Re: userland|unprivileged file system handling tools

From: <diz_at_linuxpowered.com>
Date: Tue, 23 Mar 2004 16:42:48 -0600 (CST)
hi,

Luigi Rizzo wrote:
> We seem to lack tools that allow the generation/handling of file
> system images without root privs. The 'standard techniques' used
> to build the bootable floppies rely on vnconfig/mdconfig, disklabel,
> fsck and mknod which all must run as root.
>

As far as -current goes, mknod is not anything worth mentioning because of
devfs. My sysgen scripts (wifibsd) are divided into what requires root,
and what doesn't. My observation is that only mdconfig requires root, and
this must be done on the host system (aka not inside of a jail).

> Colin Percival pointed me to ports/sysutils/makefs which builds an
> almost correct fs image -- it has a couple of bugs, one which is
> trivially fixed, the other one which could be cured by a pass of
> fsck. There is still the issue of creating a label for the image
> (which right now i do using a small C program), and handling device
> nodes (not an issue on 5.x, but this could be possibly fixed with
> some makefs extension).
>

I'd like to take a peek at the tiny C program please, if possible?

> So:
>
>   + is there interest in having makefs become part of the
>     standard system, instead of a port ?
>
>   + how hard would it be to teach disklabel and fsck to
>     work on files (filesystem images) as well as devices ?
>

I'm conflicted on this myself. On the one side I am opposed to bloating
the userland, after all I'm an embedded systems person so I tend to have
negative opinions about unnecissary userland cruft. On the other hand we
need to find a way to create image files without root, more simply, and
that tool appears to do the trick, but it is redundant.

Just thinking while typing, my reaction is to possibly suid mdconfig. I'll
have to take a look at how it works before I can comment intelligently,
but I'd say we could do well to make mdconfig usable by non-root users,
and possibly even usable in a jail. Might be insecure in ways I'm not
clear on at this time, but looking doesn't hurt.



> cheers
> luigi
>


-Jon Disnard
(aka masta)
irc.freenode.net
Received on Tue Mar 23 2004 - 13:38:07 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:48 UTC