pmount now supports various operations that can be considered as unsafe from a strict point of view, but that are in general relatively safe, or at least very much acceptable on a personal computers.
All these operations are disallowed by default; you need to explicitly allow them using values found in this file. It follows standard Unix configuration file syntax: lines beginning with a # are ignored.
Most configuration elements take several forms, one that finishes in _allow that allows to all users (possible values: yes or no), _allow_user and _allow_group that respectively take a comma-separated list of user names and group names and give permissions to specified users or member of groups and finally a _deny_user that denies the feature to the specified comma-separated list of users even if _allow is yes.
controls the permission for a given user to use
right before mounting the device though the
It is run with the option
to provide progress reports to the user. No other options are allowed,
as those are more-or-less filesystem-dependent and too much subject to
change. The use of
should not expose too many security problems.
control whether a user that is not physically logged in (ie that does
not own a real TTY) is allowed to use
The default used to be true, but now it defaults to false. In any
case, it is very seldom necessary to use a removable media while not
physically around the machine, so you may just as well leave it off.
controls whether the user is allowed to mount personal FS image files
as loopback devices.
while this can come in quite handy some times, it is
strongly recommended to turn this feature off
on any machine for which security is even only remotely important.
While all care has been taken to prevent the use of
with loopback devices to bypass file permissions, having a user
control completly the contents of a mounted filesystem can potentially
expose vulnerabilities in the kernel. You have been warned.
To prevent loop device exhaustion,
will only use devices given in this list. A reasonable choice may be:
/dev/loop0, /dev/loop1, /dev/loop2
as this still leaves some 5 devices reserved for root. If this list stays blanks (the default), no user will be able to use loop mounts, even if you used loop_allow = yes .