Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!uunet!lotus!lotus!johnr
From: johnr@lotus.lotus.com (John Rouillard)
Newsgroups: comp.admin.policy
Subject: Re: Policies concerning root privs
Message-ID: <1991Jun13.201908.1511@lotus.com>
Date: 13 Jun 91 20:19:08 GMT
Article-I.D.: lotus.1991Jun13.201908.1511
References: <JGARB.91Jun4002317@csd4330a.erim.org> <30593@hydra.gatech.EDU> <24@tdatirv.UUCP>
Sender: news@lotus.com
Reply-To: johnr@lotus.lotus.com (John Rouillard)
Organization: Lotus Development Corp.
Lines: 7

What about using sudo.  Sudo invoking a shell script to do the mount will work
very nicely.  The shell script should only allows mounting/unmounting to a known
location so people can't play games by mounting their bin to /bin.

Of course, hard wire all path names in the shell script and set the PATH explicitly so it is tougher to exploit holes in the shell scripts.

		-- John