Lines 130-143
Link Here
|
130 |
#define MS_USERS 0x40000000 |
130 |
#define MS_USERS 0x40000000 |
131 |
#define MS_USER 0x20000000 |
131 |
#define MS_USER 0x20000000 |
132 |
#define MS_OWNER 0x10000000 |
132 |
#define MS_OWNER 0x10000000 |
|
|
133 |
#define MS_PAMCONSOLE 0x08000000 |
133 |
#define MS_NETDEV 0x00020000 |
134 |
#define MS_NETDEV 0x00020000 |
134 |
#define MS_LOOP 0x00010000 |
135 |
#define MS_LOOP 0x00010000 |
135 |
|
136 |
|
136 |
/* Options that we keep the mount system call from seeing. */ |
137 |
/* Options that we keep the mount system call from seeing. */ |
137 |
#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP) |
138 |
#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_NETDEV|MS_LOOP|MS_PAMCONSOLE) |
138 |
|
139 |
|
139 |
/* Options that we keep from appearing in the options field in the mtab. */ |
140 |
/* Options that we keep from appearing in the options field in the mtab. */ |
140 |
#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER) |
141 |
#define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER|MS_PAMCONSOLE) |
141 |
|
142 |
|
142 |
/* Options that we make ordinary users have by default. */ |
143 |
/* Options that we make ordinary users have by default. */ |
143 |
#define MS_SECURE (MS_NOEXEC|MS_NOSUID|MS_NODEV) |
144 |
#define MS_SECURE (MS_NOEXEC|MS_NOSUID|MS_NODEV) |
Lines 170-175
Link Here
|
170 |
{ "noowner", 0, 1, MS_OWNER }, /* Device owner has no special privs */ |
171 |
{ "noowner", 0, 1, MS_OWNER }, /* Device owner has no special privs */ |
171 |
{ "_netdev", 0, 0, MS_NETDEV }, /* Device accessible only via network */ |
172 |
{ "_netdev", 0, 0, MS_NETDEV }, /* Device accessible only via network */ |
172 |
/* add new options here */ |
173 |
/* add new options here */ |
|
|
174 |
{ "pamconsole", 0, 0, MS_PAMCONSOLE }, /* Allow users at console to mount */ |
175 |
{ "nopamconsole", 0, 1, MS_PAMCONSOLE }, /* Console user has no special privs */ |
173 |
#ifdef MS_NOSUB |
176 |
#ifdef MS_NOSUB |
174 |
{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */ |
177 |
{ "sub", 0, 1, MS_NOSUB }, /* allow submounts */ |
175 |
{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */ |
178 |
{ "nosub", 0, 0, MS_NOSUB }, /* don't allow submounts */ |
Lines 283-293
Link Here
|
283 |
*mask &= ~om->mask; |
286 |
*mask &= ~om->mask; |
284 |
else |
287 |
else |
285 |
*mask |= om->mask; |
288 |
*mask |= om->mask; |
286 |
if ((om->mask == MS_USER || om->mask == MS_USERS) |
289 |
if ((om->mask == MS_USER || om->mask == MS_USERS || om->mask == MS_PAMCONSOLE) |
287 |
&& !om->inv) |
290 |
&& !om->inv) |
288 |
*mask |= MS_SECURE; |
291 |
*mask |= MS_SECURE; |
289 |
if ((om->mask == MS_OWNER) && !om->inv) |
292 |
if ((om->mask == MS_OWNER) && !om->inv) |
290 |
*mask |= MS_OWNERSECURE; |
293 |
*mask |= MS_OWNERSECURE; |
|
|
294 |
|
291 |
#ifdef MS_SILENT |
295 |
#ifdef MS_SILENT |
292 |
if (om->mask == MS_SILENT && om->inv) { |
296 |
if (om->mask == MS_SILENT && om->inv) { |
293 |
mount_quiet = 1; |
297 |
mount_quiet = 1; |
Lines 538-543
Link Here
|
538 |
} |
542 |
} |
539 |
} |
543 |
} |
540 |
} |
544 |
} |
|
|
545 |
/* Red Hat patch: allow users at console to mount when fstab |
546 |
contains the console option. This option should not be used |
547 |
in a high security environment but is useful to give console |
548 |
users the possibility of using locally attached devices |
549 |
such as USB keychains and USB harddisks where it is now suitable |
550 |
to give the console owner write access to the device node */ |
551 |
if (*flags & MS_PAMCONSOLE) { |
552 |
char *username; |
553 |
char pamconsole_file_name[256]; |
554 |
struct stat sb; |
555 |
|
556 |
username = getusername (); |
557 |
|
558 |
if (username != NULL) { |
559 |
snprintf (pamconsole_file_name, sizeof (pamconsole_file_name), |
560 |
"/var/run/console/%s", username); |
561 |
if (stat (pamconsole_file_name, &sb) == 0) { |
562 |
*flags |= MS_USER; |
563 |
} |
564 |
} |
565 |
} |
541 |
/* James Kehl <mkehl@gil.com.au> came with a similar patch: |
566 |
/* James Kehl <mkehl@gil.com.au> came with a similar patch: |
542 |
allow an arbitrary user to mount when he is the owner of |
567 |
allow an arbitrary user to mount when he is the owner of |
543 |
the mount-point and has write-access to the device. |
568 |
the mount-point and has write-access to the device. |
Lines 556-561
Link Here
|
556 |
|
581 |
|
557 |
if (*flags & MS_OWNER) |
582 |
if (*flags & MS_OWNER) |
558 |
*flags &= ~MS_OWNER; |
583 |
*flags &= ~MS_OWNER; |
|
|
584 |
|
585 |
if (*flags & MS_PAMCONSOLE) |
586 |
*flags &= ~MS_PAMCONSOLE; |
559 |
} |
587 |
} |
560 |
|
588 |
|
561 |
static int |
589 |
static int |