Mounting removable drives without root privilege
m (Updated, and added mounting multisession cd's, and accessing audio cd's.) |
m |
||
(7 intermediate revisions by one user not shown) | |||
Line 7: | Line 7: | ||
% echo 'vfs.usermount=1' >> /etc/sysctl.conf | % echo 'vfs.usermount=1' >> /etc/sysctl.conf | ||
− | Set which devices have owner | + | Set which devices have owner, group and other permissions in {{file|/etc/devfs.conf}}: |
own /dev/da0 root:operator | own /dev/da0 root:operator | ||
− | perm /dev/da0 | + | perm /dev/da0 0664 |
− | In | + | In {{file|/etc/group}}, be sure the users have mount access are under the {{code|operator}} group: |
operator:*:5:root,'''user1''','''user2''' | operator:*:5:root,'''user1''','''user2''' | ||
+ | |||
+ | To restart {{file|devfs.conf}}: | ||
+ | /etc/rc.d/devfs.conf restart | ||
Next create the mount directory: | Next create the mount directory: | ||
− | % mkdir | + | % mkdir /home/user1/dvd |
− | Add the mountpoint by editing | + | Add the mountpoint by editing {{file|/etc/fstab}}: |
/dev/cd0 /usr/home/user1/dvd udf ro,noauto 0 0 | /dev/cd0 /usr/home/user1/dvd udf ro,noauto 0 0 | ||
− | After adding the mount entry to | + | After adding the mount entry to {{file|fstab}} use the mount command: |
− | % mount | + | % mount /home/user1/dvd |
* In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory. | * In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory. | ||
Line 28: | Line 31: | ||
Use the -s option, with the session number when mounting a cd, otherwise the last session is the default. | Use the -s option, with the session number when mounting a cd, otherwise the last session is the default. | ||
− | ==Audio== | + | ==Unmounting== |
− | Audio cd's cannot be mounted, but they can still be accessed. Install and use | + | To unmount, simply exit the directory, then type {{cmd|umount}} and the directory: |
+ | % cd / | ||
+ | % umount <directory> | ||
+ | |||
+ | ==Audio CD's== | ||
+ | Audio cd's cannot be mounted, but they can still be accessed. Install and use {{port|audio/xmcd}} to access audio cd content: | ||
% pkg install xmcd | % pkg install xmcd | ||
Line 36: | Line 44: | ||
To enable users (non-root) to mount/unmount a removable drive, see [http://www.caia.swin.edu.au/reports/041130A/ http://www.caia.swin.edu.au/reports/041130A/]. | To enable users (non-root) to mount/unmount a removable drive, see [http://www.caia.swin.edu.au/reports/041130A/ http://www.caia.swin.edu.au/reports/041130A/]. | ||
− | If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use [[sudo]] to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and chmod 755, so that | + | If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use [[sudo]] to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and {{code|chmod 755}}, so that no one can edit themselves some "extra" things into the script before running it as root. |
For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory: | For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory: | ||
Line 45: | Line 53: | ||
==References== | ==References== | ||
− | * [https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html | + | * [https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html Frequently Asked Questions for FreeBSD: Disks, File Systems, and Boot Loaders] |
[[Category:Common Tasks]] [[Category:FreeBSD for Workstations]] | [[Category:Common Tasks]] [[Category:FreeBSD for Workstations]] |
Latest revision as of 06:40, 30 October 2015
Removable drives can be mounted by root onto any directory, and here is how to mount drives without user privileges. Generally, they should not be automounted at startup, because they are not always connected.
Contents |
[edit] Instructions
Set the basesystem's security settings to allow users to mount drives:
% sysctl vfs.usermount=1
% echo 'vfs.usermount=1' >> /etc/sysctl.conf
Set which devices have owner, group and other permissions in /etc/devfs.conf:
own /dev/da0 root:operator perm /dev/da0 0664
In /etc/group, be sure the users have mount access are under the operator group:
operator:*:5:root,user1,user2
To restart devfs.conf:
/etc/rc.d/devfs.conf restart
Next create the mount directory:
% mkdir /home/user1/dvd
Add the mountpoint by editing /etc/fstab:
/dev/cd0 /usr/home/user1/dvd udf ro,noauto 0 0
After adding the mount entry to fstab use the mount command:
% mount /home/user1/dvd
- In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory.
[edit] Mounting different sessions of a cd
Use the -s option, with the session number when mounting a cd, otherwise the last session is the default.
[edit] Unmounting
To unmount, simply exit the directory, then type umount and the directory:
% cd / % umount <directory>
[edit] Audio CD's
Audio cd's cannot be mounted, but they can still be accessed. Install and use audio/xmcd to access audio cd content:
% pkg install xmcd
[edit] Alternative of using scripts
For information on mounting a usb stick see USB storage. To enable users (non-root) to mount/unmount a removable drive, see http://www.caia.swin.edu.au/reports/041130A/.
If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use sudo to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and chmod 755, so that no one can edit themselves some "extra" things into the script before running it as root.
For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory:
alias dock="sudo mount /home/blaise/dock" alias udock="sudo umount /home/blaise/dock"
It is worth noting, however, that giving unrestricted NOPASSWD sudo privileges to a user is an egregious security violation, as it makes it possible to compromise the system at a root level with only a single account and password.