Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] KDE mounting local partitions only as root
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Sat May 11, 2013 9:55 am    Post subject: [SOLVED] KDE mounting local partitions only as root Reply with quote

Hello dear Gentoo-experts!

I'm using my gentoo systems now for quite a long time, in dualboot with Windows 7 (or Visa on another).
Sometimes I need to just read some files from my ntfs partition.
That always worked well using kernel-driver and this fstab-line
Code:
/dev/sda3               /mnt/w7      ntfs            ro,noauto,user,gid=users,umask=0002,nls=utf8        0 0
This still works in bash: I can mount my partition by "mount /dev/sda3" .

But using any KDE-Tool like the mounter-plasmanoid or Dolphin I get an udisk-error with an root-password dialog.

I have two questions:
How do I get rid of the udisk-quesion without breaking a big hole in the security-system. (e.g. /boot must ask for a password, windows-partition must not, but must keep ro)
Is the fstab-option still usable or must I get rid of it?

Thanks for your help!
_________________
With nice greetings
Vrenn


Last edited by Vrenn on Sat May 25, 2013 11:27 am; edited 2 times in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 32439
Location: 56N 3W

PostPosted: Sat May 11, 2013 11:27 am    Post subject: Reply with quote

Vrenn,

Comment out
Code:
/dev/sda3               /mnt/w7      ntfs            ro,noauto,user,gid=users,umask=0002,nls=utf8        0 0
for udisks to work.

The ro should not be required, ntfs is the kernel ntfs driver, which is badly broken in the write department. If you enable kernel write support for ntfs, it can change the contents of existing files provided the file size does not change, thats all.
For ntfs write use FUSE in the kernel and and emerge ntfs-3g. ntfs-3g uses ntfs3g as the filesystem type.

udisks is a security hole - it allows users to mount things.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Sat May 11, 2013 11:27 am    Post subject: Reply with quote

Think I solved it by using x-udisks-auth in fstab
Code:
/dev/sda3               /mnt/w7      ntfs            ro,noauto,user,gid=users,umask=0002,nls=utf8,x-udisks-auth
(considering dropping the users option) and a local Policy in KDE->Systemsettings
There in the Permission-settingtool org.freedesktop->The udisks Project->Mount/unmount filesystems defined in the fstab file with the x-udisks-auth option I added a local authorization named "Mainuser_exception". There I added my username with following privilege:

Any: no
Inactive console: yes
Active console: yes

Now it works.
But i don't mark this as solved because I don't understand it. Is this a good solution? a secure one?
What ist the differende between "Any, Inactive console, Active console"?
_________________
With nice greetings
Vrenn
Back to top
View user's profile Send private message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Sat May 11, 2013 11:30 am    Post subject: Reply with quote

is KDE useable without udisks?
_________________
With nice greetings
Vrenn
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 32439
Location: 56N 3W

PostPosted: Sat May 11, 2013 11:35 am    Post subject: Reply with quote

Vrenn,

I'm not a KDE user, so I can't try the experiment.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Sat May 11, 2013 11:48 am    Post subject: Reply with quote

Thanks for your answer, it will keep me think about this change of permissions/mount. I don't now if I will go on KDE/udisks or a smaller one. You are right, udisk is a security hole, at least it is if the user (me) can't control it.
Before dropping all kde-stuff I'll get a research for this damn three-permission-settings in the udisk-exceptiondialog.

Thanks for the ntfs-3g tip. Perhaps I'll play with it, but I never needed write-permission for my "Wintendo".

ps: you are a site admin on Gentoo?
Thanks for your work and the wonderful years I had with gentoo in the last 10 (or more?) years...
_________________
With nice greetings
Vrenn
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 32439
Location: 56N 3W

PostPosted: Sat May 11, 2013 2:07 pm    Post subject: Reply with quote

Vrenn,

I'm a forums admin on the Gentoo forums. I do not have root access to any Gentoo infrastructure servers, not even the ones the forums run on.
Its probably just as well :)
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
lost+found
Guru
Guru


Joined: 15 Nov 2004
Posts: 429
Location: North~Sea~Coa~s~~t~~~

PostPosted: Sun May 12, 2013 6:27 am    Post subject: Reply with quote

Vrenn wrote:
is KDE useable without udisks?


Yes, but then you can't mount drives as a user (they don't popup in systemtray). A nice alternative is "pmount", and make some clickable bash-scripts for your drives to mount as a user.

Another thing I noticed is that udisks always messed up my smartd hparm accoustic and spindown settings on KDE login.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 32439
Location: 56N 3W

PostPosted: Sun May 12, 2013 8:45 am    Post subject: Reply with quote

Vrenn,

udisks controls disk mounting and naming. If you put your entries in /etc/fstab, and include the user, or users option, then the lazy form of mount will work. Users can still mount/umount things but only where fstab says and with the permissions from fstab.

A few years ago thats all there was, it still works.

The difference between users and user is that with the user option, umount can only be performed by the user that did the mount. This stops other users taking CDs out of the drive. users permits any user to perform umount, again, the lazy form of mount must be used, so that fstab is consulted and the options are read.

Its really tempting to set up a u* free system, just to see if I still can. static /dev, no udev, no *kit, a real xorg.conf ... ah, the good old days.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
The Doctor
Veteran
Veteran


Joined: 27 Jul 2010
Posts: 1544

PostPosted: Sun May 12, 2013 6:11 pm    Post subject: Reply with quote

Vrenn wrote:
is KDE useable without udisks?


Yes. Before I switched to using a window manager, I had kde installed without any *kits or udisks/upower. The only hitch is a error from powerdevil which can be solved by rewriting the e-build in your local overlay to remove powerdevil from the dependency list. You don't get the automount features, but you can use pmount or uam (+udev) to get automounting to work.
_________________
First things first, but not necessarily in that order.
Back to top
View user's profile Send private message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Tue May 14, 2013 7:04 pm    Post subject: Reply with quote

NeddySeagoon wrote:
... ah, the good old days.
Oh yes, you are speaking right from my heart. At now I see two worlds (of systems/user rights) on my Gentoo.
1) fstab (booting, bash, other software)
2) udisks (desktop/kde, kde-software/dolphin, open-dialog...)

Perhaps I can get control over both of them, I'll give it a try.
_________________
With nice greetings
Vrenn
Back to top
View user's profile Send private message
Vrenn
Apprentice
Apprentice


Joined: 15 Dec 2004
Posts: 211

PostPosted: Sat May 25, 2013 11:05 am    Post subject: Reply with quote

Just for complementation:

The new mounting is a combination of udisks, consolekit, d-bus and polkit.

udisks, as already diskussed here, is a user-mount-demon, but can do much more with storage-devices
Polkit manages the rights of demons like udisks
consolekit manages the user-sessions. I believe "aktive console" means the current logged in user. Kde can change the user, without closing the last session. This could be the "inactive console"
d-bus is the communication demon, the cell phone tower between the programs above

I hope this helps someone to get an quick overlook I needed myself.
_________________
With nice greetings
Vrenn
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum