[gnu/linux] Монтировать iso обычному пользователю

dangerr

dgaf

dangerr

dgaf

dangerr

dgaf

dangerr

/dev/loop*

Ivan8209

dangerr

Ivan8209

hwh2010

В линуксе пользователю для mount надо давать рутовые права?

:~$ cat /etc/fstab|grep sdb1

/dev/sdb1	/usbflashdrive  vfat    users,iocharset=utf8,noauto

:~$ mount /usbflashdrive

:~$ umount /usbflashdrive

:~$ whoami

bash

:~$ uname -a

Linux  2.6.24-etchnhalf.1-486 Mon Jul 21 10:36:16 UTC 2008 i686 GNU/Linux

:~$ 

Ivan8209

$ id

uid=1000(user) gid=0(wheel) groups=0(wheel5(operator)

$ ls -l /dev/*vnd0* | head

crw-rw----  1 root  operator  41,      0 Jan  7  2008 /dev/rvnd0a

crw-rw----  1 root  operator  41,      1 Jan  7  2008 /dev/rvnd0b

crw-rw----  1 root  operator  41,      2 Jan  7  2008 /dev/rvnd0c

crw-rw----  1 root  operator  41,      3 Jan  7  2008 /dev/rvnd0d

crw-rw----  1 root  operator  41,      4 Jan  7  2008 /dev/rvnd0e

crw-rw----  1 root  operator  41,      5 Jan  7  2008 /dev/rvnd0f

crw-rw----  1 root  operator  41,      6 Jan  7  2008 /dev/rvnd0g

crw-rw----  1 root  operator  41,      7 Jan  7  2008 /dev/rvnd0h

crw-rw----  1 root  operator  41, 524288 Jan  7  2008 /dev/rvnd0i

crw-rw----  1 root  operator  41, 524289 Jan  7  2008 /dev/rvnd0j

$ /usr/sbin/vnconfig vnd0 ~/ext/5.0-stable/i386cd.iso 

$ /sbin/mount -o nodev,nosuid /dev/vnd0a ~/cd

$ ls ~/cd

boot            boot.cfg        i386            miniroot.kmod   netbsd

$ /sbin/umount ~/cd

$ /usr/sbin/vnconfig -u vnd0

$ id

uid=1000(user) gid=0(wheel) groups=0(wheel5(operator)

Serab

ну вот так кривоватенько
users ALL = NOPASSWD: /sbin/umount /mnt/*, /sbin/losetup, /sbin/mount /dev/loop* /mnt/*

umount /mnt/../_anything_

... /etc/init.d/*

Ivan8209

$ grep vnd /etc/fstab

$ /sbin/sysctl vfs.generic.usermount

vfs.generic.usermount = 1

BondarAndrey

Чтобы дать возможность монтировать пользователю съемные диски,

dangerr

dangerr

eix -c fuse

[N] app-emulation/fuse (0.7.0): Free Unix Spectrum Emulator by Philip Kendall

[N] app-emulation/fuse-utils (~0.10.0.1): Utils for the Free Unix Spectrum Emulator by Philip Kendall

[N] app-portage/profuse (0.25.4): use flags editor, with good features and 3 GUIs (dialog, ncurses and gtk2).

[N] dev-dotnet/mono-fuse (~0.4.2): C# binding for the FUSE library

[N] dev-java/prefuse (20060715_beta(2006: UI toolkit for building highly interactive visualizations of structured and unstructured data.

[N] dev-libs/confuse (2.6-r3): a configuration file parser library

[N] dev-perl/Fuse (0.08): Fuse module for perl

[N] dev-python/fuse-python (~0.2): Python FUSE bindings

[N] dev-ruby/fusefs (~0.6.0): Define file systems right in Ruby

[N] net-fs/fusesmb (0.8.7): Instead of mounting one Samba share at a time, you mount all workgroups, hosts and shares at once.

[I] sys-fs/fuse (2.7.05/10/2009): An interface for filesystems implemented in userspace.

[N] sys-fs/fuse4bsd (--): Fuse for FreeBSD

[I] sys-fs/sshfs-fuse (1.05/10/2009): Fuse-filesystem utilizing the sftp service.

[N] sys-fs/zfs-fuse (~0.5.0): An implementation of the ZFS filesystem for FUSE/Linux

[N] sys-process/fuser-bsd (--): fuser(1) utility for *BSD

Ivan8209

Ivan8209

BondarAndrey

Во-первых, не нахожу его в портаже

dangerr

Ivan8209

Ivan8209

dangerr

Затем, что в линуксах нет su?

Ivan8209

dangerr

dangerr

Ivan8209

Ivan8209

dangerr

dangerr

Serab

$ equery b su

[ Searching for file(s) su in *... ]

x11-base/xorg-server-1.3.0.0-r6 (/usr/lib/X11/xserver/su -> C)

sys-apps/shadow-4.1.2.2 (/etc/pam.d/su)

sys-apps/shadow-4.1.2.2 (/bin/su)

kruzer25

Или ты хочешь сказать, что раз нет исходников, то ничего сказать нельзя?

serega1604

null:~$ dpkg -S /bin/su

login: /bin/su

null:~$ aptitude show login

Пакет: login

Пакеты первой необходимости: да

Состояние: установлен

Автоматически установлен: нет

Версия: 1:4.1.1-6

Приоритет: необходимый

Раздел: admin

Andbar

И зачем вообще нужен этот sudo

Serab

чтобы не запоминать пароль от рута

Andbar

Это неправильный способ использования команды.

Serab

Marinavo_0507

Ivan8209

Ivan8209

dangerr

затем, чтобы не запоминать пароль от рута

не раздавать ему всем пользователям, которым нужно некоторые команды из-под рута запускать

Bibi

dgaf

dgaf

 $ grep -rn " BSD "  nt4/

nt4/private/fp32/tran/mips/hypotm.s:18:/* Algorithm from 4.3 BSD cabs.c by K.C. Ng. */

nt4/private/inc/sockets/netinet/in.h:11:  A version of the BSD 4.2 file <netinet/in.h> for NT tcp

nt4/private/inc/sockets/netinet/in.h:33: *    A version of the BSD 4.2 file <netinet/in.h>

nt4/private/inc/sys/snet/bsd_type.h:11:    This module contains definitions for BSD compatibility for

nt4/private/inc/sys/snet/bsd_type.h:30: *  some #defines for BSD compatibility

nt4/private/inc/sys/uio.h:29: *  Spider BSD Compatibility

nt4/private/inet/ohnt/ie/core/tcp.h:248:   Regular BSD unix versions

nt4/private/inet/ohnt/ie/core/tcp.h:266:/*                      Directory reading stuff - BSD or SYS V

nt4/private/inet/ohnt/ie/jpeglib/ckconfig.c:48: * strings.h (old BSD convention) or string.h (everybody else).

nt4/private/inet/ohnt/ie/jpeglib/jinclude.h:51: * BSD doesn't have the mem functions, but it does have bcopy/bzero.

nt4/private/net/ras/src/nt/ndis/ndiswan/vjslip.c:738://   BSD kernel, it translates into a call to ovbcopy.  Since AT&T botched

nt4/private/net/sockets/internet/htmldocs.wks/09_iis.htm:284:<TD><FONT FACE="Arial" SIZE=2>A BSD format mbox file.

nt4/private/net/sockets/internet/htmldocs/09_iis.htm:284:<TD><FONT FACE="Arial" SIZE=2>A BSD format mbox file.

Binary file nt4/private/net/sockets/internet/spec/client.doc matches

Binary file nt4/private/net/sockets/internet/spec/fingrsvc.doc matches

Binary file nt4/private/net/sockets/internet/spec/jimall.ppt matches

Binary file nt4/private/net/sockets/internet/spec/jimall1.ppt matches

Binary file nt4/private/net/sockets/internet/spec/jimall2.ppt matches

nt4/private/net/sockets/internet/svcs/gopher/gdspace.h:90: >          m A BSD format mbox file

nt4/private/net/sockets/internet/ui/mosaic/generic/shared/jinclude.h:51: * BSD doesn't have the mem functions, but it does have bcopy/bzero.

nt4/private/net/sockets/internet/ui/mosaic/generic/win32/tcp.h:248:   Regular BSD unix versions

nt4/private/net/sockets/internet/ui/mosaic/generic/win32/tcp.h:266:/*                      Directory reading stuff - BSD or SYS V

nt4/private/net/sockets/testutil/tipx/tipx.c:9: * Machines using System V with BSD sockets should define SYSV.

nt4/private/net/sockets/testutil/tipx/tipx.c:26: *      for SYSV, mimic BSD routines to use most of the existing timing code

nt4/private/net/sockets/testutil/tipx/tipx.c:84:int one = 1;                    /* for 4.3 BSD style setsockopt */

nt4/private/net/sockets/testutil/tnbf/tnbf.c:9: * Machines using System V with BSD sockets should define SYSV.

nt4/private/net/sockets/testutil/tnbf/tnbf.c:26: *      for SYSV, mimic BSD routines to use most of the existing timing code

nt4/private/net/sockets/testutil/tnbf/tnbf.c:83:int one = 1;                    /* for 4.3 BSD style setsockopt */

nt4/private/net/sockets/testutil/ttcp/ttcp.c:9: * Machines using System V with BSD sockets should define SYSV.

nt4/private/net/sockets/testutil/ttcp/ttcp.c:26: *      for SYSV, mimic BSD routines to use most of the existing timing code

nt4/private/net/sockets/testutil/ttcp/ttcp.c:88:int one = 1;                    /* for 4.3 BSD style setsockopt */

nt4/private/net/sockets/win95/wshtcpip.c:1450:            // Remember that BSD urgent is disabled for this socket.

nt4/private/net/sockets/winsock2/spec/spi.h:1856:    consistent with BSD sockets.

nt4/private/net/sockets/winsock2/wsock32/dll/sockopt.c:34:// Sockets 2.0 standards effort chose to use the BSD values for these options.

nt4/private/net/sockets/winsock2/wsock32/dll/sockopt.c:46:// which will map these options to the BSD values before passing them

nt4/private/net/sockets/winsock2/wsock32/dll/sockopt.c:172:    // Map the old IP multicast values to their BSD equivilants.

nt4/private/net/sockets/winsock2/wsock32/dll/sockopt.c:373:    // Map the old IP multicast values to their BSD equivilants.

nt4/private/net/sockets/winsock2/wsock32/gethost.c:204:#if BSD >= 43 || defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsock32/gethost.c:298:#if BSD >= 43 || defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsock32/gethost.c:490:#if BSD < 43 && !defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsock32/gethost.c:603:#if BSD >= 43 || defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsock32/gethost.c:764:#if BSD >= 43 || defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsock32/gethost.c:816:#if BSD >= 43 || defined(h_addr)        /* new-style hostent structure */

nt4/private/net/sockets/winsock2/wsp/msafd/listen.c:165:    // value--this duplicates BSD 4.3 behavior.  Note that NT Workstation

nt4/private/net/sockets/winsock2/wsp/msafd/send.c:837:        // destination address.  Weird, but that is what BSD 4.3

nt4/private/net/sockets/winsock2/wsp/msafd/sockopt.c:862:    consistent with BSD sockets.

nt4/private/net/sockets/winsock2/wsp/ws2map/ioctl.c:121:    consistent with BSD sockets.

nt4/private/net/sockets/wshtcpip/wshtcpip.c:1934:            // Remember that BSD urgent is disabled for this socket.



etc.

banderon

А вообще меня только что осенило: sudo тоже не нужен: я лучше напишу суидный скрипт на питоне. И впредь так буду поступать, а судо вообще удалю.

spitfire

dangerr

spitfire

conv3rsje

Или я не прав?

spitfire

надо в было в /sys нолики и единички писать

Ivan8209

conv3rsje

Это, конечно же, "тру", но совсем не как у нас.

Ivan8209

dangerr

losetup

поставь суиды на [...] и mount

недобздях

kruzer25

Да, действительно, проверил, для скриптов суид не пашет

conv3rsje

у меня такой команды нет

Мне не надо чтобы можно было примонтировать все что угодно куда угодно, да и еще с любыми правами.

spitfire

придётся ковырять fstab

dangerr

kruzer25

Serab

Ivan8209

Serab

dangerr

kruzer25

dangerr

А ещё - разве нельзя разрешить sudo на этот конкретный скрипт, а не на mount вообще?

kruzer25

Marinavo_0507

ну так поставь суиды на losetup и mount, будет у тебя так же тру как в его недобздях

Serab

Ivan8209

$ ls -l /sbin/mount*

-r-xr-xr-x  1 root  wheel  18798 May  6 23:09 /sbin/mount

-r-xr-xr-x  1 root  wheel   9549 May  6 23:12 /sbin/mount_ados

-r-xr-xr-x  1 root  wheel   8710 May  6 23:12 /sbin/mount_cd9660

-r-xr-xr-x  1 root  wheel   8340 May  6 23:12 /sbin/mount_efs

-r-xr-xr-x  1 root  wheel   8703 May  6 23:12 /sbin/mount_ext2fs

-r-xr-xr-x  1 root  wheel   7597 May  6 23:12 /sbin/mount_fdesc

-r-xr-xr-x  2 root  wheel   8739 May  6 23:12 /sbin/mount_ffs

-r-xr-xr-x  1 root  wheel   9226 May  6 23:12 /sbin/mount_filecore

-r-xr-xr-x  1 root  wheel   8602 May  6 23:12 /sbin/mount_hfs

-r-xr-xr-x  1 root  wheel   7599 May  6 23:12 /sbin/mount_kernfs

-r-xr-xr-x  1 root  wheel  10712 May  6 23:12 /sbin/mount_lfs

-r-xr-xr-x  2 root  wheel  51198 May  6 23:11 /sbin/mount_mfs

-r-xr-xr-x  1 root  wheel  10493 May  6 23:12 /sbin/mount_msdos

-r-xr-xr-x  1 root  wheel  18590 May  6 23:13 /sbin/mount_nfs

-r-xr-xr-x  1 root  wheel   9658 May  6 23:13 /sbin/mount_ntfs

-r-xr-xr-x  1 root  wheel   8407 May  6 23:13 /sbin/mount_null

-r-xr-xr-x  1 root  wheel   7733 May  6 23:13 /sbin/mount_overlay

-r-xr-xr-x  1 root  wheel  19859 May  6 23:13 /sbin/mount_portal

-r-xr-xr-x  1 root  wheel   8423 May  6 23:13 /sbin/mount_procfs

-r-xr-xr-x  1 root  wheel   8912 May  6 23:13 /sbin/mount_ptyfs

-r-xr-xr-x  1 root  wheel  44719 May  6 23:13 /sbin/mount_smbfs

-r-xr-xr-x  1 root  wheel   9221 May  6 23:13 /sbin/mount_sysvbfs

-r-xr-xr-x  1 root  wheel  10362 May  6 23:13 /sbin/mount_tmpfs

-r-xr-xr-x  1 root  wheel  10066 May  6 23:13 /sbin/mount_udf

-r-xr-xr-x  2 root  wheel   8739 May  6 23:12 /sbin/mount_ufs

-r-xr-xr-x  1 root  wheel   9511 May  6 23:13 /sbin/mount_umap

-r-xr-xr-x  1 root  wheel   8465 May  6 23:13 /sbin/mount_union

Ivan8209

$ ls -l /sbin/mount*

-r-xr-xr-x  1 root  wheel  16004 Jun 26  2008 /sbin/mount

-r-xr-xr-x  1 root  wheel   8292 Jun 26  2008 /sbin/mount_cd9660

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_devfs

-r-xr-xr-x  1 root  wheel   6100 Jun 26  2008 /sbin/mount_ext2fs

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_fdescfs

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_linprocfs

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_linsysfs

-r-xr-xr-x  2 root  wheel  14152 Jun 26  2008 /sbin/mount_mfs

-r-xr-xr-x  1 root  wheel  10060 Jun 26  2008 /sbin/mount_msdosfs

-r-xr-xr-x  1 root  wheel  16820 Jun 26  2008 /sbin/mount_nfs

-r-xr-xr-x  1 root  wheel  15280 Jun 26  2008 /sbin/mount_nfs4

-r-xr-xr-x  1 root  wheel  10364 Jun 26  2008 /sbin/mount_ntfs

-r-xr-xr-x  1 root  wheel   6540 Jun 26  2008 /sbin/mount_nullfs

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_procfs

-r-xr-xr-x  1 root  wheel   6216 Jun 26  2008 /sbin/mount_reiserfs

-r-xr-xr-x  6 root  wheel   6644 Jun 26  2008 /sbin/mount_std

-r-xr-xr-x  1 root  wheel   7128 Jun 26  2008 /sbin/mount_udf

-r-xr-xr-x  1 root  wheel   7988 Jun 26  2008 /sbin/mount_umapfs

-r-xr-xr-x  1 root  wheel   7144 Jun 26  2008 /sbin/mount_unionfs

$ uname -mrs

FreeBSD 6.3-STABLE i386

hwh2010

serega1604

dangerr

serega1604

Dasar

serega1604

Dasar

serega1604