[opensuse] Re: [opensuse ] How do I mount USB drive world writable using device notifier?
On 2/4/2011 2:26 PM, Anton Aylward wrote:
<stuff deleted> You said you and your wife both use Linux. So use the Linux network file sharing tools: NFS.
Its going to be simpler.
Thanks again Anton for your quick reply. I have set up the NFS server on all my Linux systems, and can for the most part now navigate around Linux filesystems via the auto mounted files defined for autofs. I have also left the Samba server running, for the moment, until I can figure out how to use NFS to mount Windoz shares and v.s get Windoz machines to see Linux exported files. (Future project... )
That said, even using NFS to navigate to the mounted USB drive on her laptop, or v.s. for her to navigate to my USB drive, we hit an even worse roadblock. The moment we try to cd into the mounted drive, we can't even get permission to see what is there. I can demonstrate this -
Here I cd via a samba mount to the USB drive on my laptop, from my server (or wife's laptop if you like, same results)
cd /mnt/samba/marcslaptop/slash/media/My\ Passport/ marc@bigbang:/mnt/samba/marcslaptop/slash/media/My Passport> ls Autorun.inf FOUND.000 FOUND.002 PortableApps StartPortableApps.exe WD Stuff Documents FOUND.001 FOUND.003 $RECYCLE.BIN System Volume Information
and I can list out the contents of the top level directory,though I cannot write to it from across the network.
Here I tried to cd via a NFS mount to the USB drive on my laptop, and I am not even allowed to get there. Looks like more d$#*m Linux security is blocking me!
marc@bigbang:~> cd /mnt/nfs/marcslaptop/slash/media/My\ Passport/ bash: cd: /mnt/nfs/marcslaptop/slash/media/My Passport/: Permission denied
<more stuff deleted>
Now here comes the part where I cheat.
I decided that the the name<->uid on all my machines should be the same. So files owned by anton on server have the same uid number as files owned by anton on the laptop. I don't have to worry about remapping.
You could cheat by having your uid on your laptop as the same as your wife's uid on her laptop.
Of course that leads to problems when you log in as yourself (different uid) on her laptop and try to access files on your laptop :-)
This is the most transparent, the simplest way I can think of setting up file sharing.
I checked my UID on all my systems, including my wife's, using the ID command. It happens to be the same - 1000 cuz I am typically the first user set up on each system..
SAMBA was designed for sharing files with Windows machines. As you and your wife are both running Linux it is completely inappropriate.
Anywise, after we have our laptops up and running, we will plug in our external USB drives, and use the KDE device notifier to mount them. They get mounted at - /media/MyPassport for example. There is nothing in our /etc/fstab that defines this mounting AFAIK, though some of what is in fstab is obtuse to me.
The manual page is correct but terse. You might try right-button when you mouseover the KDE device notifier. You will see an option for configuration settings. You can set the automounting options.
The only setting I could find, for the device notifier, were settings which control when an auto-mountable device can be mounted. Nothing about where, or permissions associated with said device. (IMHO this is a sadly overlooked set of features that SHOULD be configurable right within that device notifier's configuration panel!!)
And I have no idea why the /media directory was chosen as the place where to mount our USB drives, it was only through using grep that I was able to figure out that this was where it got mounted.
I hope you mean 'find' and not 'grep' :-)
I did, mental cog slipped on me...
I can see why it seems odd, but it is a "removable *media*" device we are talking about.
That's ok with me, I just WISH the device notifier would have told me, and even better, made it a user settable parameter....
In your reply you referred to one line in the fstab file that I also found in mine -
usbfs /proc/bus/usb usbfs noauto 0 0
so I did some experiments, but this is somewhat obtuse to me also, so not sure if I did these right -
usbfs /proc/bus/usb usbfs noauto,defaults 0 0
and from what I could grok out of the man page for mounting usbfs file systems, I took the following wild guess (and various permutations)
usbfs /proc/bus/usb usbfs noauto,devmode=0777,busmode=0777,listmode=0777 0 0
A bit over aggressive, but I see your intent. I suspect you don't have device files (aka device nodes such as /dev/tty1) on your usb device.
Yeah, like I said, I am guessing on a lot of this.. This setting in particular just boggles my mind and leaves me shaking my head with wonder at how Linux gurus have come to love such obtuse parameters... I have NO idea what devmode, busmode, and listmode mean! Don't want to know, and don't want to have to learn. I just want an easy to use interface with a simple model on how to establish and set permissions! So yeah, I get aggressive about shutting off security whenever I encounter it. LOL
What you might want to do is try mounting from the command line with options and see what you get
# mount -t vfat /dev/sdb1 /mnt/usbstick -o rw,nodev,noexec
and play with the other items on that option list. The above does it for me.
That would correspond to
usbfs /proc/bus/usb usbfs noauto,rw,nodev,noexec 0 0
I tried this (had to disable the device notifier in order to do so) an fooled around a bit with the parameters but so far no joy. One thing that is interesting is that it appears that if I try to access the USB drive from across the network, it become un-mountable afterwards. Neither umount nor the device notifier can unmount it, saying some process is still accessing it. I have been unable to track down just what process it thinks is still using it....
Now, what I want to be able to do is something like the following, to copy files from my laptop to my wife's USB drive -
cp *.jpg/mnt/auto/wifesLaptop/slash/media/MyPassport/Documents/Pictures
or for my wife to be able to use Dolphin to simply drag and drop pictures from her laptop to my USB drive using similar paths...
Which gets back to WHY?
If you each have /home/<username>/share/ NFS exported and<otherusermachine>:/home/<otherusername>/share NFS mounted on your /mnt/<otherusermachine>/<otherusername> and a symlink from /home/<username>/<otherusername>/ to /mnt/<otherusermachine>/<otherusername>
then you can
cp *.jpg ~/wifesname/Documents/Pictures/
TA-DAH!
No not so easy. It is not simply a matter of copying images across, but to do so organizationally. I.E. certain pictures must go in certain folders, and not being able to do that efficiently and directly from across the network is a real PITA for us.
I know that looks complicated written out like that, but is actually a very simple and symmetrical pattern. And very easy to set up.
Forget about the USB drives for the moment, get that simple NFS working.
When you've got that working we can come back and think about the USB issues.
Ok, like I said, I now have simple NFS working also. And I still cannot access the USB drive from across the network... This is a lot harder than it should be... sigh..
Marc..
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
That said, even using NFS to navigate to the mounted USB drive on her laptop, or v.s. for her to navigate to my USB drive, we hit an even worse roadblock. The moment we try to cd into the mounted drive, we can't even get permission to see what is there. I can demonstrate this -
Please explain why the cross-wise USB access is critical. The examples you've given so far don't explain what the "critical business process" is that requires you to transfer onto her USB stick rather than into her "public for import export" directory.
If having the file end up on the USB is critical, can't you do this:
a) you: mv *.jpg ~/hers/importexportdir b) she: mv ~/importexportdir/*.jpg /media/sdb1/Pictures/
I do recall your complaint about access permissions, but I think that allowing someone unrestricted access to all of your machine is a formula for acrimony.
"Why did you delete that file on my machine" "I didn't" Yes you did" "No I didn't" "Of course you did, you're the only one who could" "Well I didn't" "You must have because I didn't". ...
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
Here I tried to cd via a NFS mount to the USB drive on my laptop, and I am not even allowed to get there. Looks like more d$#*m Linux security is blocking me!
To me its looks like you're contorted and making things complex where they should be simple.
marc@bigbang:~> cd /mnt/nfs/marcslaptop/slash/media/My\ Passport/ bash: cd: /mnt/nfs/marcslaptop/slash/media/My Passport/: Permission denied
Sorry, Marc, that's not helpful. If anything it hints as how messed up your configuration is
What in your /etc/exports, /etc/fstab
Are your running IVMAN?
what's the output of
# ps -ef | grep hal # mount # exportfs # showmount -a
for each machine
On 2/5/2011 6:11 PM, Anton Aylward wrote:
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
Here I tried to cd via a NFS mount to the USB drive on my laptop, and I am not even allowed to get there. Looks like more d$#*m Linux security is blocking me!
To me its looks like you're contorted and making things complex where they should be simple.
marc@bigbang:~> cd /mnt/nfs/marcslaptop/slash/media/My\ Passport/ bash: cd: /mnt/nfs/marcslaptop/slash/media/My Passport/: Permission denied
Sorry, Marc, that's not helpful. If anything it hints as how messed up your configuration is
I do agree something is screwed up! No argument there.... I will have to answer this with two emails, one for each machine, if necessary, though I think I have set up things pretty similar, considering my laptop is running openSuSE11.3 and my wife's and our main server is running 11.2. (I just upgraded my media center and one of my business work computers to 11.3 as well. Same symptoms everywhere..)
So for my laptop -
What in your /etc/exports, /etc/fstab
cat exports / 192.168.2.0/255.255.255.0(fsid=0,crossmnt,rw,no_root_squash,sync,no_subtree_check) /home 192.168.2.0/255.255.255.0(rw,no_root_squash,sync,no_subtree_check) /tmp 192.168.2.0/255.255.255.0(rw,no_root_squash,sync,no_subtree_check)
cat fstab /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part1 swap swap defaults 0 0 /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part3 / ext4 acl,user_xattr 1 1 /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part2 /boot ext4 acl,user_xattr 1 2 /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part7 /data ext4 acl,user_xattr 1 2 /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part5 /home ext4 acl,user_xattr 1 2 /dev/disk/by-id/ata-Seagate_FreeAgent_GoFlex_NA02C8SY-part6 /windows/D vfat users,gid=users,umask=0002,utf8=true 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs noauto 0 0 debugfs /sys/kernel/debug debugfs noauto 0 0 usbfs /proc/bus/usb usbfs noauto,devmode=0777,busmode=0777,listmode=0777 0 0 devpts /dev/pts devpts mode=0620,gid=5 0 0
Are your running IVMAN?
I don't know what IVMAN is, so I don't know, probably not, or at least not intentionally.....
what's the output of
# ps -ef | grep hal
ps -ef | grep hal 105 1679 1 0 17:12 ? 00:00:01 /usr/sbin/hald --daemon=yes root 1885 1679 0 17:12 ? 00:00:00 hald-runner root 2063 1885 0 17:12 ? 00:00:00 hald-addon-input: Listening on /dev/input/event7 /dev/input/event0 /dev/input/event8 /dev/input/event4 /dev/input/event2 /dev/input/event5 /dev/input/event3 /dev/input/event10 /dev/input/event12 /dev/input/event13 root 2100 1885 0 17:12 ? 00:00:00 /usr/lib/hal/hald-addon-rfkill-killswitch root 2133 1885 0 17:12 ? 00:00:00 /usr/lib/hal/hald-addon-cpufreq 105 2134 1885 0 17:12 ? 00:00:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket root 2137 1885 0 17:12 ? 00:00:01 hald-addon-storage: polling /dev/sr0 (every 2 sec) root 2245 1885 0 17:12 ? 00:00:00 /usr/lib/hal/hald-addon-generic-backlight root 2247 1885 0 17:12 ? 00:00:00 /usr/lib/hal/hald-addon-generic-backlight root 9762 4597 0 23:38 pts/2 00:00:00 grep hal
# mount
mount /dev/sdb3 on / type ext4 (rw,acl,user_xattr) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) debugfs on /sys/kernel/debug type debugfs (rw) devtmpfs on /dev type devtmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,mode=1777) devpts on /dev/pts type devpts (rw,mode=0620,gid=5) /dev/sdb2 on /boot type ext4 (rw,acl,user_xattr) /dev/sdb7 on /data type ext4 (rw,acl,user_xattr) /dev/sdb5 on /home type ext4 (rw,acl,user_xattr) /dev/sdb6 on /windows/D type vfat (rw,noexec,nosuid,nodev,gid=100,umask=0002,utf8=true) securityfs on /sys/kernel/security type securityfs (rw) nfsd on /proc/fs/nfsd type nfsd (rw) rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) /proc on /var/lib/ntp/proc type none (ro,nosuid,nodev,bind) /dev/sdc1 on /media/My Passport type vfat (rw,nosuid,nodev,uid=1000,utf8,shortname=mixed,flush)
# exportfs
exportfs / 192.168.2.0/255.255.255.0 /home 192.168.2.0/255.255.255.0 /tmp 192.168.2.0/255.255.255.0
# showmount -a
showmount -a All mount points on marcslaptop: 192.168.2.100:/
for each machine
I will send another machines data tomorrow.. getting too late for me to continue.. Again thanks Anton for your help and time taking a look see for me...
Marc..
Marc Chamberlin said the following on 02/06/2011 02:55 AM:
I do agree something is screwed up! No argument there....
And its probably at a point where you've altered so many things you haven't mentioned that we really don't know where you are.
We're now doing guesswork, and as you've admitted, you're not experienced enough to deal with many of the assumptions we would make and need a more detailed, line by line, instruction. Only we're not at your keyboard and can't check very detail and we don't know what else you are altering in-between these mails.
I hated the one week I did work on phone support more than 25 years ago and have a lot of sympathy for the people who brave it out.
Marc Chamberlin said the following on 02/06/2011 02:55 AM:
So for my laptop -
What in your /etc/exports, /etc/fstab
cat exports / 192.168.2.0/255.255.255.0(fsid=0,crossmnt,rw,no_root_squash,sync,no_subtree_check) /home 192.168.2.0/255.255.255.0(rw,no_root_squash,sync,no_subtree_check) /tmp 192.168.2.0/255.255.255.0(rw,no_root_squash,sync,no_subtree_check)
I can see lots of things that might go wrong. Exporting root makes no sense. This is back yo your "make everything world writeable/accessible" thing.
Exporting /tmp makes no sense.
Exporting the specific directories you want exported makes tracing and debugging easier since you can pin-point things. It also gets round problems with misinterpreting 'crossmount' (which isn't for what you seem to be describing).
I wouldn't play with the fsid option. There is no need.
I have 19 lines in the /etc/exports on my server and don't need any at all on my laptops.
Marc Chamberlin said the following on 02/06/2011 02:55 AM:
Are your running IVMAN?
I don't know what IVMAN is, so I don't know, probably not, or at least not intentionally.....
Check to see if its installed. Check your RC files to see if its started.
Its absense might eplain the problems you're having with removable media. <quote> Originally for automounting, it can now be used to run arbitrary commands when events or conditions occur or properties are modified on your hardware (e.g., run a command when you close your laptop's lid, run a command when a particular device is attached or a particular CD is inserted, etc). </quote>
# mount
mount .... /dev/sdc1 on /media/My Passport type vfat (rw,nosuid,nodev,uid=1000,utf8,shortname=mixed,flush)
Good. Leave it there. Don't try screwing around with the mount point. Use Symlinks instead.
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
The only setting I could find, for the device notifier, were settings which control when an auto-mountable device can be mounted. Nothing about where, or permissions associated with said device.
And where/what was that?
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
Yeah, like I said, I am guessing on a lot of this.. This setting in particular just boggles my mind and leaves me shaking my head with wonder at how Linux gurus have come to love such obtuse parameters... I have NO idea what devmode, busmode, and listmode mean! Don't want to know, and don't want to have to learn. I just want an easy to use interface with a simple model on how to establish and set permissions! So yeah, I get aggressive about shutting off security whenever I encounter it. LOL
Sorry, I'm a command line guy. I think that the GUIs you find friendly hide the details that I want to see. With the command like I can go anywhere, do anything, see everything. With the GUI I can only see and do what the GUI designer decided to let me see and do.
I'm sure that if you keep flipping between Dolphin and Yast systemsettings and other things that are GUI you can do all this, with pretty icons and pull down lists. In whatever colour scheme and icon scheme you like.
And when you shut off security all over the place you are going to end up with other troubles.
If you keep saying you want to be ignorant then you'll find people her reluctant to help you.
The security is there for a purpose, as even Microsoft is now admitting.
On 2/5/2011 6:21 PM, Anton Aylward wrote:
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
Yeah, like I said, I am guessing on a lot of this.. This setting in particular just boggles my mind and leaves me shaking my head with wonder at how Linux gurus have come to love such obtuse parameters... I have NO idea what devmode, busmode, and listmode mean! Don't want to know, and don't want to have to learn. I just want an easy to use interface with a simple model on how to establish and set permissions! So yeah, I get aggressive about shutting off security whenever I encounter it. LOL
Sorry, I'm a command line guy. I think that the GUIs you find friendly hide the details that I want to see. With the command like I can go anywhere, do anything, see everything. With the GUI I can only see and do what the GUI designer decided to let me see and do.
I'm sure that if you keep flipping between Dolphin and Yast systemsettings and other things that are GUI you can do all this, with pretty icons and pull down lists. In whatever colour scheme and icon scheme you like.
When it comes to the command line v.s. GUI arguments I am an atheist myself. I have seen lots of bad command line interfaces as well as lots and lots of bad GUI's. Yes, I agree, command line interfaces do allow the user to do anything, BUT they also require that the user grok a whole lot more up front, before successfully using said commands. Think about all those parameter many commands come with (such as what precipitated this email exchange) and how much (if available and up to date) outside documentation one must wade through to understand em and to determine what is relevant!
Many GUI developers fail to address and even realize that a well designed GUI has one important feature that makes it, in general, a better interface for human operators. A well designed GUI should not simply present a small subset of a tools capabilities, it should act as a teacher and a guide, helping a user to advance to ever more powerful features and options, as he needs and comes to understand the model behind the tool and it's capabilities. GUIs should NOT hide advance and powerful capabilities, but instead present things to a user so as to educate, presenting the more common/easy and most likely relevant things at first for beginners, and organize/hide but not remove access to the advance features that can overwhelm them.. A really well designed GUI will allow a user to do anything that a command line version of a tool can do, with a much better presentation and organization.
But with so many bad GUI's around, and difficult to grok command line tools, I remain agnostic...
And when you shut off security all over the place you are going to end up with other troubles.
If you keep saying you want to be ignorant then you'll find people her reluctant to help you.
The security is there for a purpose, as even Microsoft is now admitting.
See my previous comments about security v.s. usability... Perhaps I overstated things a bit, I don't necessarily want to be ignorant, what I really want are easy consistent models to grok and follow, especially for accomplishing basic conceptual tasks such as transferring files from one device to another. If the security is easy to deal with then yes I want to leave it in place. But if it is becoming a significant hurdle, difficult to comprehend and difficult to set up right then I tend to try and simply disable it so I can move on. Security through obscurity is one of the worse things developers do to systems these days, and Microsoft IMHO is the worst offender, but Linux does not seem to be too far behind... Sorry if my frustrations with it was showing, I will try to keep an open mind...
We are getting off topic now so I will digress and move on... Marc..
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
That would correspond to
usbfs /proc/bus/usb usbfs noauto,rw,nodev,noexec 0 0
I tried this (had to disable the device notifier in order to do so) an fooled around a bit with the parameters but so far no joy. One thing that is interesting is that it appears that if I try to access the USB drive from across the network, it become un-mountable afterwards. Neither umount nor the device notifier can unmount it, saying some process is still accessing it. I have been unable to track down just what process it thinks is still using it....
Then you are doing something very very wrong somewhere in your config because that's how all my Linux machines, laptops, desktops and servers, openSuse and Redhat and Mandriva, are configured, and I can - just have to check - still use the device notifier and mount and unmount from the command line.
Either there's something else in your configuration that you're not mentioning or has got out of sync or is interfering (like your automounter maps!) OR you have gremlins. :-)
I'm coming to suspect gremlins. Some people seem to have them and nothing they do works right while other people seem to have no problem.
Gremlins. That must be it. So long as you have them nothing will work right for you. Get rid of the gremlins first.
Marc Chamberlin said the following on 02/05/2011 08:37 PM:
then you can
cp *.jpg ~/wifesname/Documents/Pictures/
TA-DAH!
No not so easy. It is not simply a matter of copying images across, but to do so organizationally. I.E. certain pictures must go in certain folders, and not being able to do that efficiently and directly from across the network is a real PITA for us.
I'm sure a small pattern-matching driven piece of shell script or perl code could take care of those contingencies.
As I said,
SOLVE ONE PROBLEM AT A TIME
-
Anton Aylward -
Marc Chamberlin