Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!rutgers!orstcs!sapphire!pvo From: pvo@sapphire.OCE.ORST.EDU (Paul O'Neill) Newsgroups: comp.sys.next Subject: Re: More questions Message-ID: <19753@orstcs.CS.ORST.EDU> Date: 8 Aug 90 20:53:21 GMT References: <5984@milton.u.washington.edu> Sender: usenet@orstcs.CS.ORST.EDU Reply-To: pvo@sapphire.OCE.ORST.EDU (Paul O'Neill) Organization: Coastal Imaging Lab, Oregon State University, Corvallis, OR Lines: 54 In article john@math.utexas.edu (John R. Schutz) writes: > >>1. When mount an OD on multiple disk system, ALL files on the OD >[...] deleted part of quote >> of my files? > >yes, as far as I can think (unless your chown them to root, but if >they know the root password on any NeXT system, they can screw that >too.) > BZZZZZZZT--Wrong. If you have an optical disk that has only been mounted by the automounter, ALL, yes, all files and directories on that disk are ALREADY owned by root. Mount the thing manually and have a look. It's a cute trick that NeXT does with the automounter, making those root- owned files look like the-person-at-the-console's files. I've never seen an explanation of how it's done. Lot's of us would like to know! We almost always mount our opticals manually, via a suid perl script, from remote logins. This involves the least disturbance of anyone who happens to be logged in at the console. If you start doing this with suid programs or scripts as recently advised in this forum, be aware that root will have to manually mount a disk that has been previously auto-mounted and do a find script on it that changes ownership of all it's files to you. HOWEVER, you still don't want to loan your disk to someone you don't implicitly trust with your life, data & programs. I just did a test where another user mounted my optical disk with the automounter. All files on this disk are owned by ME, not root, and after the automounter mounted it, all files appeared to be owned by HIM. He could write, delete, change, etc. Now for the kicker. After unmounting this disk and manually mounting it, the files that HE made during the test, and that appeared as HIS during the test where really owned by ME!! (I was expecting them to be owned by root.) Documentation of autodiskmount is very sketchy. Maybe we can get something out of NextAnswers soon. SECURITY NOTE: perl's suid emulation and security checks seem quite strong. However, since that NeXT kernel does not disallow suid script execution, their full security can't be used. I strongly discourage the use of suid shell scripts for this task, and strongly urge NeXT to have their ^^^^^ next NeXT kernel disallow their execution. Paul O'Neill pvo@oce.orst.edu DoD 000006 Coastal Imaging Lab OSU--Oceanography Corvallis, OR 97331 503-737-3251