[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: trouble with setting permissions for mounted partitions



Geoff Hing wrote:
> 
> Hello,
> 
> As suggested by some of you, I edited my /etc/fstab file in the hopes
> that it would help me set the permissions the way I wanted to.  Here is
> the scenario.  I want the user infoflux to be able to have read and
> write access to all mounted partitions, but only wanted the floppy disk
> mountable by users other than root.  So, I added the user infoflux to
> the floppy group (gid 19) and edited my /etc/fstab file as shown below:
> 
> /dev/hdb2     /         ext2     defaults 1 1
> /dev/cdrom   /mnt/cdrom iso9660 noauto,ro 0 0
> /dev/hdb1    /mnt/d     vfat   noauto,suid,umask=117,uid=0,gid=19 0 0
> /dev/fd0  /mnt/floppy ext2 noauto,suid,umask=117,uid=0,gid=19,user 0 0
> /dev/hda1  /mnt/c vfat   noauto,suid,umask=117,uid=0,gid=19 0 0
> none      /proc                     proc   defaults
> /dev/hdb3  none                      swap   sw
> 
> Unfortunately, the user infoflux is unable to mount the floppy disk
> (gets error "mount only root can do this") and is also unable to write
> to any of the partitons.  Note, running groups says that infoflux does
> indeed belong to the floppy group.  Also, an ls -l on /mnt says that the
> permissions of the mounted partitions are rw-rw---- and the owner and
> group of the file are root and floppy respectively.  Thus it seems that
> any member of the floppy group should be allowed to write to the
> partitions?  Whats going on?
> 
> Thanks,
> Geoff

First, the umask=117 is wrong, as Victor mentioned.
That's my fault.  I remember mentioning it.  I was thinking
that you didn't want people executing things from the floppy
(and you don't), but I went about it the wrong way.
Set umask=007, and add the 'noexec' option as well.
That should give directories execute permission, and still
disallow the running of binaries from it (or shell scripts).
I'd further set the fstype of floppy to 'auto' rather than 'ext2'.
This way you can mount ext2 _or_ vfat floppies easily.

I disagree with Victor's assessment that uid=0 is bad.
The method you're using of setting the owner to root and
the group to 'floppy' is really the best way to handle this.
That way you can add people to the 'floppy' group for access
easily.  Good move.

The 'user' option should allow user-mounting of /mnt/floppy.
How did you try to mount it?  "mount /mnt/floppy"?
Try puting 'user' right after noauto in the line.

Okay, in summation, here's what I'd use:

/dev/fd0  /mnt/floppy  auto 
noauto,noexec,user,suid,umask=007,uid=0,gid=19 0 0

Let me know how it goes.

	- Kevin Colby
	  kevin marcal com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]