[ale] user using mount
David Corbin
dcorbin at machturtle.com
Sun May 28 12:51:51 EDT 2006
On Sunday 28 May 2006 12:38 pm, Michael B. Trausch wrote:
> On Sun, May 28 2006 09:30, David Corbin wrote:
> > Right. So an attempt to mount THAT device should fail. But I can't seem
> > to run an arbitrary mount command for an NFS volume as 'dumb user'.
>
> There is a bigger reason for not permitting a user to mount things
> arbitrarily. It is a great deal easier -- and more secure -- to whitelist
> permitted behavior, instead of blacklisting prohibited behavior. Consider
> the implications of a user mounting an NFS volume on the /home mount point,
> or /home/dumbuser, or whatever.
>
OK. I understand the whitelist vs. blacklist argument. Howver, I *think* it
should be secure to mount a remote file system anywhere I have write
permission. I'd even settle for having to have "rwx" permission. Or even
some other special permission. Or only if I own the mount point.
It just seems that if I have access to the remote system, I should be able to
mount in 'my area'. Now, I happen to be root for all my systems, so it's
just inconvenience right now.
David
More information about the Ale
mailing list