The loop devices /dev/loop0, /dev/loop1, etc. are very useful for working with diskette and CD images. As root, I can do just what I want: suillus:/home/pwa # losetup /dev/loop0 floppy.img suillus:/home/pwa # mount /dev/loop0 /localmounts/loop0/ and then look at the contents of /localmounts/loop0 to see the files in the floppy image. But as non-root I can't: pwa@suillus:~> /sbin/losetup /dev/loop0 floppy.img memlock: Operation not permitted Couldn't lock into memory, exiting. I've opened up the permissions of the loop device: pwa@suillus:~> ls -l /dev/loop0 brw-rw-rw- 1 root disk 7, 0 2003-09-23 13:59 /dev/loop0 so that's not the problem. Can anyone tell me what I need to do to let ordinary users employ losetup? Paul Abrahams
On Wednesday 10 March 2004 6:43 pm, Paul W. Abrahams wrote:
Can anyone tell me what I need to do to let ordinary users employ losetup?
Turns out that chmod +s /sbin/losetup (as root) does the trick. Paul Abrahams
Paul W. Abrahams wrote:
On Wednesday 10 March 2004 6:43 pm, Paul W. Abrahams wrote:
Can anyone tell me what I need to do to let ordinary users employ losetup?
Turns out that
chmod +s /sbin/losetup
(as root) does the trick.
Paul Abrahams
Setting suid was one of the things that was most common in Linux long ago and was considered a big security hole. It's seldom if ever used these days, perhaps "sudo /sbin/losetup" would be better in that respect. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and keen Flyer Linux Only Shop.
On Thursday 11 March 2004 8:22 am, Sid Boyce wrote:
Setting suid was one of the things that was most common in Linux long ago and was considered a big security hole. It's seldom if ever used these days, perhaps "sudo /sbin/losetup" would be better in that respect.
I'm no security expert, but there's an interesting semi-philosophical question lurking behind that issue. Requiring root privileges for an action when the action isn't really unsafe has the effect of spreading the ability to use root privileges more widely. I suppose that's the issue that led to the creation of specialized logins such as "bin" with root privileges only with respect to particular operational areas. "sudo /sbin/losetup" requires the user to know the root password, which might otherwise not be necessary. Being able to create a loop device is very helpful in preparing CDs and even in working with bootable diskettes. I can't see what the hazard is in allowing anyone to do it, though I wouldn't be so arrogant as to insist that there is no hazard. And there doesn't seem to be any other way to make that possible other than by spreading around the root password or by suid-ing the /sbin/losetup program. Paul Abrahams
I need to have the Loopback patch (that can use Twofish encryption) for the newest vanilla kernel (2.4.25, 2.4.26.pre_) . On http://ftp.linux.hr/pub/linux/kernel/crypto/v2.4/testing/ there is only old patches (july 2003) for kernel 2.4.21 :-( Is there a site with more updated versions. Thanks in advance Bo
participants (3)
-
Bo Jacobsen -
Paul W. Abrahams -
Sid Boyce