----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Content-Lines: 86
The answers are in...
It doesn't appear newfs can be coerced into changing its behavior with
regard to filesystem top level directory ownership or permissions.
I liked Rick Heaton's advice the best:
> I don't think you can get newfs to do that, BUT:
> If you already have a suid "C" program to do the mounting, you could
> have it check the ownership. If the owner is root, change the owner to
> be the user who mounts it this first time. That way, other users can't
> mount and change the floppy (unless, of course, they know more than the
> average personnel manager about Unix) once it has been mounted for the
> first time.
This seems the safest work-around and gives the most desirable
results. (I might consider chmod 700 as well.)
Two of the respondents asked for the public domain program for end-user
mounts. I have included the source code which is quite compact. I
believe I hand typed it from a magazine article, and modified it
slightly to make it floppy disk specific.
Much thanks to:
>From: Larry Belvin <Larry.Belvin@analog.com>
roc@ewi.ch Christoph Rothlin
rheaton@synaptics.com Rick Heaton
>From: mulara88@matrix.newpaltz.edu (james mularadelis)
>From: jay@itre.uncecs.edu (Jay Novello)
>From: brb@ike.safb.af.mil (SrA Bruce R Baier)
>From: bernards@ECN.NL (Marcel Bernards)
pluto!perryh@neon.rain.com Perry Hutchison
ilan@dazix.co.il Ilan Hochman
Bob Cronin
(RJCronin@uop.com)
ORIGINAL POSTING:
> Environment: SunOS 4.1.1 & 4.1.3
> SPARCstations
>
> We are trying to make it easy for our users to format, newfs, and mount
> UNIX filesystem floppy disks. (So managers can keep personnel type
> files off-line, etc.)
>
> Mounting of floppies by end-users has been taken care of with a (public
> domain) suid "C" program.
>
>
> My LAST obstacle is trying to get write permission for the user on the
> mounted floppy. For whatever reason, '/usr/etc/newfs' makes the top
> level directory root owned with 755 permissions. Therefore, the user
> can not write files to the floppy when it is mounted.
>
> My script (which is called from the user's OpenWindows menu) looks like this:
>
> #!/bin/sh
> #
> #
> umask 000
>
> echo 'Laying down UNIX format on floppy...'
> /usr/ucb/yes | fdformat | sed -e 's/Press ret.*/UNIX format complete./'
>
> echo 'Installing UNIX filesystem on floppy...'
> /usr/etc/newfs /dev/rfd0c && echo 'Filesystem installation complete.'
> #
> #
> #
>
>
> I had my hopes up that newfs would respect the umask setting, but
> apparently not. (Incidentally, the man page says "You must be
> super-user to use this command.", but this is not the case.)
>
>
> Can anyone help me get newfs to give 777 permisions to, or user
> ownership of, the top level directory?
----------
X-Sun-Data-Type: c-file
X-Sun-Data-Name: Mount.c
X-Sun-Content-Lines: 147
/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*** Program: Extra-Root Mount (Umount)
*** Copyleft, 1991 by Don Trimmer, Delta Microsystems, Inc.
*** (Distribute freely and do not restrict use if incorporated in
your own software.)
*** Purpose: Allows anyone to mount/umount file systems from
specified devices, while preventing anyone except
root (superuser) from mount/umounting other file
systems.
*** Usage: Mount args
Umount args
args: Normal mount/umount arguments
*** Notes: The following shell script builds the executable:
#!/bin/csh
#
# The following two lines build a test version. To
# build the real version, comment out the next two
# lines and remove the leading '# ' from the
# following two commands:
#
echo "Compiling test version (echo mount arguments)"
cc -DTEST -o Mount Mount.c
# echo "Compiling and loading Mount"
# cc -o Mount Mount.c
echo "Changing Mount ownership and permissions"
chown root Mount
chmod 4555 Mount
echo "Linking Umount to Mount
/bin/rm Umount | echo -n ""
ln Mount Umount
/bin/ls -l Mount Umount
echo "Done!"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <errno.h>
#define CLEAR 0
#define SET 1
#define REEXPLEN 80
#define NEWMOUNTCOM "mount_floppy"
#define NEWUMOUNTCOM "umount_floppy"
#ifdef TEST
#define MOUNTCOM "echo"
#define UMOUNTCOM "echo"
#define MOUNTPATH "/bin/"
#define UMOUNTPATH "/bin/"
#else TEST
#define MOUNTCOM "mount"
#define UMOUNTCOM "umount"
#define MOUNTPATH "/usr/etc/"
#define UMOUNTPATH "/usr/etc/"
#endif TEST
/* "devices" is an array of strings. Each string is a regular ex-
pression which matches a device that everyone will be allowed to
mount or unmount. An arbitrary number of regular expressions may be
defined. The last entry should be a NULL string (""). The following
example allows everyone to mount all partitions from devices
/dev/smo0, /dev/smo1, and the a, g, and h partitions from device
/dev/smo2. */
char devices[][REEXPLEN] = {
"/dev/fd0$",
"/dev/fd0[a-c]$",
/* "/dev/smo[0-1][a-h]",
"/dev/smo2[agh]", */
""};
main(argc,argv) int argc; char *argv[]; {
int i,j,k; /* Index */
int ValidatedFlag=CLEAR; /* OK to proceed flag */
char Path[MAXPATHLEN]; /* Path of mount/umount */
char Name[MAXPATHLEN]; /* mount or umount */
struct stat stbuf; /* File status structure */
if(getuid()) {
/* UID not root, so validate permission */
for(i=0;devices[i][0] && !ValidatedFlag;i++) {
if(re_comp(devices[i])) {
fprintf(stderr,
"%s %s (errno=%d)\n",
"Can't compile regular expression",
devices[i],errno);
exit(1);
}
for(j=1;j<argc;j++) {
if(re_exec(argv[j]) == 1) {
/* Match found */
ValidatedFlag = SET;
break;
}
}
}
if(ValidatedFlag) {
/*
* Check to make sure no other arguments
* are block special files in case someone
* is trying to fake us out.
*/
for(k=1;k<argc;k++) {
if(k == j)
continue;
if(!stat(argv[k],&stbuf)) {
#ifdef S_ISBLK
if(S_ISBLK(stbuf.st_mode)) {
#else
if(S_IFBLK & stbuf.st_mode) {
#endif
/* AHA! A Hacker!! */
ValidatedFlag = CLEAR;
break;
} /* } */
}
}
}
if(!ValidatedFlag) {
fprintf(stderr, "Permission denied.\n");
exit(1);
}
}
/*
* If we got here, OK to perform (u)mount. Build mount/umount
* command and reset argv[0] to point at new command name
*/
if(!strcmp(argv[0],NEWMOUNTCOM)) {
strcpy(Name,MOUNTCOM);
sprintf(Path,"%s%s",MOUNTPATH,MOUNTCOM);
} else {
strcpy(Name,UMOUNTCOM);
sprintf(Path,"%s%s",UMOUNTPATH,UMOUNTCOM);
}
argv[0] = Name;
execv(Path,argv);
/* Should never get here */
fprintf(stderr,"Error exec'ing command (errno=%d)\n",errno);
exit(1);
}
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:54 CDT