[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root access removed

On Tue, 2004-05-11 at 18:41, Chadley Wilson wrote:

> Take shares and removable media they all require root access and
> although there are work arounds, I find myself driving out to a client
> only to find that he needs to open a terminal, su to root to mount a
> flash drive, I check the config files and they are right, and I have
> done many. He can use his stick, it works, he saw it work, I saw it
> work, He unplugs it and later plugs it in again now he only has read
> only access and doesn't have permissions. Get in my car drive there, I
> see the flash is already mounted, and without un-mounting it I log into
> a terminl as root and touch a file in the flash dir and guess what
> suddenly the user has RW access again.Without unmounting? mmmm Thats
> without changing anything, it seems the system wants root to first
> access the drive before any other user.
> O.K so now he reboots his PC and can't get it mounted at all at all
> because he needs to be root to mount.
> The point is: it is his memstick, it has his junk on it, he doesn't care
> who root is, its not roots memstick it is his. He plugged it in as a

It may be his memstick, but when it is mounted, it becomes one of the
filesystems available to the operating system. If a user  decided they
wanted their memory stick to mount somewhere under "/etc", they could
simply subvert system security, controls or existing configuration. This
is why a mount should require system authorisation. This is fundamental
security and trading it off for convenience is just that - a trade-off.
It is your decision - just be sure  you are aware of what you sacrifice
for the convenience.

> I just think that to many tools and apps require root access where the
> user should have full rights.

So change them - but they are that way for many good reasons.

Cheers, Ben

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]