/etc/fstab Lacks Mount Point For Floppy

Mon Oct 18 03:49:26 UTC 2004

On Sun, 2004-10-17 at 17:56 -0600, Michal Jaegermann wrote:
> On Sun, Oct 17, 2004 at 06:02:35PM -0400, David Zeuthen wrote:
> > On Sat, 2004-10-16 at 16:16 -0600, Michal Jaegermann wrote:
> > > I would
> > > rather like to know how to replace this "exec" by "noexec,nodev" -
> > > for example - but maybe one day this black magic will be also
> > > revealed. :-) 
> > 
> > You can just put a file called my-storage-policy.fdi or something else
> > ending in .fdi into /usr/share/hal/fdi/95userpolicy with this content
> .....
> [ Bunch of XML snipped ]
> .....
> Yes, that what I thought more or less but I did not have a time to
> go carefuly enough through all that XML.  This is quite "noisy" and
> it is easy to miss something.
> 

Well, yeah, XML is not the most readable format, and perhaps it's a bit
verbose. There's a bunch of other good things about XML I'm sure you
appreciate though.

> Interestingly enough at least a USB floppy (a regular floppy seem to
> need some tuning at the moment) actually mounts 'noexec,nodev,nosuid',
> like it should, even if a corresponding /etc/fstab entry says
> "exec".  

Right; fstab-sync needs to be a bit smarter about putting the 
'pamconsole', 'user', 'users' and perhaps other options before that
because mount(1) does rely on the order. That is another bug I am going
to fix.

> Still in a position of a system administarator I would
> rather have /etc/fstab spell out such options instead on relying
> that some program doing real mounts, which may be replaced by a
> broken version one day, "knows better" and will do the actual mount
> in a more restrictive manner.

But /etc/fstab does spell out the options for you - these are generated
from the policy specified from the storage-policy.fdi file when
drives/media is detected.

Btw, some distributions don't even rely on the /etc/fstab file anymore.
They use a policy mount wrapper which is kind of interesting as one such
program could interact with the user. For instance a system admin could
configure this mount wrapper to ask the user a password if the user
wants to mount non-readonly. Or even deny usage of the device to the
user if it's not authorized by the system administrator (sysadm could
leave a cookie using public-key encryption etc. etc.). Or something. I
think that is an interesting approach.

> Besides in years of experience I found over and over again that
> things which "know better" what do you want, does not matter if
> beneficial or not in the given moment, will _invariably_ turn out to
> be a major PITA one day in manners which you cannot predict right
> now.  I do not mean good defaults here but a magic behind scenes
> which changes things on its own in an opaque way.  We always lack an
> imagination; and those who think that they don't are doubly wrong.
>

Certainly.

> Therefore in my opinion although results of a floppy mount turn out
> to be, in general, right that this is done in a totally wrong place
> and, yes, this matters.
>

Then how do you propose the default options for a device previously
unknown to the system, say, a hotplugged USB floppy drive or IEEE1394
hard disk should be specified?

Remember, this used to be hardcoded in the fstab-sync sources, now it's
totally configurable - in fact perhaps a bit too configurable in my
view. But this is what people like you, that like total control of their
system, asked for and now I have implemented it. Besides, we're aiming
for a secure system that works out of the box so the need to ever touch
the default configuration should be little.

While I agree this is more complicated, I submit there is absolutely no
magic going on here - the transformation from the properties in storage-
policy.fdi file and others to what gets added to the /etc/fstab is both
well-defined and documented. If you have a patch to clarify the
documentation I'll be happy to review it.

David