DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd October 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default HOWTO: mounting an USB device as normal non-root user in OpenBSD

HOWTO: mounting an USB device as normal non-root user in OpenBSD
  • 1.1 Abstract
  • 1.2 Read the mount man page
  • 1.3 Determine the partition label
  • 1.4 Create the node or directory serving as mount point.
  • 1.5 Set sysctl ' kern.usermount' to '1'
  • 1.6 Get read and write permissions for the 'sd0' device
  • 1.7 Mount the disk as as normal non-root user
  • 1.8 User mounting example with mount point under '/mnt'

1.1 Abstract

How reading the OpenBSD mount man page can help us in mounting devices as normal user without superuser powers, or without using 'sudo'. An external USB hard drive is used as example.


1.2 Read the mount man page

Code:
SYNOPSIS
     mount [-Aadfruvw] [-t type]
     mount [-dfrsuvw] special | node
     mount [-dfruvw] [-o options] [-t type] special node

DESCRIPTION
     The mount command invokes a file system specific program to prepare and
     graft the special device or remote node (rhost:path) on to the file sys-
     tem tree at the point node.  If either special or node are not provided,
     the appropriate information is taken from the fstab(5) file.

     For disk partitions, the special device must correspond to a partition
     registered in the disklabel(5).

     The system maintains a list of currently mounted file systems.  If no ar-
     guments are given to mount, this list is printed.

     A mount point node must be an existing directory for a mount to succeed
     (except in the special case of /, of course).  Only the superuser may
     mount file systems unless kern.usermount is nonzero (see sysctl(8)), the
     special device is readable and writeable by the user attempting the
     mount, and the mount point node is owned by the user attempting the
     mount.
So in short the requirements for mounting are:
  • If ' special device' is a disk partition, it must have a label in supplied by the 'disklabel(5)' program.

  • A node is an existing directory.

  • Only if the sysctl kern.usermount is non-zero, a non-root user is allowed to mount.

  • The special device is readable and writeable by the the user attempting the mount.

  • The node, the directory used as mount point, must be readable and writeable by the the user attempting the mount.


1.3 Determine the partition label

After inserting an USB hard disk, we see the following in '/var/log/messages':

Code:
umass0 at uhub0 port 3 configuration 1 interface 0
umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0: <HTS42404, 0M9AT00, MA2O> SCSI0 0/direct fixed
sd0: 38154MB, 4864 cyl, 255 head, 63 sec, 512 bytes/sec, 78140160 sec total
The USB disk is treated as a SCSI device with the sd driver. We check what 'fdisk' and 'disklabel' have to say about 'sd0'.

Code:
$ fdisk sd0
Disk: sd0       geometry: 4864/255/63 [78140160 Sectors]
Offset: 0       Signature: 0xAA55
          Starting         Ending        LBA Info:
 #: id      C   H  S -      C   H  S [       start:        size ]
------------------------------------------------------------------------
*0: 0C      0   1  1 -   4863 254 63 [          63:    78140097 ] Win95 FAT32L
 1: 00      0   0  0 -      0   0  0 [           0:           0 ] unused      
 2: 00      0   0  0 -      0   0  0 [           0:           0 ] unused      
 3: 00      0   0  0 -      0   0  0 [           0:           0 ] unused 

$ disklabel sd0
disklabel: warning, DOS partition table with no valid OpenBSD partition
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: 0M9AT00         
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 4864
total sectors: 78140160
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0           # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0 

16 partitions:
#                size           offset  fstype [fsize bsize  cpg]
  c:         78140160                0  unused      0     0      
  i:         78140097               63   MSDOS
From this information we conclude that we have to use the 'sd0i' disklabel.

Code:
$ mount -t msdos /dev/sd0i node

1.4 Create the node or directory serving as mount point.

The simplest way is to create this directory in our home directory.

Code:
$ mkdir usb ; ls -ld usb
drwxr-xr-x  2 j65nko  j65nko  512 Oct 14 00:44 usb
We are the owner of the directory and thus have read and write permission.
Another possibility is to have 'root' create a subdirectory under '/mnt'. and give us read and write permissions of that subdirectory.
After creating the node 'usb' we have all parameters for the 'mount' command:

Code:
$ mount -t msdos /dev/sd0i usb 

1.5 Set sysctl ' kern.usermount' to '1'

Code:
$ sysctl -a | grep mount
kern.usermount=0
[snip]
The current value is '0'. To set it to 1

Code:
# sysctl kern.usermount=1

kern.usermount: 0 -> 1
This is a temporary measure, which will be lost on reboot. To have this enabled at boot time, edit the '/etc/sysctl.conf' file and add a line like this:

Code:
kern.usermount=1	# allow non-root users to mount devices.

1.6 Get read and write permissions for the 'sd0' device

We have a look at the 'sd0i' device:

Code:
$ ls -l /dev/sd0i
brw-r-----  1 root  operator    4,   8 Sep  5  2007 /dev/sd0i
The easiest way is to join the 'operator' group and to give this group write permissions for 'sd0'.

We check this group:

Code:
# grep operator /etc/group
operator:*:5:root
We add ourselves to the 'operator' group and for a change, check our membership with 'groupinfo' instead of 'grep'.

Code:
# usermod -G operator j65nko 
# groupinfo operator
name    operator
passwd  *
gid     5
members root j65nko
We are added to the 'operator' group.

As a beneficial side-effect, we also can 'shutdown' our computer as normal user.

Code:
$ ls -l $(which shutdown)

-r-sr-x---  1 root  operator  192368 Aug 28  2007 /sbin/shutdown
Give the group read and write permissions:

Code:
$ sudo chmod g=rw /dev/sd0*
$ ls -l /dev/sd0*

brw-rw----  1 root  operator    4,   0 Sep  5  2007 /dev/sd0a
brw-rw----  1 root  operator    4,   1 Sep  5  2007 /dev/sd0b
brw-rw----  1 root  operator    4,   2 Sep  5  2007 /dev/sd0c
brw-rw----  1 root  operator    4,   3 Sep  5  2007 /dev/sd0d
brw-rw----  1 root  operator    4,   4 Sep  5  2007 /dev/sd0e
brw-rw----  1 root  operator    4,   5 Sep  5  2007 /dev/sd0f
brw-rw----  1 root  operator    4,   6 Sep  5  2007 /dev/sd0g
brw-rw----  1 root  operator    4,   7 Sep  5  2007 /dev/sd0h
brw-rw----  1 root  operator    4,   8 Sep  5  2007 /dev/sd0i
brw-rw----  1 root  operator    4,   9 Sep  5  2007 /dev/sd0j
brw-rw----  1 root  operator    4,  10 Sep  5  2007 /dev/sd0k
brw-rw----  1 root  operator    4,  11 Sep  5  2007 /dev/sd0l
brw-rw----  1 root  operator    4,  12 Sep  5  2007 /dev/sd0m
brw-rw----  1 root  operator    4,  13 Sep  5  2007 /dev/sd0n
brw-rw----  1 root  operator    4,  14 Sep  5  2007 /dev/sd0o
brw-rw----  1 root  operator    4,  15 Sep  5  2007 /dev/sd0p
Now members of the 'operator' group can read as well write to all labels of a 'sd0' device.


1.7 Mount the disk as as normal non-root user

Code:
$ mount /dev/sd0i usb
$ mount

/dev/wd0a on / type ffs (local, noatime, softdep)
/dev/sd0i on /home/j65nko/usb type msdos (local, nodev, nosuid, uid=1000, gid=1000)
You see that the OpenBSD 'mount' can infer the fileystem type from the disklabel. So we can omit the '-t msdos' option.

A peek inside:

Code:
$ ls -l usb
drwxr-xr-x  1 j65nko  j65nko      32768 Oct 14 00:46 7.1
drwxr-xr-x  1 j65nko  j65nko      32768 Sep  3  2007 AMD64
-rwxr-xr-x  1 j65nko  j65nko         70 Sep  7 09:05 MD5
drwxr-xr-x  1 j65nko  j65nko      32768 Nov  2  2006 bup
-rwxr-xr-x  1 j65nko  j65nko       4788 Aug 20  2007 dmesg.amd64
-rwxr-xr-x  1 j65nko  j65nko  362014720 Sep  7 09:04 hercules-j65nko-homedir.dump
drwxr-xr-x  1 j65nko  j65nko      32768 Sep  8  2007 snap
-rwxr-xr-x  1 j65nko  j65nko     914180 Sep  2 23:43 vmstat-html.xwd
-rwxr-xr-x  1 j65nko  j65nko     673705 Sep  2 23:43 vmstat-xml.xwd
-rwxr-xr-x  1 j65nko  j65nko      33718 Sep 23 22:48 yaconrep.tgz
Mission accomplished. We can do sudo-less mounts.


1.8 User mounting example with mount point under '/mnt'

The following transcript shows how to mount the OpenBSD root partition 'a' residing on the second hard disk 'wd1'.

Code:
# mkdir /mnt/j65nko && chown j65nko /mnt/j65nko
# ls -ld /mnt/j65nko/
drwxr-xr-x  2 j65nko  wheel  512 Oct 22 22:30 /mnt/j65nko/
# exit

$ mount -o ro /dev/wd1a /mnt/j65nko
$ mount

/dev/wd0a on / type ffs (local, noatime, softdep)
/dev/wd1a on /mnt/j65nko type ffs (local, nodev, nosuid, read-only)

$ cd /mnt/j65nko/
$ ls -l

drwxr-xr-x   2 root  wheel      512 Oct 20 21:09 altroot
drwxr-xr-x   2 root  wheel     1024 Oct 20 21:13 bin
-r-xr-xr-x   1 root  wheel    42388 Oct 22 03:20 boot
-rw-r--r--   1 root  wheel  7361204 Oct 22 03:19 bsd
-rw-r--r--   1 root  wheel  7475098 Oct 22 03:19 bsd.mp
-rw-r--r--   1 root  wheel  6354960 Oct 22 03:19 bsd.rd
drwxr-xr-x   3 root  wheel    20992 Oct 22 19:23 dev
drwxr-xr-x  20 root  wheel     2048 Oct 22 19:23 etc
drwxr-xr-x   3 root  wheel      512 Oct 22 14:09 home
drwxr-xr-x   2 root  wheel      512 Oct 20 21:09 mnt
drwx------   2 root  wheel      512 Oct 22 14:20 root
drwxr-xr-x   2 root  wheel     1536 Oct 20 21:14 sbin
drwxr-xr-x   2 root  wheel      512 Oct 20 21:09 stand
lrwxr-xr-x   1 root  wheel       11 Oct 22 03:19 sys -> usr/src/sys
drwxrwxrwt   4 root  wheel      512 Oct 22 19:23 tmp
drwxr-xr-x  17 root  wheel      512 Oct 17 20:09 usr
drwxr-xr-x  23 root  wheel      512 Oct 17 20:09 var
One of the reasons for opting for the read-only mount option:

Code:
$ ls -l /dev/wd1a
brw-r-----  1 root  operator    0,  16 Sep  5  2007 /dev/wd1a
You understand?

$Id: USBusermounting.xml,v 1.3 2008/10/23 00:23:08 j65nko Exp $
$Id: vbul-html.xsl,v 1.14 2008/09/12 03:44:16 j65nko Exp $
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 23rd October 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

The Howto in XHTML format.
Attached Files
File Type: html USBusermounting.html (15.8 KB, 452 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 23rd October 2008
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,056
Default

Quote:
Originally Posted by J65nko View Post
1.3 Determine the partition label

After inserting an USB hard disk, we see the following in '/var/log/messages':

Code:
umass0 at uhub0 port 3 configuration 1 interface 0
umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0: <HTS42404, 0M9AT00, MA2O> SCSI0 0/direct fixed
sd0: 38154MB, 4864 cyl, 255 head, 63 sec, 512 bytes/sec, 78140160 sec total
You may add info to use tail -f /var/log/messages to check new info in dmesg, in generall:

1.3.1 start tail -f ...
1.3.2 attach USB ...
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #4   (View Single Post)  
Old 23rd December 2008
JMJ_coder JMJ_coder is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 464
Default

Thanks for that helpful hint. I finally got user mounting to work on NetBSD. It works almost identically except for a few changes (aside from those you'll discover by following the commands here -- such as disklabel, my device is sd0e):

NetBSD changes

1) The user must own the point node where the device will be mounted, not just have read-write access.

2) The sysctl option is vfs.generic.usermount

3) The option flags -- nosuid and nodev -- must be given for non-superuser mounts.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14)
Reply With Quote
  #5   (View Single Post)  
Old 24th December 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Yes, just like in OpenBSD those things are clearly stated in the NetBSD man page for mount:
Code:
     In NetBSD, a file system can only be mounted by an ordinary user who owns
     the point node and has access to the special device (at least read per-
     missions).  Also, the vfs.generic.usermount sysctl(3) must be set to 1 to
     permit file system mounting by ordinary users, see sysctl(8).  Finally,
     the flags nosuid and nodev must be given for non-superuser mounts.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #6   (View Single Post)  
Old 18th September 2014
sacerdos_daemonis's Avatar
sacerdos_daemonis sacerdos_daemonis is offline
Real Name: Will forever be a secret.
Spam Deminer
 
Join Date: Sep 2014
Posts: 283
Default

Thanks for the guide. I was having a terrible time trying to mount USB storage devices. This guide saved my bacon.
Reply With Quote
  #7   (View Single Post)  
Old 20th May 2017
PapaParrot's Avatar
PapaParrot PapaParrot is offline
parrot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 472
Default

Well it was a good thread, but now it is outdated,... just now noticed and could not figure out
why something did not work,..
http://www.undeadly.org/cgi?action=a...20160715125022
Quote:
The facility for allowing non-root users to mount file systems has been removed from OpenBSD-current due to security concerns.

Specifically, the value of kern.usermount (as described in the mount(8) and sysctl(3) man pages) will be ignored in OpenBSD 6.0, and the kern.usermount system variable will be absent from later releases.
In the above link there are instructions, if one feels they must be able to do this.
__________________
My best friends are parrots
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mounting USB as a normal user rex FreeBSD General 23 5th March 2012 01:52 PM
How to Run K3B with normal user openBSD 4.4 mfaridi OpenBSD General 6 12th November 2008 10:25 PM
Wireshark not run in normal user mfaridi FreeBSD Ports and Packages 2 7th November 2008 09:49 PM
Mounting samba share as normal user rex FreeBSD General 4 27th October 2008 05:17 PM
command launched by normal user... maurobottone OpenBSD General 4 1st June 2008 03:45 AM


All times are GMT. The time now is 06:41 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick