcfs WITH suid bit */
main ()
{
system ("/etc/umount /pcfs") ;
}
1. as root user :
- cc -o pcmount pcmount.c
- chmod 4111 pcmount
2. as a regular user :
- pcmount / pcumount
----------------------------------------------------------
I used this option but i changed the program to this.
/* MOUNT /pcfs WITH suid bit */
main ()
{
system ("/usr/etc/mount_pcfs /dev/fd0 /pcfs pcfs rw,suid") ;
}
------------------------------------------------------------
Here is one other provided by danny@ews7.dseg.ti.com
-----------------------------------------------------------
make the attached programs SUID owned by root
X-Sun-Data-Type: zzzz
X-Sun-Data-Description: zzzz
X-Sun-Data-Name: pcmount.c
X-Sun-Content-Lines: 49
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
main()
{
dev_t root;
struct stat buff;
char *readonly = "";
setreuid (0, 0);
stat ("/", &buff);
root = buff.st_dev;
stat ("/pcfs", &buff);
if (buff.st_dev != root)
{
fprintf (stderr, "**something already mounted; run pcumount first\n");
}
else
{
system ("mount /pcfs");
stat ("/pcfs", &buff);
if (buff.st_dev == root)
{ /* try again read-only */
fprintf (stderr, "\n**the mount failed. will try again to mount read-only\n");
system ("mount -o ro /pcfs");
readonly = "read-only ";
stat ("/pcfs", &buff);
}
if (buff.st_dev == root)
{
fprintf (stderr, "\n**the mount failed. make sure the floppy is\n");
fprintf (stderr, "** actually in the drive.\n");
}
else
{
fprintf (stderr, "the floppy is mounted %sunder directory /pcfs\n",
readonly);
}
}
exit (0);
}
----------
X-Sun-Data-Type: zzzz
X-Sun-Data-Description: zzzz
X-Sun-Data-Name: pcumount.c
X-Sun-Content-Lines: 40
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
main()
{
dev_t root;
struct stat buff;
setreuid (0, 0);
stat ("/", &buff);
root = buff.st_dev;
stat ("/pcfs", &buff);
if (buff.st_dev == root)
{
fprintf (stderr, "floppy not mounted\n");
}
else
{
system ("umount /pcfs");
stat ("/pcfs", &buff);
if (buff.st_dev == root)
{
fprintf (stderr, "floppy successfully unmounted\n");
system ("eject");
}
else
{
fprintf (stderr, "\n**the unmount failed. if a pcfs device busy error\n");
fprintf (stderr, "**came up, you need to 'cd' off of the drive or move\n");
fprintf (stderr, "**the file manager off of the drive.\n");
}
}
exit (0);
}
-----------------------------------------------------------
I have not tried it but it looks like it should work.
[3] PD software
Finally there are a whole range of PD software about which do the trick.
mtools: DOS like commands to interact with floppy.
fdmount: allows user to mount/unmount floppy/cdrom
usermount: as above
mntdisk: as above
mounttool and usermount stuff: as above
Others suggestions:
To use "sudo"
df5slsn@if000350.bell-atl.com (Hermida)
perryh@pluto.rain.com (Perry Hutchison)
"Jonathan B. Horen" <horen@applicom.co.il> suggested :
Use the "sudo" program -- it's great for permitting users to perform
commands/tasks which would otherwise require root permissions. I
have used it for several versions over the last few years, and I
wouldn't manage a multi-user site without it!
"Michael (M.A.) Meystel" <MEYSTMA%DUVM.BITNET@pucc.Princeton.EDU> suggested:
-----------------------------------------------------------------------
I suggest the following:
sudo!!!!!
It's great - you can set it up so that only particular users or groups
of users have access to 'mount /pcfs'. When it is running, in order to
mount a PC floppy, they need to 'sudo mount /pcfs'. It then asks them
for their password. To eject the floppy, they need to do a 'sudo eject'.
I believe sudo is available on ftp.uu.net,
-----------------------------------------------------------------------
fausto@mercurio.uc.pt (Fausto Almeida) suggested
I think you can do it just by giving read write permission to the devices.
You must set fd0 to fd0c, and rfd0 to rfd0c permissions.
Just do
cd /dev
chmod a+rw *fd0*
mattias@txc.com (Mattias Zhabinskiy 203-929-8810x251) suggested
-------------------------------------------------------
I've written perl suid secure script for mounting
floppies without root priveledges.
I want to warn You not to write suid scripts - it's
security breach. Pearl checks all suid scripts for security
risks and uses special C wrapper to secure them (compiled
under SunOS 4.1.3_U1). If You're interested in suidscript -
C wrapper source You can find it in the O'Reilly & Associates book
Programming Perl (p. 305 Chapter 6) or I can send it to You.
Attached You'll find 2 Perl scripts (.putfloppy and .ejectfloppy)
and 2 suid secure executables, which call Perl scripts.
Files have to have following attributes:
-rwxr-xr-x 1 root 152 Jan 6 15:34 .ejectfloppy
-rwxr-xr-x 1 root 599 Jan 6 15:34 .putfloppy
-rwsr-xr-x 1 root 24576 Jan 6 15:33 ejectfloppy
-rwsr-xr-x 1 root 24576 Jan 6 15:31 putfloppy
Put them in directory which is in everybodies path (like /usr/local/bin).
If You'll have any problems or questions, please, let me know.
Good luck,
Matt
----------
X-Sun-Data-Type: default-app
X-Sun-Data-Description: default
X-Sun-Data-Name: .ejectfloppy
X-Sun-Content-Lines: 8
#! /user/perl/bin/perl
$ENV{'PATH'} = '/bin:/usr/etc';
$ENV{'IFS'} = '' if $ENV{'IFS'} ne '';
$path = $ENV{'PATH'};
system "/usr/etc/umount /dev/fd0 > /dev/null 2>&1";
system "/usr/bin/eject /dev/fd0";
----------
X-Sun-Data-Type: default-app
X-Sun-Data-Description: default
X-Sun-Data-Name: .putfloppy
X-Sun-Content-Lines: 24
#! /user/perl/bin/perl
print "Insert Diskette into the Floppy Drive and Hit <Return> when Ready: ";
$answer=<>;
$ENV{'PATH'} = '/bin:/usr/etc';
$ENV{'IFS'} = '' if $ENV{'IFS'} ne '';
$path = $ENV{'PATH'};
system "/usr/etc/mount -t pcfs /dev/fd0 /pcfs > /dev/null 2>&1";
if ($? >> 8)
{
system "/usr/etc/mount -t pcfs -r /dev/fd0 /pcfs > /dev/null 2>&1";
if (!($? >> 8))
{
print "Diskette mounted on /pcfs as read-only file system\n";
exit (0);
}
}
else
{
print "Diskette mounted on /pcfs\n";
exit (0);
}
print "Error mounting diskette\n";
exit (1);
------------------------------------------------------------
I didn't attach the 2 suid secure executables, which call Perl scripts.
I you want them send me a mail.
Thanks to:
Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>
adettric@citec.qld.gov.au (Alan Dettrick)
herbert@afis.gn.paramax.COM (Marc L. Herbert)
pburyk@leis.leis.bellcore.com (Patrick Buryk)
shandelm@jpmorgan.com (Joel Shandelman FIMS Information Systems - 212-648-4480)
df5slsn@if000350.bell-atl.com (Hermida)
glenn@uniq.com.au (Glenn Satchell - Uniq Professional Services)
martin@gea.hsr.it (Martin Achilli)
bdicaire@vpet.hydro.qc.ca (Benoit Dicaire)
Eckhard.Rueggeberg@ts.go.dlr.de (Eckhard Rueggeberg)
tami@orbot-instr.co.il Tami Shoham
thomas@wiwi.hu-berlin.de (Thomas Koetter)
Juergen Peus <grobi@uni-paderborn.de>
adap@andrews.edu (Edsel Adap)
Peter.Samuel@nms.otc.com.au (Peter Samuel)
Tom Reingold <tommy@big.att.com>
Steve Simmons <scs@lokkur.dexter.mi.us>
homebase!sjk@vapa.icon.palo-alto.med.va.gov (Steve Kapalko)
perryh@pluto.rain.com (Perry Hutchison)
bobk@nynexst.com (Bob Kryger)
poffen@San-Jose.ate.slb.com (Russ Poffenberger)
len@terminus.netsys.com (Len Rose)
roland@netcom.com (Paul Roland)
Jonathan Loh <jloh@futon.SFSU.EDU>
anderson@neon.mitre.org (Mark S. Anderson)
"Jonathan B. Horen" <horen@applicom.co.il>
fausto@mercurio.uc.pt (Fausto Almeida)
Dan Stromberg - OAC-DCS <strombrg@hydra.acs.uci.edu>
wade@kegs.saic.com (Jeff Wade x5117)
mattias@txc.com (Mattias Zhabinskiy 203-929-8810x251)
"Michael (M.A.) Meystel" <MEYSTMA%DUVM.BITNET@pucc.Princeton.EDU>
amy.hollander@amp.com (Amy Hollander)
hsafai@esri.com Houman Safai
danny@ews7.dseg.ti.com (Danny Johnson)
hoogs@SynOptics.COM (Tim Hoogasian)
david.warm@fi.gs.com (David Warm)
adamfox@super.org (Adam Fox)
Daniel Kakoun,
Daniel@brachot.jct.ac.il.
--
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:00 CDT