View previous topic :: View next topic |
Author |
Message |
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Sat Dec 30, 2017 5:26 am Post subject: Partition automount permission |
|
|
I have a problem in write permission in the separated partition.
I have a separate partition in my drive.
/dev/sda1 is for "/boot",
/dev/sda2 is for root folder "/".
/dev/sda3 is for file storage.
The file system of /dev/sda3 is ext4
To mount the /dev/sda3, I tried to use fstab to mount it automatically when system boots up. Then I found the normal user doesn't have the write permission even though I add "user,rw" in the 4th field. I tried the add umask=0000 in 4th field, but the system doesn't recognize it. I can change the permission of the folder by chmod 777. But I don't like this way. Because, if I do it in this way, anyone could modify any thing regardless of the owner and group of the file/folder in this partition even it belongs to root.
Then I am realize that the file manager could mount the removable usb disk automatically with write permission. So I tried to delete the automount in fstab and use the file manager to mount the partition when I click it.
The result is, when I mount the /dev/sda3 via file manager, I still don't have the write permission and the owner and group of this folder, /run/media/{uuid} are still root:root. On the contrary, when I mount the removable USB disk via file manager, the owner and group of the mounted folder in /run/media are the name of the user.
Could anyone tell me how I could mount the /dev/sda3 like removable USB, which means mount the partition with user name as the owner and group?
Thank you |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sat Dec 30, 2017 6:02 am Post subject: |
|
|
I think if you have a regular UNIX FS, the Linux/VFS will honor permissions on it if going through the kernel filesystem subsystem.
So you have to use a non-UNIX filesystem to emulate how flash USB sticks. They typically are using vfat.
What's exactly the use mechanism for this? Do you have multiple users that only a few should be able to access this partition? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Sat Dec 30, 2017 6:17 am Post subject: |
|
|
eccerr0r wrote: | I think if you have a regular UNIX FS, the Linux/VFS will honor permissions on it if going through the kernel filesystem subsystem.
So you have to use a non-UNIX filesystem to emulate how flash USB sticks. They typically are using vfat.
What's exactly the use mechanism for this? Do you have multiple users that only a few should be able to access this partition? |
Exactly, it's shared computer with child. 2 users. I have to make some permission control. I don't want him to do some stupid thing like "rm -rf /run/media/{uuid}'. Just curious about how it works. Thank you. I think I know what to do to make it. Thank you. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Sat Dec 30, 2017 9:39 am Post subject: |
|
|
the "user" option doesn't allow a user to mount/umount a disk/partition like he wish ; what it does is allow a user to mount an unmount partition and own then the rights to umount it later.
so if you have a user,rw options set, when you boot, the partition is mount by root and then any users that is not "root" couldn't umount it.
if you want user to have control over the mount/umount, set the options user,noauto ; this way the partition is not mount at boot, and any users doing "mount /pathto" will mount the partition and could umount it later.
however keep in mind, that's just mount/umount rights, it won't affect files/directories rights that will kept the unix rules.
you're issue could be solve easy, because i don't think your aim is to allow your children to mount/umount the partition, but allow them to write somewhere on it ; what you should do is create directories for them on /dev/sda3, you create per example "david" and "bob", and you chown david:users the david directory, and chown bob:users "bob" directory, you then set chmod 700 these directory, allowing only their users owner to read/write/exec in them.
you can create another one directory "common", and you chown root:users "common", and set chmod 770 on it (giving rights for users in group "users" to read/write/exec in it). And for any user to use common directory, you just add that user to the group "users".
this way, david could write to "david" and "common", and "bob" could write in "bob" and "common", "daughter" that is in group "users" cannot write in "bob" and "david" but will be allow to write in "common" ; and "wife" that is not in "users" group, won't be allow to write in "bob, david, and common" (yeah, that's top security to disallow wife!)
pd1986 wrote: | Could anyone tell me how I could mount the /dev/sda3 like removable USB, which means mount the partition with user name as the owner and group? |
if really it was your aim, then your answer is user,noauto and the device won't be mount at all, and the device will be mount by "david" when "david" will do mount /dev/sda3, and he will then have rights to do "umount /dev/sda3" ; however it won't change the permissions on files in it.
if you wish emulate "usb key", you then use a stupid fs like vfat on /dev/sda3 and give it "users,uid=(uid of some user),gid=(gid of somegroup) and any read or write in that fs will be done with these uid,gid values.
keep in mind still, those are stupid rights, use on stupid fs, as it mean your children could indeed do whatever they wish on /dev/sda3, including removing files they didn't create themselves, as you have no "david" or "bob" doing something only uid/gid doing it, allowing "bob" to remove what "david" (or you!) has create. |
|
Back to top |
|
|
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Sat Dec 30, 2017 9:46 am Post subject: |
|
|
krinn wrote: |
you're issue could be solve easy, because i don't think your aim is to allow your children to mount/umount the partition, but allow them to write somewhere on it ; what you should do is create directories for them on /dev/sda3, you create per example "david" and "bob", and you chown david:users the david directory, and chown bob:users "bob" directory, you then set chmod 700 these directory, allowing only their users owner to read/write/exec in them.
you can create another one directory "common", and you chown root:users "common", and set chmod 770 on it (giving rights for users in group "users" to read/write/exec in it). And for any user to use common directory, you just add that user to the group "users".
this way, david could write to "david" and "common", and "bob" could write in "bob" and "common", "daughter" that is in group "users" cannot write in "bob" and "david" but will be allow to write in "common" ; and "wife" that is not in "users" group, won't be allow to write in "bob, david, and common" (yeah, that's top security to disallow wife!)
|
Thank you for your detailed solution. That's exactly what I plan to do: create a folder in the user's permission in the /dev/sda3 (me and child) but keep the partition permission as root. Your common directory is a good idea. Thanks. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Sat Dec 30, 2017 9:48 am Post subject: |
|
|
yeah i know the "disallow wife" argument never fail |
|
Back to top |
|
|
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Sat Dec 30, 2017 9:51 am Post subject: |
|
|
krinn wrote: | yeah i know the "disallow wife" argument never fail |
That's funny. Keep it secret. Otherwise, it's funny anymore |
|
Back to top |
|
|
lyallp Veteran
Joined: 15 Jul 2004 Posts: 1557 Location: Adelaide/Australia
|
Posted: Mon Jan 01, 2018 11:59 pm Post subject: |
|
|
I mount my NTFS filesystems using ntfs-3g (sys-fs/ntfs3g), not kernel ntfs, which, last time I looked, defaults to read-only for NTFS.
I make the group 'ntfs' then add whoever is allowed to access the drive to that group using usermod.
I mount my windows C: drive read only, to prevent 'accidents', my windows D: drive is read-write.
I figure out the PARTUUID using the following command (sys-apps/util-linux)
Code: |
lsblk --output NAME,SIZE,RO,TYPE,MOUNTPOINT,FSTYPE,PARTLABEL,UUID,PARTUUID
|
My /etc/fstab entries are as follows...
Code: |
PARTUUID=5ae35627-02 /mnt/c_drive ntfs-3g defaults,gid=ntfs,umask=0,umask=002,nls=utf8,silent,exec,ro 0 0
PARTUUID=8e2074e1-d0cc-48f5-af53-aedf25d28a17 /mnt/e_drive ntfs-3g defaults,gid=ntfs,umask=0,umask=002,nls=utf8,silent,exec 0 0
|
I can read/write the disks, they mount at boot and people not in the ntfs group have no access. _________________ ...Lyall |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|