[PATCH] use HAL property to set mount root in callouts
Andrey Borzenkov
arvidjaar at mail.ru
Sun Jan 8 01:14:03 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 08 January 2006 06:51, Kay Sievers wrote:
> On Sat, Jan 07, 2006 at 09:46:58PM +0300, Andrey Borzenkov wrote:
> > On Saturday 07 January 2006 21:33, Kay Sievers wrote:
> > > > blacklisting mode does not allow user to restrict
> > > > access to inserted media (user may not want USB key with bank
> > > > certificate and transactions be readable to everyone).
> > >
> > > Filesystems have permissions or things like FAT is mounted with the uid
> > > of the requesting user.
> >
> > it (FAT) is still often world-readable even if not world-writable. Oh, I
> > actually meant umask (and dmask/fmask), I always confuse them. Default is
> > most probably wrong as it is taken from caller (i.e. HAL in this case)
> > not from user.
>
> The uid of the process who actually invokes the Mount() method is passed
> to mount, not HAL's own uid.
>
How is this relevant? fat fakes permissions by applying umask parameter. This
parameter is by default taken from mounting process that means, effectively
HAL method callout. Most likely it is set to 022 giving every user read
rights but only owner may write. Now user may wish to make it 077 to
effectively prevent any read access to everybody or to 002 to give group
share access or even 000 (unlikely, but ...) to grant access to everybody.
Sysadmin may opt to install system-wide mounter, revoke at_console
permissions, set umask to 002 and add users to special group. This may be
useful for unattended system without anyone logged in. Which BTW implies that
gid= option may have to be whitelisted too :)
- -andrey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDwNfbR6LMutpd94wRArpTAJ0dMKGasjJihFVviAGMteXfTtkybACfXUJk
yiyQOUvQBcwqKNv/DNHnMxk=
=Cq5m
-----END PGP SIGNATURE-----
More information about the hal
mailing list