Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!think.com!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.questions
Subject: Re: Personal NFS?
Message-ID: <1991Apr29.052922.4388@athena.mit.edu>
Date: 29 Apr 91 05:29:22 GMT
References: <1991Apr24.000005.7810@bradley.bradley.edu> <4034@inews.intel.com> <12681@uhccux.uhcc.Hawaii.Edu>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 47


  (I've kept this in comp.unix.questions rather than following Eric's
Followup-To, because what I'm posting has little to do with the NFS protocol
directly.)

In article <12681@uhccux.uhcc.Hawaii.Edu>, pilger@uhunix1.uhcc.Hawaii.Edu (Eric Pilger) writes:
|> In article <4034@inews.intel.com> bhoughto@pima.intel.com (Blair P. Houghton) writes:
|> >Basically, RTFM mount(8) and umount(8).  If your sysadmin has
|> >turned off your permission to invoke mount or umount, scream
|> 
|> SunOS does not let anyone but root issue the mount or umount command.

  Indeed.  Blair apparently believes that general accessibility of mount() and
umount() is the rule.  In fact, it is the exception, and my impression is that
only recently did *any* variant of Unix start allowing non-root users to do
mounts.

|> I suppose you could change these commands to be SUID, but I would only
|> want to do this on my own personal machine.  IT WOULD NOT be a wise
|> thing to do generally.  The safest path is to create a small program
|> that is hardwired to do specific mounts, and make it SUID.  This
|> provides a little more control.

  Project Athena solved this problem several years ago by writing a program
called "attach" (and a corresponding program called "detach") to do mounts and
unmounts for users.  It's more then just what Eric proposes.  It supports
several different filesystem types (UFS, NFS, RVD, AFS, and other special
types); allows filesystems to be referred to by symbolic names (indeed, all
user home directories are filesystems named after them, so the login program
just runs "attach jik" to make my home directory accessible on a workstation);
uses hesiod (another Project Athena thing) to look up filesystems or reads
them from a configuration file (or both); allows the installer to configure
whether or not users can do explicit attaches at all, and if so, what
directories they can mount in and what directories they can't; and some
other stuff.

  Unfortunately, we've never released attach for redistribution, because much
of the NFS and UFS code was stolen from the BSD mount sources, which are not
freely redistributable.  We don't have any programmers working on it
actively right now, so I don't know if/when the code is going to be freed of
restrictions and distributed.n

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710