On 4/30/05, Colin Carter <colincarter@exemail.com.au> wrote:

Thanks to Ken Schneider and Greg Freemyer.

<snip>

Thanks Greg. I have been off the air for a few hours, then I tried what you said. Guess what! The damned thing automounted. :-) dmesg gave me: usb 5-7.4: new high speed USB device using address 3 usb 5-7.4: Product: Anypak_U2_USBNET usb 5-7.4: Manufacturer: In-System Design usb 5-7.4: SerialNumber: 1200E00002143583 Initializing USB Mass Storage driver... scsi0 : SCSI emulation for USB Mass Storage devices Vendor: FUJITSU Model: MHS2020AT Rev: 8004 Type: Direct-Access ANSI SCSI revision: 02 SCSI device sda: 39070080 512-byte hdwr sectors (20004 MB) sda: assuming drive cache: write through sda: sda1 Attached scsi disk sda at scsi0, channel 0, id 0, lun 0 USB Mass Storage device found at 3 drivers/usb/core/usb.c: registered new driver usb-storage USB Mass Storage support registered. Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0

As you suggested I tried to mount it as sda but I got an error message saying that only root can mount it. So I changed to su and tried again and got the message that it is already mounted (expected I suppose). But why can't I mount it as a 'normal' user?

Regards, Colin

As Ken said, the above is actually telling you to mount /dev/sda1 (The first partition on sda). You can verify that with fdisk -l /dev/sda (prints the partition table). As to why only root? I assume because mount can be a dangerous command and can be used to cause data to written where users don't expect it. i.e. Assume mount could be run by any user for a minute and user1 is trying to steal data created by user2 in their home directory. If user1 says mount /dev/sda1 /home, the command will succeed and all of /home would be replaced by /dev/sda1 (potentially a usb drive). If user1 made a look alike of /home on the seperate disk before using mount to replace /home, the user2 may not realize the disk below /home was replaced. Then after user2 writes valuable data to /home, user1 un-mounts it and pulls the fake drive. user1 then takes it to another computer where user1 has root access and looks thru the valuable data. Since mount requires root priveledges, user1 can't perform the above breach of security without the root password, and if they have the root password they can already read user2's files without all that effort. Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century