eject and pam support in Fedora
Bill Crawford
billcrawford1970 at gmail.com
Wed Mar 5 09:58:25 UTC 2008
On 05/03/2008, Karel Zak <kzak at redhat.com> wrote:
> Unfortunately, it also works for non-CD/DVD devices.
This might conceivably still be a good thing (e.g. /dev/sd[e-h] on my
machine here at work are all different slots in the card reader on the
front of the box).
> Unfortunately, eject(8) is ***broken by design***, because
> automatically calls umount(8) before an eject ioctl.
That's pretty necessary if there's a cd or dvd mounted and you need to
eject it. Arguably it would be good if the kernel would notice it's
mounted and unmount it rather than requiring userspace to do so; but
then you have the problem of authorization all over again (*plus* the
problem of mechanism versus policy).
> $ umount /dev/sda8
> umount: only root can unmount LABEL=/mnt/misc from /mnt/misc
IIRC this is what the old "users" mount option was meant to cover.
> Well, try other way:
>
> $ grep sda8 /proc/mounts
> /dev/sda8 /mnt/misc ext3 rw,relatime,data=ordered 0 0
>
> $ eject sda8
> umount: /: device is busy
> umount: /: device is busy
> eject: unmount of `/' failed
>
> $ grep sda8 /proc/mounts; echo $?
> 1
Ouch.
Similar example here:
[bill at bill ~]$ eject mapper/System-Local
umount: /usr/local: device is busy
umount: /usr/local: device is busy
eject: unmount of `/usr/local' failed
So you're quite right, that's BAD.
> From my point of view this is ***security bug*** (#432187), because
> eject(8) bypasses /etc/fstab setting.
Oh, definitely a problem. Perhaps there's some better way to handle it.
Trouble is, the old alternative (only root can do this) meant people
using root account pretty indiscriminately. There is a conflict
between having a designated administrator, and user accounts who may
need to access hardware in this way; luckily most of the time this
isn't an issue because the owner of the machine is the one sitting at
it.
> The normal UNIX design is use small separated commands rather than
> one super-command. eject(8) should print "error: device is mounted"
> rather than directly umount the device.
Then it fails to do what it says on the tin, "eject" a removable device.
It used to be that you had to put "users" as a mount option in
/etc/fstab to allows multiple users to mount/unmount e.g. a CD or DVD.
That's been "broken" by the move to completely dynamic handling of
removable devices and mountpoints by hal.
You're right, but we need a replacement for eject or to make it work
right, ... having it just fail will result in either lots of people
having to be given a root password who wouldn't otherwise, or lots of
extra time wasted by administrators of shared machines.
More information about the fedora-devel-list
mailing list