| 1 |
On Wed, Sep 12, 2012 at 09:03:50AM +0100, Neil Bothwick wrote |
| 2 |
|
| 3 |
> I don't understand, why are you using sudo to run pmount when its core |
| 4 |
> purpose is to be run by normal users? |
| 5 |
> |
| 6 |
> % whatis pmount |
| 7 |
> pmount (1) - mount arbitrary hotpluggable devices as normal user |
| 8 |
|
| 9 |
A normal user can pumount *WHAT THAT SAME USER* has pmounted. Now try |
| 10 |
for a general solution. If you're the only user on the system, it's |
| 11 |
probably safe to keep an open xterm logged in to root. The problem is |
| 12 |
that inserting a USB device sets off a kernel event, that is passed to |
| 13 |
mdev, which looks for a script name in /etc/mdev.conf. If a script is |
| 14 |
found that matches the device spec (i.e. sd[a-z].*), e.g. my automount |
| 15 |
script, then the script is launched *AS ROOT*. Given that root has |
| 16 |
mounted the device, only root can unmount it. E.g. when root pmounts a |
| 17 |
device and normal user tries to pumount it, I get... |
| 18 |
|
| 19 |
waltdnes@d531 ~ $ pumount sdb1 |
| 20 |
Error: device /dev/sdb1 was not mounted by you |
| 21 |
|
| 22 |
Note also that the automount script has to first create a directory in |
| 23 |
/media, before mounting it. Since /media is drwxr-xr-x the directory |
| 24 |
has to be created by root, or else I have to open up /media to writing |
| 25 |
and directory creation by all users. The most secure approach is to |
| 26 |
have the system do things as root without user intervention, as much as |
| 27 |
possible. |
| 28 |
|
| 29 |
-- |
| 30 |
Walter Dnes <waltdnes@××××××××.org> |
| 31 |
I don't run "desktop environments"; I run useful applications |
Archives