[Info-vax] Orphaned processes on OpenVMS

Johnny Billquist bqt at softjar.se
Thu May 26 02:41:56 EDT 2011 

On 2011-05-25 21.52, glen herrmannsfeldt wrote:
> Johnny Billquist<bqt at softjar.se>  wrote:
> (snip)
>
>> Also, in VMS, mounting is a somewhat different process and concept than
>> in Unix. You mount a device in order to do any I/O to it. It also means
>> that just because one user have a disk mounted, that don't mean that
>> another user can do I/O on it. It can be private to only you.
>> Which brings up another important point, where Unix perhaps isn't that
>> good. Bringing your own disk to a machine and mounting it. Under VMS,
>> any user can do this. There are no security issues or other problems
>> with that. Mounting is not a privileged operation.
>> In Unix, this is a big no-no.
>
> Linux, at least, now has the user option, which allows ordinary
> users to mount that device.  (It is an fstab option.)  There is
> also users which, in addition to what user does, allows a different
> user to umount the device.  These are mostly used in the case of
> floppy, cdrom, or USB drives.

Interesting. BSD systems have a similar thing, except it's a sysctl 
variable that needs to be set, and it defaults to off. And then you also 
have to have some clever fstab entries.

> In those cases, it is also usual to use the nodev option, which
> tells the system not to recognize special files (like usually
> go in /dev) on the disk.  That is important for security reasons.

You also need noexec, and probably something that I can't remember now. 
Otherwise you just create a program suid to root, and circumvent 
security that way.
Hmm, if mount have the nosuid option, that might be enough instead of 
having to use noexec.

> For the private case, there is the owner option, such that only
> the owner of the special file (/dev entry) can mount/umount it.

Unfortunately that does not relate to the owner of the disk, but instead 
the owner of the device entry in /dev.
For VMS, anyone can mount a device, if they know the disk label of the 
disk. But only the user who mount the device can do I/O to it. But you 
can also have several people mount the same device, and then all of them 
can do I/O to the disk, but people in general can not.
And then, of course, you can mount something public, so that it is 
generally accessible.

So, when you put a disk online for a system, that don't mean that others 
can access it. Nor mount it.

> I don't know which other unix systems have these, though.

Like I said, at least some BSD systems atleast have the possibility of 
user mounts, but it's not generally enabled. And it's not trivial to get 
right, nor always possible.

	Johnny

More information about the Info-vax mailing list