Mounting removable drives without root privilege
Removable drives can be mounted by root onto any directory, and here is how to mount drives without user privileges. Generally, they should not be automounted at startup, because they are not always connected.
Contents |
Instructions
Set the basesystem's security settings to allow users to mount drives:
% sysctl vfs.usermount=1
% echo 'vfs.usermount=1' >> /etc/sysctl.conf
Set which devices have owner, group and other permissions in /etc/devfs.conf:
own /dev/da0 root:operator perm /dev/da0 0664
In /etc/group, be sure the users have mount access are under the operator group:
operator:*:5:root,user1,user2
To restart devfs.conf:
/etc/rc.d/devfs.conf restart
Next create the mount directory:
% mkdir /home/user1/dvd
Add the mountpoint by editing /etc/fstab:
/dev/cd0 /usr/home/user1/dvd udf ro,noauto 0 0
After adding the mount entry to fstab use the mount command:
% mount /home/user1/dvd
- In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory.
Mounting different sessions of a cd
Use the -s option, with the session number when mounting a cd, otherwise the last session is the default.
Unmounting
To unmount, simply exit the directory, then type umount and the directory:
% cd / % umount <directory>
Audio CD's
Audio cd's cannot be mounted, but they can still be accessed. Install and use audio/xmcd to access audio cd content:
% pkg install xmcd
Alternative of using scripts
For information on mounting a usb stick see USB storage. To enable users (non-root) to mount/unmount a removable drive, see http://www.caia.swin.edu.au/reports/041130A/.
If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use sudo to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and chmod 755, so that no one can edit themselves some "extra" things into the script before running it as root.
For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory:
alias dock="sudo mount /home/blaise/dock" alias udock="sudo umount /home/blaise/dock"
It is worth noting, however, that giving unrestricted NOPASSWD sudo privileges to a user is an egregious security violation, as it makes it possible to compromise the system at a root level with only a single account and password.
