Mount a portable usb drive as normal user

[PapaParrot]

I did some searches, and found this
HOWTO: mounting an USB device as normal non-root user in OpenBSD
And it seems straight forward but I ran into something that confuses me.
Also reading 'man mount', but here is what is confusing me.

Quote:

1.5 Set sysctl ' kern.usermount' to '1'

Code:

$ sysctl -a | grep mount
kern.usermount=0
[snip]

The current value is '0'. To set it to 1

Code:

# sysctl kern.usermount=1

kern.usermount: 0 -> 1

This is a temporary measure, which will be lost on reboot. To have this enabled at boot time, edit the '/etc/sysctl.conf' file and add a line like this:

Code:

kern.usermount=1	# allow non-root users to mount devices.

There is no "/etc/sysctl.conf " on my system. So I tried creating a file "sysctl.conf",
and put the line in it, but that did not work.
I still get this error:

Code:

# sysctl kern.usermount=1
sysctl: second level name usermount in kern.usermount is invalid

It is no big deal, as root I have no problem mounting the device, and I can copy the contents, as a normal user, if I want to write to it I do need to be root though.
Thanks
Note: I am using OpenBsd 6.1 , new install.

Edited again,... Never mind I was doing more searches and found this:
http://www.undeadly.org/cgi?action=a...20160715125022

Quote:

Contributed by rueda on Fri Jul 15 12:37:31 2016 (GMT)
from the ain't-no-mountin' dept.

The facility for allowing non-root users to mount file systems has been removed from OpenBSD-current due to security concerns.

Specifically, the value of kern.usermount (as described in the mount(8) and sysctl(3) man pages) will be ignored in OpenBSD 6.0, and the kern.usermount system variable will be absent from later releases.

and it goes on to give a solution,

Quote:

If you really need users to be able to mount random things to random file systems, just edit /etc/doas.conf:

permit nopass :usermount cmd /sbin/mount

Then add a "usermount" group to /etc/group (or use groupadd(8) instead) and add all users you wish to allow mounting to the group.

Unlike kern.usermount this is more flexible.

It sounds like maybe I do not really want to do this now, anyway, because I do not want or need "users" to be able to mount random file systems , any way,...not in the way it sounds "random",.. I can mount what I want
as root, but and it is not "random", I know what I want to mount, and know what is in it.

[IdOp]

You could add only your own user, that you normally log in as, to the usermount group. That user would still be trusted by you, the same as root, and other users couldn't mount random things.

[e1-531g]

You can write script wrapping around mount(8). Argument would be device file. Script would validate whether this device is really a usb drive. If script would be non-writable for users (usermount group included), then even usermount group could not made it to mount random filesystems.

[PapaParrot]

Thanks for the extra information.
I am finding that even though I need to use su to mount the device,
I did create a node (directory), in my "home", as instructed in the link in my earlier post,
"HOWTO: mounting an USB device as normal non-root user in OpenBSD"

Quote:

1.4 Create the node or directory serving as mount point.

The simplest way is to create this directory in our home directory.

Code:

$ mkdir usb ; ls -ld usb
drwxr-xr-x  2 j65nko  j65nko  512 Oct 14 00:44 usb

We are the owner of the directory and thus have read and write permission.
Another possibility is to have 'root' create a subdirectory under '/mnt'. and give us read and write permissions of that subdirectory.
After creating the node 'usb' we have all parameters for the 'mount' command:

Code:

$ mount -t msdos /dev/sd0i usb

This works just fine, I can read / write, to it just fine as myself (normal user),
as long as I mount it to the directory in my home dir.
It just takes a couple of seconds to use su, and mount it, so that is no big deal.
After reading more in the manual, about adding a group, and "doas", "doas.conf", etc.
This seems easier and safer, to me then trying create the usermount group, and use a
"doas.conf" file, etc.... Thanks though for the feed back.
When I say safer,... I don't mean because of any risk of another user, or security,...
I mean safer, because there is more risk that I would "botch" something while trying
to add the group and create the .conf file,...all of that needs to be done as root, maybe
later I will try it on a VM, and when I feel more sure of what I am doing.
Thanks

[jggimi]

The recommendation from the Project is to provision doas.conf(5) and doas(1) to mount a filesystem.

For FAT (MS-DOS) filesystems, the owner of the mount point will set ownership of the files in the filesystem by default.

[PapaParrot]

Ok , thanks
Question, the "doas.conf" file , do I need to create it manually ? It does not yet exist on my system.
The manual 'man doas' and 'man doas.conf' do not seem to really say on that,
I figure I do need to create it.
----- edit ----
Ideally, the usb stick, or device would just mount, when I plug it in, but again, it is no big deal
to be mounting manually.
I like the option of mounting it in my 'home' directory, unfortunately the example in the
manual does not include this, or something similar.
thanks

[jggimi]

Quote:

Originally Posted by GarryR

I figure I do need to create it.

You may find /etc/examples/doas.conf will get you started.

Quote:

...would just mount, when I plug it in...

You may find hotplugd(8) to be helpful.

[PapaParrot]

Thanks, I will look at those