Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!csus.edu!syscube.ccs.csus.edu!hoodr From: hoodr@syscube.ccs.csus.edu (Robert Hood) Newsgroups: comp.sys.next Subject: Re: Preserving file ownerships on OD? Keywords: userid, uid, OD, Optical, reassignment Message-ID: <1991Jun21.203134.7927@csus.edu> Date: 21 Jun 91 20:31:34 GMT References: <1991Jun20.220525.5015@ccu.umanitoba.ca> Sender: usenet@csus.edu (USENET News System) Organization: California State University: Sacramento Lines: 41 Nntp-Posting-Host: syscube.ccs.csus.edu In article <1991Jun20.220525.5015@ccu.umanitoba.ca> grdetil@ccu.umanitoba.ca (Gilles R. Detillieux) writes: >The Optical Disk drive on our NeXT is shared by many people on our network. >(Now that the OD is no longer standard equipment on NeXT, I suspect that >a lot of OD drives will be shared in similar ways at other sites.) We >find it extremely annoying when one user is logged into the NeXT console >(usually me), and another user wants to access or update one of his disks, >logging in over the network. He inserts his disk, and then all of his files >now belong to me; he can't even update his own disk because he doesn't have >write permission on the directories. I usually have to stop what I'm doing, >log out, and let the other person log in while he updates his disk, even if >he is going to do it over the network. Who really mounted the disk? If someone sticks in a disk while YOU are logged in at the console, the NeXT automounts the disk for YOU). The problem you are running into is actually a security feature. Hypothetical situation: (I wish) I own a NeXT. I have superuser (as well as any other user) access. I create an optical disk with a setuid root shell (or any program). I could also create a setuid shell for your user id too. I come over to the NeXT you are working on, and shove in the disk. It mounts it. It preserves the user ids. I log in remotely, and execute that setuid root shell it so nicely preserved for me. I'm superuser! I blow you off the system. I erase all your files. I erase everyones files! I go crazy! I get thrown in jail... :-) Preserving UIDs is possible, but you have to mount the disk as root. You can't use automount. You have to 'manually' mount it like this: su # become superuser mount /dev/od0a /mnt # mount the optical on /mnt and to unmount su # become superuser umount /mnt # unmount the filesystem on /mnt disk -e /dev/rod0a # Eject the disk -- Robert Hood - Operating Systems and Network Support California State University: Sacramento E-Mail: hoodr@csus.edu Phone: (916) 278-7402 Fax: (916) 278-7671