Re: RFC: Adding a ``user'' mount option

[ Available lists | Index of freebsd-hackers | Month of Apr 2006 | Week of 7 Apr 2006 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
Aren Olvalde Tyr <aren.tyr@gawab.com>
Date
7 Apr 2006 09:13:41
Subject
Re: RFC: Adding a ``user'' mount option
Message-ID
200604071013.38486.aren.tyr@gawab.com

In reply to
Stefan Sperling
References to
Joe Marcus Clarke, Stefan Sperling
Replies
Vladimir V. Pavluk
Referenced by
Vladimir V. Pavluk, Jeremy Baggs, Artem Ignatiev

[ Hide this part ] 
Hello all,
 
I've been watching this thread with some interest.
 
I have actually found quite a straightforward solution to this problem that
works for me under FreeBSD, and requires no extra entries in fstab, scripts
changing permissions on login, or any other fairly ugly workaround.
 
I assume that basically what we are looking for is to make mounting/unmounting
of devices as simple as possible for non-technical users so they do not have
to run mount manually at the command line.
 
As mentioned before, you can easily globally restrict which users you wish to
allow mounting of a particular device by simply using group permissions on
the device.
 
Then, assuming you've set vfs.usermount = 1:
 
1. ) First create some suitable directories under the user's /home folder for
mounting the devices. For example, I have:
 
[= Yggdrasil  |  aren  | /usr/home/aren =]% ls -l media
total 8
drwxr-xr-x  2 aren  aren  512 Apr  6 21:37 cdrw/
drwxr-xr-x  2 aren  aren  512 Apr  6 13:19 dvdrom/
drwxr-xr-x  2 aren  aren  512 Apr  6 15:03 floppy/
drwxr-xr-x  2 aren  aren  512 Apr  6 14:04 usbflash/
 
2.) Next, add the devices icons to your KDE (or whichever) desktop.
 
3.)  Now KDE by default will use the mount point specified under /etc/fstab.
Obviously this is no good, since the current user will not own the mount
point specified. However, if you simply open up the actual desktop device
file, it is a very straightforward text file. You can then simply edit
the "MountPoint" entry to point to the new mount location under your home
folder.
 
For example, for my DVD-ROM drive desktop link:
 
[= Yggdrasil  |  aren  | /usr/home/aren/Desktop =]% cat DVD-ROM
[Desktop Action Eject]
Exec=kdeeject %v
Name=Eject
 
[Desktop Entry]
Actions=Eject;
Dev=/dev/cd1
Encoding=UTF-8
Icon=dvd_mount
MountPoint=/home/aren/media/dvdrom
FSType=cd9660
ReadOnly=true
Type=FSDevice
UnmountIcon=dvd_unmount
X-KDE-Priority=TopLevel
 
 
The "FSType" entry is not usually there by default either, but it helps to
make sure that the correct option is called to mount.
 
 
 
Mounting a device is as simple as just clicking on the desktop icon now, which
is exactly what we wanted. It will mount the device under the mount location
in my /home, which I own, and everything works great.
 
This method requires no alteration/extra entries in /etc/fstab, no chown on a
global mount location (since the user always owns their own local mount
point), no sudo and no setuid. Minimal security compromise.
 
For a large network, it should be fairly trivial to create a script that will
add the users to the correct group(s) for mouting the given device(s), create
the necessary mount directories under the user's /home directory, and
populate their KDE (or whichever) desktop with the correct (modified) desktop
entries. Job done.
 
Regards,
 
Aren.
[ Show this part (application/pgp-signature) ]
Elapsed time: 0.153 seconds