• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

mount permissions for external drives

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#1
I'm not sure why but I cannot mount external drives w/o using sudo...

Code:
sysctl vfs.usermount
vfs.usermount: 1
to /etc/sysctl.conf add
Code:
vfs.usermount=1

/etc/devfs.conf
Code:
own     da0    root:operator
perm    da0    0660
/etc/devfs.rules
Code:
[localrules=5]
add path 'da*' mode 0660 group operator
to /etc/rc.conf add
Code:
devfs_system_ruleset="localrules"
Code:
groups
username wheel operator
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#3
Did you chgrp the mountpoints to 'operator'?

Btw, I have serious doubts that it's a good idea to allow 'others' full r/w access to /dev/daX.
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#4
Did you chgrp the mountpoints to 'operator'?

Btw, I have serious doubts that it's a good idea to allow 'others' full r/w access to /dev/daX.
The /dev/da* looks like this with ls -l

Code:
ls -l /dev/da*
crw-r-----  1 root  operator  0x70 Jan 12 13:02 /dev/da0
crw-r-----  1 root  operator  0x76 Jan 12 13:02 /dev/da0s1
Does that look okay?
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#6
The group members cannot write to the device. Maybe this is not necessary if you only intend to mount things other than ZFS with -o r[o] option. But trying to mount r/w will fail without write rights.
chmod g+w /dev/da0*
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#7
The group members cannot write to the device. Maybe this is not necessary if you only intend to mount things other than ZFS with -o r[o] option. But trying to mount r/w will fail without write rights.
chmod g+w /dev/da0*
I did that and I am still getting operation not permitted when run as non root user.

Code:
ls -l /dev/da*
crw-rw----  1 root  operator  0x6b Jan 12 13:33 /dev/da0
after running
Code:
chmod g+w /dev/da0*
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#8
And how does look/mnt (or whatever you use as mount point)?
Is it also owned by group operator?
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#9
This is
Code:
ls -l /
-rw-r--r--   1 root  wheel         0 Jan 11 09:18 $
drwxr-xr-x   2 root  wheel        46 Dec 14 21:15 bin
drwxr-xr-x   9 root  wheel        57 Jan 12 13:17 boot
drwxr-xr-x   3 root  wheel         3 Nov 26 13:27 compat
-r--r--r--   1 root  wheel      6192 Nov 21 22:57 COPYRIGHT
dr-xr-xr-x   8 root  wheel       512 Jan 12 21:33 dev
-rw-------   1 root  wheel      4096 Jan 12 13:34 entropy
drwxr-xr-x  26 root  wheel       116 Jan 12 04:11 etc
lrwxr-xr-x   1 root  wheel         8 Nov 26 18:58 home -> usr/home
drwxr-xr-x   4 root  wheel        57 Dec 14 21:15 lib
drwxr-xr-x   3 root  wheel         7 Dec 14 21:16 libexec
drwxr-xr-x   2 root  wheel         2 Nov 21 22:55 media
drwxr-xr-x   2 root  wheel         2 Jan 12 03:40 mnt
-rw-------   1 root  wheel  16306176 Jan  8 15:29 mtpfs.core
drwxr-xr-x   2 root  wheel         2 Nov 21 22:55 net
dr-xr-xr-x   2 root  wheel         2 Nov 21 22:55 proc
drwxr-xr-x   2 root  wheel       149 Dec 14 21:15 rescue
drwxr-xr-x  11 root  wheel        18 Jan 12 13:07 root
drwxr-xr-x   2 root  wheel       135 Dec 14 21:16 sbin
lrwxr-xr-x   1 root  wheel        11 Dec 14 21:14 sys -> usr/src/sys
drwxrwxrwt  11 root  wheel        37 Jan 12 19:42 tmp
drwxr-xr-x  16 root  wheel        16 Nov 26 19:04 usr
drwxr-xr-x  25 root  wheel        25 Jan 12 21:34 var
drwxr-xr-x   3 root  wheel         3 Dec 12 19:20 zroot
Code:
% groups
username wheel operator
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#10
If you want to user mount on /mnt, it would probably be helpful to have it also group operator and group-writable.
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#13
chgrp operator /mnt
chmod g+w /mnt
I am not sure what's going on but none of that is working. Maybe my permissions are all messed up.

Code:
:~ % ls -l /dev/da0*
crw-rw----  1 root  operator  0x73 Jan 12 20:33 /dev/da0
crw-rw----  1 root  operator  0x74 Jan 12 20:33 /dev/da0s1
:~ % ls -l / | grep mnt
drwxrwxr-x   2 root  operator         2 Jan 12 03:40 mnt

Code:
:~ % mount_msdosfs /dev/da0s1 /mnt/
mount_msdosfs: /dev/da0s1: Operation not permitted
Code:
 :~% sudo mount_msdosfs /dev/da0s1 /mnt/
sudo mount_msdosfs /dev/da0s1 /mnt/
sudo can mount the drive, regular user cannot.
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#14
Theoretically it should work. For some reason it does not always.
You can try chown <yourusername> /mnt.
If that does not work, I have to apologize for my incompetence, as I must have missed something. Then we have to hope for some guru like SirDice or others to help.

Edit: I haven't tried yet to mount /something /mnt/. I always do use /mnt in this case, because /mnt denotes the directory, /mnt/ denotes its contents.
 

bookwormep

Active Member

Thanks: 39
Messages: 117

#15
I would offer only a small additional note, just trying to help here, /etc/devfs.rules
Code:
[localrules=10]
and that "mode 666", not "mode 0660"
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#16
I just looked at man devfs.rules.
If you make a localrule, you need to activate it explicitly.
But if you just add the
add path 'da*' mode 660 group operator
line, without a localrule, it should be active permanently.
I didn't find how to reload devfs rules, and I do not want to reboot just now, so I'll check it out later myself.

Edit: service devfs restart. But there is still something to do. As bookwormep said, mode 666 works. But I do not believe that this is a good way to solve this. There must be another way, too.
Edit 2: Yes. Add a devfs line with the group the user to be allowed mounting belongs to. Then it works with 660.
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#17
I just looked at man devfs.rules.
If you make a localrule, you need to activate it explicitly.
But if you just add the
add path 'da*' mode 660 group operator
line, without a localrule, it should be active permanently.
I didn't find how to reload devfs rules, and I do not want to reboot just now, so I'll check it out later myself.
I have been rebooting during this process and it is still not working.
I just reread the devfs.rules man page as well.

Based on that I updated my /etc/devfs.rules to look like this:

Code:
[localrules=10]
add path 'da*s*' mode 0660 group operator
I'd just like to add for clarity, this is the mount command that I am trying to run
Code:
~ % mount_msdosfs -L en_US.UTF-8 -D UTF-8 /dev/da0s1 /mnt/
Code:
~ % mount_msdosfs /dev/da0s1 /mnt/
Neither of those above commands work as a regular user.
They work as sudo though....

I would offer only a small additional note, just trying to help here, /etc/devfs.rules
Code:
[localrules=10]
and that "mode 666", not "mode 0660"
I tried that but that didn't work either.
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#18
See the edits in my last post.
It works with
Code:
add path 'da*' mode 660 group operator
add path 'da*' mode 660 group <myusergroup>
where <myusergroup> is the group the user belongs to (usually same name as username)
Edit: this is without localrules!
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#19
See the edits in my last post.
It works with
Code:
add path 'da*' mode 660 group operator
add path 'da*' mode 660 group <myusergroup>
where <myusergroup> is the group the user belongs to (usually same name as username)
Edit: this is without localrules!
something is definitely wrong with my setup.

Even with the above edits, I still get operation not permitted.

There's something seriously broken with my permissions.
 

Snurg

Aspiring Daemon

Thanks: 242
Messages: 698

#20
There was still one difference: I had
chown <myusername>:<myusername> /mnt
because this saved me from write permissions problems. Maybe this is what is still missing to make it work for you...
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#21
There was still one difference: I had
chown <myusername>:<myusername> /mnt
because this saved me from write permissions problems. Maybe this is what is still missing to make it work for you...
That works...
Why do I have to set the user and permission like that to get /mnt to work?
 

mrclksr

Active Member

Thanks: 100
Messages: 118

#22
I'd just like to add for clarity, this is the mount command that I am trying to run
Code:
~ % mount_msdosfs -L en_US.UTF-8 -D UTF-8 /dev/da0s1 /mnt/
If the module msdosfs_iconv is not loaded, mount_msdosfs tries to load it, but this not possible if you execute it as regular user.

As Snurg mentioned, make sure the mount point is owned by the user.

From mount_msdosfs(8):
This command is normally executed by mount(8) at boot
time, but can be used by any user to mount an MS-DOS file system on any
directory that they own (provided, of course, that they have appropriate
access to the device that contains the file system).
I'd recommend to create a mnt directory under ${HOME} or create a msdosfs (or any other name you prefer) directory under /media, followed by chown username /media/msdosfs
 

bcomputerguy

Active Member

Thanks: 15
Messages: 153

#23
If the module msdosfs_iconv is not loaded, mount_msdosfs tries to load it, but this not possible if you execute it as regular user.

As Snurg mentioned, make sure the mount point is owned by the user.

From mount_msdosfs(8):


I'd recommend to create a mnt directory under ${HOME} or create a msdosfs (or any other name you prefer) directory under /media, followed by chown username /media/msdosfs
A lot of those _msdos or windows file mounting commands require fuse or something similar.
Is it possible to have all these loaded through /etc/rc.conf or /boot/loader.conf

Would that avoid these types of issue?
 

Sensucht94

Active Member

Thanks: 144
Messages: 182

#24
For the /etc/devfs.rules
Code:
add path 'da[0-9]\*' mode 666
I have used this on my system.
Please notice that 'da[0-9]\*' applies the permission scheme only to nodes from 0 to 9, while 'da*' applies it to any. However, since I think nobody here's going to to plug more than 9 mass storage peripherals into his/her own computer at a time, this wouldn't make any difference, unless you use a USB port extender, and insert more than 9 usb/SD devices all at once, in which case, the the tenth would be read-only.
I would offer only a small additional note, just trying to help here, /etc/devfs.rules
Code:
[localrules=10]
the number specified in /etc/devfs.rules corresponds to the number ruleset you want to create, technically, it does not change anything, aside from the fact that each ruleset need its own unique number. More than 1 ruleset can be specified at a time inside /etc/devfs.rules (this comes in handy for example when needing to create a ruleset for a chroot env, a jail, a different user, a different mountpoint). Ruleset number can be specified with -s option and mount_point with -m. For instance:

devfs -m ~/jail/dev rule -s 5 applyset applies ruleset 5, to devices listed under jail's /dev directory.
To list a ruleset:
devfs rule -s 5 show

Now, if no ruleset is specified in /etc/rc.conf the rules applied at boot are the ones from /etc/defaults/devfs.rules. This file already takes ruleset numbers from 1 to 4. If a number between 1 and 4 is appended to any of the user's local ruleset in /etc/devfs.rules, the latter takes precedence and overrides the corresponding ruleset in /etc/defaults. If local rulesets are numbered higher than 4, and loaded in /etc/rc.conf, then local user's rules are merged with defaults.

and that "mode 666", not "mode 0660"
This actually gives read/write permission to "others": as long as the user belongs to the group which devices' ownership is granted to in /etc/devfs.conf, then this is shoudn't be needed

chgrp operator /mnt
chmod g+w /mnt
I'm almost sure this would be reset to default at the next boot no sooner devd is started, hence could be used only for the current session

If you make a localrule, you need to activate it explicitly
Snurg, OP stated he tried to do so the moment he opened the thread ;)

I didn't find how to reload devfs rules, and I do not want to reboot just now, so I'll check it out later myself.
I mentioned it above, but for a proper knowledge see devfs(8)
To apply my standard ruleset at boot (which is [localrules=5]) I have, in /etc/rc.conf:
Code:
devfs_load_ruleset="YES"
devfs_rulesets="/etc/devfs.rules"
devfs_system_ruleset="localrules"
To learn more, see rc.conf(5)...since it's a long man page, just type man rc.conf | less -Sip "rulesets"

If you want to user mount on /mnt, it would probably be helpful to have it also group operator and group-writable.
This is definitely true bcomputerguy, user needs ownership + read/write permissions for the mount point,
The suggestion Snurg gave to you:
chgrp operator /mnt
chmod g+w /mnt
is undoubtedly good. However, since you're experiencing problems, why don't you try to mount devices somewhere inside your $HOME first?
For example I'm used to mount things inside ~/Devices.

Finally please beware that, just basing on my experience, if file system to be mounted is slightly corrupted, you won't be able to mount it as standard user. A fsck, to dispel any doubt, wouldn't harm.
Speaking of the ls -l /dev/da* output you pasted above, for me it's appears ruleset is not being applied for some reason.

Side note: you'll need fuse only for EXT4, exFAT, NTFS and XFS