[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop

Wed Jan 23 23:48:21 CST 2008

The problem is one of permissions. Only root can unmount a filesystem
in /etc/fstab, unless "user" is specified in the options. This would
probably work.

The problem though is it bypasses the design goal of HAL and user
mounting. That is, the HUMAN BEING responsible for inserting the media
should be the user which has the rights to mount and umount the media.
There are practical reasons for this.

If a user is mounting a flash device, the file system is most likely
going to be FAT32. FAT32 does not support Unix permissions, so the
permissions that are set on files has to be made up on the fly. The
owner and group should be set to the user who actually physically
inserted the device with intentions to use it. This is practical. If the
user inserts a removable device, he would not expect other users of his
system, which are perhaps SSH'd in, to be able to read or write to the
device.

Right now, at least in Gnome, this is not handled as good as it could
be. A process named gnome-volume-manager is responsible for acting on
the devices when they are inserted. There is no perfect mechanism to
identify which user should mount the device. Consequently it doesn't
work right when involving multiple users.

The plan is the introduction of ConsoleKit and PolicyKit. ConsoleKit is
a system level dbus daemon that keeps track of what user is responsible
for a given session: whether desktop or terminal; and which user or
users are responsible for the physical flash device. It does this by
basically keeping track of all logged in users. It can tell the system
"who is sitting at the desktop."

Second, PolicyKit can be used to grant permissions to that specific user
to mount a specific device, only when ConsoleKit claims he is
responsible for it. PolicyKit would enable the process escalation to run
the 'mount' command. PolicyKit would replace sudo at the desktop level.

Some of this is done. Some of it is working. RedHat appears to be the
driving force behind all of the various *Kits. In fact, everything you
see lately that is CamelCase, is RedHat's doing.

I believe Ubuntu hardy has recently adopted ConsoleKit. It is installed
by default on my machines at this point. Unsure about PolicyKit.

Anyways, all of this is designed to enable stuff to Just Work. The user
sitting at the console should be properly allowed to access local
devices, but users SSH'd into the same box should not be.

http://people.freedesktop.org/~mccann/doc/ConsoleKit/ConsoleKit.html
https://wiki.ubuntu.com/DesktopTeam/Specs/PolicyKitIntegration

On Wed, 2008-01-23 at 23:00 -0600, Chris Cox wrote:
> Well.. sort of.
> 
> You can put the persistent name of the filesystem partition
> into /etc/fstab with the mount point
> where you want it mounted and then make sure that in the mount options
> you have the word hotplug.  On openSUSE (and possibly others) there
> is a udev rule in /etc/udev/rules.d that calls a helper script
> called /lib/udev/mount.sh which looks for the hotplug word inside
> of the options and will automatically mount the filesystem
> 
> e.g. /etc/fstab
> 
> /dev/disk/by-id/usb-Sony_Sony_Camcorder_088D6004E5C6-part1  /sony auto hotplug 0 0
> 
> That way you can have devices automount even in runlevel 3.
> 
> Btw, in case you are wondering what happens to the old /media mount, seems
> that at least in openSUSE under KDE, it sees that the device is mounted
> already and just uses that.  However, since HAL wasn't utilized in
> the mounting process, HAL (the desktop) cannot unmount it... have to
> do that manually.  And of course in runlevel 3 you'd have to manually
> unmount it as well.
> 
> I'll have to explore HAL/D-BUS to see if there's anything that can ride
> the system level D-BUS even when not GUI so that desktops will
> be happier.
> 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss