Anal permissions!!!

raid517 · 08-16-2004, 04:52 AM

Hi I have an odd problem trying to set permissions in fstab on my sytem. You see the thing is I want to give users full read write and execute access (except on my NTFS partitions where writing - despite recent advances - still isn't advisable). currently I have my fstab file set up as follows:

Code:

/dev/hda2               /boot           ext3        defaults                           1  2
/dev/hda3               /               ext3        noatime                            0  1
/dev/hda4               swap            swap        defaults                           0  0
/dev/hda1               /mnt/hda1       ntfs        ro,umask=0222                      0  0
/dev/sda1               /mnt/sda1       ntfs        ro,umask=0222                      0  0
none                    /proc           proc        defaults                           0  0
none                    /sys            sysfs       defaults                           0  0
/dev/fd0               /mnt/floppy     vfat        defaults                           0  0
/dev/hdc                /mnt/cdrom      auto        ro,noauto,umask=0222               0  0
/dev/hdd                /mnt/cdrom2     auto        ro,noauto,umask=0222               0  0
none                    /dev/pts        devpts      gid=5,mode=620                     0  0

The problem is however that I can access both my NTFS partitions as a user but no matter what I do I seem to be unable to mount my CDROM drives as a user. As root or SU I can issue the mount command no problem. Providing I do this as root the user can then click on the CDROM drive on the desktop and read and execute any of the files there - but only root appears to have access to the mount command. Indeed if I try as a user to mount the drives I get a sharp message that only root is allowed to mount the drive on /mnt/cdrom. I have tried a variety of permssion schemes, but none seem to work.

I have changed the permission of the devices in /dev and in /mnt/ cdrom so that they are read write and execute for all. I have added the user to the cdrom group I have tried issuing a umask of 0222 - which again should be read write acess and execute for all - but still users cannot mount the drives on request.

I have come to wonder if perhaps it is possible that users only have limited acess to drive hda3 - which is my / partition - and if perhaps it is this that is blocking users access to the mount command?

If so how do I fix it and how do I allow user to mount and access drives with as few restrictions as possible?

Overall currently permissions seem utterly anal. The idea of Linux is to keep others out, but preferably this shouldn't mean keeping me out of my system too.

If you are wondering about the weird designation of hdc and hdd for my CDROM drives, I don't understand it very well myself. However initially they refused to mount at all (I kept getting messages about my CDROM drives being invalid block devices) and I did a search and found an answer here that told someone to do this. I simply copied it and it seems to have worked. (Except for the permissions thing).

Another weird thing is I cannot mount my floppy drive at all during boot, no matter what options I give it it always complains that /dev/fd0 is not a valid block device. Yet I can mount it as root and can view the files on it no problem. I have enabled floppy drive support in my kernel and I have also enabled dos and vfat into my kernel too. But none of this has made any difference at all.

Can I define through fstab who has what privlidges on my / root partition? I would like to give local users as much elevated privlidge as possible, without risking a user gaining fatal access to crucial system files. The current pernsisions scheme is waaay too restrictive.

Any input anyone can offer on either of these issues would be very much appreciated.

Best regards,

GJ

hw-tph · 08-16-2004, 04:59 AM

You need to add the user or users options to your CD-ROM devices in /etc/fstab. From the mount manpage:

Code:

              user   Allow an ordinary user to mount  the  file  system.   The
                     name  of  the mounting user is written to mtab so that he
                     can unmount the file system again.  This  option  implies
                     the  options noexec, nosuid, and nodev (unless overridden
                     by  subsequent   options,   as   in   the   option   line
                     user,exec,dev,suid).

              users  Allow  every  user  to mount and unmount the file system.
                     This option implies the options noexec, nosuid, and nodev
                     (unless  overridden  by  subsequent  options,  as  in the
                     option line users,exec,dev,suid).

Håkan

hw-tph · 08-16-2004, 05:02 AM

...and to give certain users elevated privileges in some areas, simply create groups with special privileges: I usually create a group called "log" and change the ownership of most logs to the logs group and set group read permissions on these files. This allows the members of the log group to view these logs.

Håkan

raid517 · 08-16-2004, 06:31 AM

Thanks guys, but that doesn't seem to have worked. Currently for my CDROM drives I have this set:

Code:

/dev/hdc                /mnt/cdrom      auto        ro,noauto,users                    0  0
/dev/hdd                /mnt/cdrom2     auto        ro,noauto,users                    0  0

I tried it with umask=0222 on the lines and without too. But I stlll get the same error. Well actually i get two errors now. One saying only root can access mount, and the other saying, 'bad fs, wrong option, or too many mounted blocks on dev/hdc (and (hdd) and so on.

Yet as i said root can still mount them.

One concequence of the above command is that some icons were automatically created on my desktop for these devices, but these were equally as unaccessable as were the devices I created on my desktop myself.

Why should there be such super tough restrictions on my CD drives?

Any input would be welcome.

GJ

raid517 · 08-16-2004, 06:50 AM

OK 'users' didn't work, but 'user' does. The only problem is that now I have these big horrible CDROM icons on my desktop that don't correspond to any theme I have installed. Has anybody got any idea how to get rid of them? It won't let me just delete them. I would much rather just use my own icon theme.

Also, I am still having problems getting my floppy drive to mount. As I said above it just keeps saying at boot time that /dev/fd0 is not a valid block device, despite the fact that root can still mount it. Why would it say that? I don't get it....

GJ