pavement

Mounting removable drives without root privilege

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
 
m
 
(17 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Removable drives can be mounted by root onto any directory. Generally, they should not be automounted at startup because they are not always connected.  
+
Removable drives can be mounted by root onto any directory, and here is how to mount drives without user privileges. Generally, they should not be automounted at startup, because they are not always connected.  
  
For information on mounting a usb stick see [[USB drives]].  
+
==Instructions==
To enable users (non-root) to mount/unmount a removable drive, see [[http://www.caia.swin.edu.au/reports/041130A/]].
+
Set the basesystem's security settings to allow users to mount drives:
 +
% sysctl vfs.usermount=1
 +
 
 +
% echo 'vfs.usermount=1' >> /etc/sysctl.conf
 +
 
 +
Set which devices have owner, group and other permissions in {{file|/etc/devfs.conf}}:
 +
own      /dev/da0      root:operator
 +
perm      /dev/da0      0664
 +
 
 +
In {{file|/etc/group}}, be sure the users have mount access are under the {{code|operator}} group:
 +
operator:*:5:root,'''user1''','''user2'''
 +
 
 +
To restart {{file|devfs.conf}}:
 +
/etc/rc.d/devfs.conf restart
 +
 
 +
Next create the mount directory:
 +
% mkdir /home/user1/dvd
 +
 
 +
Add the mountpoint by editing {{file|/etc/fstab}}:
 +
/dev/cd0    /usr/home/user1/dvd    udf    ro,noauto    0  0
 +
 
 +
After adding the mount entry to {{file|fstab}} use the mount command:
 +
% mount /home/user1/dvd
 +
 
 +
* In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory.
 +
 
 +
==Mounting different sessions of a cd==
 +
Use the -s option, with the session number when mounting a cd, otherwise the last session is the default.
 +
 
 +
==Unmounting==
 +
To unmount, simply exit the directory, then type {{cmd|umount}} and the directory:
 +
% cd /
 +
% umount <directory>
 +
 
 +
==Audio CD's==
 +
Audio cd's cannot be mounted, but they can still be accessed. Install and use {{port|audio/xmcd}} to access audio cd content:
 +
% pkg install xmcd
 +
 
 +
==Alternative of using scripts==
 +
For information on mounting a usb stick see [[USB storage]].  
 +
To enable users (non-root) to mount/unmount a removable drive, see [http://www.caia.swin.edu.au/reports/041130A/ http://www.caia.swin.edu.au/reports/041130A/].
 +
 
 +
If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use [[sudo]] to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and {{code|chmod 755}}, so that no one can edit themselves some "extra" things into the script before running it as root.
 +
 
 +
For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory:
 +
alias dock="sudo mount /home/blaise/dock"
 +
alias udock="sudo umount /home/blaise/dock"
 +
 
 +
It is worth noting, however, that giving unrestricted NOPASSWD sudo privileges to a user is an egregious security violation, as it makes it possible to compromise the system at a root level with only a single account and password.
 +
 
 +
==References==
 +
* [https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html Frequently Asked Questions for FreeBSD: Disks, File Systems, and Boot Loaders]
 +
 
 +
[[Category:Common Tasks]] [[Category:FreeBSD for Workstations]]

Latest revision as of 06:40, 30 October 2015

Removable drives can be mounted by root onto any directory, and here is how to mount drives without user privileges. Generally, they should not be automounted at startup, because they are not always connected.

Contents

[edit] Instructions

Set the basesystem's security settings to allow users to mount drives:

% sysctl vfs.usermount=1
% echo 'vfs.usermount=1' >> /etc/sysctl.conf

Set which devices have owner, group and other permissions in /etc/devfs.conf:

own       /dev/da0       root:operator
perm      /dev/da0       0664

In /etc/group, be sure the users have mount access are under the operator group:

operator:*:5:root,user1,user2

To restart devfs.conf:

/etc/rc.d/devfs.conf restart

Next create the mount directory:

% mkdir /home/user1/dvd

Add the mountpoint by editing /etc/fstab:

/dev/cd0    /usr/home/user1/dvd    udf    ro,noauto    0  0

After adding the mount entry to fstab use the mount command:

% mount /home/user1/dvd
  • In order for this to work, the user must own the directory. Consider this when setting the location of the mount directory.

[edit] Mounting different sessions of a cd

Use the -s option, with the session number when mounting a cd, otherwise the last session is the default.

[edit] Unmounting

To unmount, simply exit the directory, then type umount and the directory:

% cd /
% umount <directory>

[edit] Audio CD's

Audio cd's cannot be mounted, but they can still be accessed. Install and use audio/xmcd to access audio cd content:

% pkg install xmcd

[edit] Alternative of using scripts

For information on mounting a usb stick see USB storage. To enable users (non-root) to mount/unmount a removable drive, see http://www.caia.swin.edu.au/reports/041130A/.

If you don't want to allow non-root users unfettered access to mount and unmount drives, you might also consider writing a shell script which specifically mounts or dismounts only the drive you're concerned with, and then use sudo to allow users the privilege of running that script as root. If you do it this way, be CERTAIN that the script is owned by root and chmod 755, so that no one can edit themselves some "extra" things into the script before running it as root.

For my personal computer, I gave myself full sudo privileges and added an alias to my shell config allowing me to quickly "dock" my usb drive in my home directory:

alias dock="sudo mount /home/blaise/dock"
alias udock="sudo umount /home/blaise/dock"

It is worth noting, however, that giving unrestricted NOPASSWD sudo privileges to a user is an egregious security violation, as it makes it possible to compromise the system at a root level with only a single account and password.

[edit] References

Personal tools