I've been watching this thread with some interest.
I have actually found quite a straightforward solution to this problem that
works for me under FreeBSD, and requires no extra entries in fstab, scripts
changing permissions on login, or any other fairly ugly workaround.
I assume that basically what we are looking for is to make mounting/unmounting
of devices as simple as possible for non-technical users so they do not have
to run mount manually at the command line.
As mentioned before, you can easily globally restrict which users you wish to
allow mounting of a particular device by simply using group permissions on
Then, assuming you've set vfs.usermount = 1:
1. ) First create some suitable directories under the user's /home folder for
mounting the devices. For example, I have:
[= Yggdrasil | aren | /usr/home/aren =]% ls -l media
drwxr-xr-x 2 aren aren 512 Apr 6 21:37 cdrw/
drwxr-xr-x 2 aren aren 512 Apr 6 13:19 dvdrom/
drwxr-xr-x 2 aren aren 512 Apr 6 15:03 floppy/
drwxr-xr-x 2 aren aren 512 Apr 6 14:04 usbflash/
2.) Next, add the devices icons to your KDE (or whichever) desktop.
3.) Now KDE by default will use the mount point specified under /etc/fstab.
Obviously this is no good, since the current user will not own the mount
point specified. However, if you simply open up the actual desktop device
file, it is a very straightforward text file. You can then simply edit
the "MountPoint" entry to point to the new mount location under your home
For example, for my DVD-ROM drive desktop link:
[= Yggdrasil | aren | /usr/home/aren/Desktop =]% cat DVD-ROM
[Desktop Action Eject]
The "FSType" entry is not usually there by default either, but it helps to
make sure that the correct option is called to mount.
Mounting a device is as simple as just clicking on the desktop icon now, which
is exactly what we wanted. It will mount the device under the mount location
in my /home, which I own, and everything works great.
This method requires no alteration/extra entries in /etc/fstab, no chown on a
global mount location (since the user always owns their own local mount
point), no sudo and no setuid. Minimal security compromise.
For a large network, it should be fairly trivial to create a script that will
add the users to the correct group(s) for mouting the given device(s), create
the necessary mount directories under the user's /home directory, and
populate their KDE (or whichever) desktop with the correct (modified) desktop
entries. Job done.