User privileges and permissions!

T

teo

Hello

Does anyone know how to proceed to give permissions and privileges to the user and his group ? As the image shows, some things are padlocked, and you can not give permissions graphically, because it is inactive and does not allow to run as a user.

The external device (usb memory) is displayed automatically mounted in that folder (nautilus) in the path of the /media/da0s1 file, and it is operating as owner which is equal to root.
 

Attachments

  • screen.png
    screen.png
    157.8 KB · Views: 223
What filesystem is on that stick? This is important because filesystems like FAT don't have a way to set permissions (filesystem doesn't support that). So you will need to mount it with the correct "top-level" permissions.
 
Don't you have to add your user(s) to group "operator" and adding a rule in /etc/devfs.rules
incl. an entry in rc.conf and sysctl.conf?

docs.freebsd.org

Chapter 20. Storage

This chapter covers the use of disks and storage media in FreeBSD. This includes SCSI and IDE disks, CD and DVD media, memory-backed disks, and USB storage devices.
docs.freebsd.org docs.freebsd.org
 
SirDice said:
What filesystem is on that stick? This is important because filesystems like FAT don't have a way to set permissions (filesystem doesn't support that). So you will need to mount it with the correct "top-level" permissions.
Click to expand...
The USB memory stick is FAT 32

Zvoni said:
Don't you have to add your user(s) to group "operator" and adding a rule in /etc/devfs.rules
incl. an entry in rc.conf and sysctl.conf?
Click to expand...
I already did those procedures after adding the user account to wheel and operator groups in the creation, and give permissions in this way (if I am not wrong) to the user as operator, example:

Mounting devices or others:

# pw groupmod wheel -m der
# pw groupmod operator -m der

For the /etc/devfs.rules file, I did add this:

# vi /etc/devfs.rules
Code: 
[system=10]
add path 'ugen*'  mode 0660 group operator
add path 'cuaU*'  mode 0660 group operator
add path 'uhid*'  mode 0660 group operator
add path 'usbctl*'  mode 0660 group operator
add path 'usb/*'  mode 0660 group operator
add path 'video*'  mode 0660 group operator
add path 'ng_ubt*'  mode 0660 group operator
add path 'cd*'  mode 0660 group operator
add path 'da*'  mode 0660 group operator
add path 'pass*'  mode 0660 group operator
add path 'xpt*'  mode 0660 group operator
add path 'unlpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'lpt*' mode 0660 group cups

For the /etc/sysctl.conf file:

# vi /etc/sysctl.conf
Code: 
vfs.usermount=1

For the /etc/rc.conf file:

# vi /etc/rc.conf
Code: 
devfs_system_ruleset="system"

Is there anything else I need to do ?
 
There are some pretty hacky workarounds that I've been using from time to time:
Code: 
# mkdir /mnt/usb
# chown  user:user /mnt/usb
# chmod 777 /mnt/usb
# mount -t msdosfs /dev/da0s1 /mnt/usb
Not the best way to do things, this is a really crude workaround, but worked reliably for me. After those 4 commands (done as root), the regular user can access the USB stick from Nautilus and Dolphin, and even delete files, if need be. ?
 
teo said:
The external device (usb memory) is displayed automatically mounted in that folder (nautilus) in the path of the /media/da0s1 file, and it is operating as owner
Click to expand...
In the image it says for "da0s1 Properties" "You are not the owner, ..." (see bottom right). The owner is shown in the "Permissions" tab as "Charlie". Who is "Charlie" owning /media/da0s1?

Also, how is the USB stick mounted? Please show command or service.
 
astyle said:
There are some pretty hacky workarounds that I've been using from time to time:
Code: 
# mkdir /mnt/usb
# chown  user:user /mnt/usb
# chmod 777 /mnt/usb
# mount -t msdosfs /dev/da0s1 /mnt/usb
Not the best way to do things, this is a really crude workaround, but worked reliably for me. After those 4 commands (done as root), the regular user can access the USB stick from Nautilus and Dolphin, and even delete files, if need be. ?
Click to expand...
With that method of yours, you are creating another path for the device that is automatically mounted by default from the /media/da0s1 file.

T-Daemon said:
In the image it says for "da0s1 Properties" "You are not the owner, ..." (see bottom right). The owner is shown in the "Permissions" tab as "Charlie". Who is "Charlie" owning /media/da0s1?

Also, how is the USB stick mounted? Please show command or service.
Click to expand...

It is the name (Charlie & ) that is automatically generated by the standard system running as the root system, and displayed in the desktop environment entering root mode. But the user is not running on the root system, so the external device automatically mounts in that folder of the path mentioned above, and that the user has no privileges or permissions to run in the properties of that folder (nautilus) of the da0s1 file that visualized the contents of the device.



The mount points of the da0s1 file are displayed as follows:

$ ls -l /dev/da*
Code: 
crw-rw----  1 root  operator  0x77 Nov 12 21:14 /dev/da0
crw-rw----  1 root  operator  0x78 Nov 12 21:14 /dev/da0s1
$

And to view the group properties, you will notice that the user has no privileges or permissions as operator in the properties of the system root directories such as /home, /media or /dev and /mnt...

$ ls -l /
Code: 
total 65
-r--r--r--   1 root      wheel  6109 Apr  9  2021 COPYRIGHT
drwxr-xr-x   2 root      wheel  1024 Nov  8 22:34 bin
drwxr-xr-x  15 root      wheel  1536 Nov 12 19:30 boot
dr-xr-xr-x  17 root      wheel   512 Nov 12 21:13 dev
-rw-------   1 root      wheel  4096 Nov 12 21:13 entropy
drwxr-xr-x  27 root      wheel  2560 Nov 10 03:04 etc
lrwxr-xr-x   1 root      wheel     8 Nov  8 22:32 home -> usr/home
drwxr-xr-x   5 root      wheel  2048 Nov  8 22:34 lib
drwxr-xr-x   3 root      wheel   512 Apr  9  2021 libexec
drwxr-xr-x   4 root      wheel   512 Nov 12 13:49 media
drwxr-xr-x   2 root      wheel   512 Apr  9  2021 mnt
drwxr-xr-x   3 root      wheel   512 Nov 12 21:13 net
dr-xr-xr-x   1 root      wheel     0 Nov 12 21:33 proc
drwxr-xr-x   2 root      wheel  2560 Nov  8 22:34 rescue
drwxrwx---   6 operator  der     512 Nov 10 13:52 root
drwxr-xr-x   2 root      wheel  2560 Nov  9 19:09 sbin
lrwxr-xr-x   1 root      wheel    11 Apr  9  2021 sys -> usr/src/sys
drwxrwxrwt   7 root      wheel   512 Nov 12 21:33 tmp
drwxr-xr-x  15 root      wheel   512 Nov  8 22:32 usr
drwxr-xr-x  25 root      wheel   512 Nov 12 21:13 var
$

Correct me if I am wrong by looking at the output given by the command.
 
teo said:
... the device that is automatically mounted by default from the /media/da0s1 ...
Click to expand...
We need to know which utility and eventually its service is used to automatically mount the external device. Please execute mount | grep da1s1.

As SirDice already mentioned in post #2, to mount a FAT file system with read or read/write permissions for other users than the user mounting, it needs to be mounted by the utility used with the correct (top-level) permissions.

teo said:
The mount points of the da0s1 file are displayed as follows:
Code: 
crw-rw---- 1 root operator 0x78 Nov 12 21:14 /dev/da0s1
Click to expand...
What are the permissions, owner and group of directory /media/da1s1/: ls -ld /media/da1s1 ?

teo said:
And to view the group properties, you will notice that the user has no privileges or permissions as operator in the properties of the system root directories such as /home, /media or /dev and /mnt...
Click to expand...
It doesn't have to. Decisive is what permissions the directory has on which the USB stick, more precisely, the partition is mounted to (/media/da1s1 in this case). Those permissions, and also owner and group, are determined by the utility and eventually user mounting.

The system has unusual configurations. Why are the owner and group of /root changed to operator der?
teo said:
$ ls -l /
drwxrwx--- 6 operator der 512 Nov 10 13:52 root
Click to expand...
 
T-Daemon said:
We need to know which utility and eventually its service is used to automatically mount the external device. Please execute mount | grep da1s1.
Click to expand...
When executing this command:


:/media $ mount | grep da1s1
;/media $ ls -la
Code: 
total 44
drwxr-xr-x   4 root  wheel    512 Nov 12 13:49 .
drwxr-xr-x  19 root  wheel   1024 Nov 13 11:54 ..
drwxr-xr-x   2 der   wheel    512 Nov  9 00:53 TOSHIBA_TransMemory_001CC0C60DDAECC0C32601BB_s1
drwxrwxr-x   1 root  wheel  32768 Jan  1  1980 da0s1
$

T-Daemon said:
What are the permissions, owner and group of directory /media/da1s1/: ls -ld /media/da1s1 ?
Click to expand...

In the image published at the beginning, you will see in the properties of the folder (nautilus) generated by the system when mounting automatically the dispositive the permissions that the root system owner and its wheel group have to
execute/read/write, while the user does not have permissions as operator and this disabled in mode graphic for change manualy as user.


T-Daemon said:
The system has unusual configurations. Why are the owner and group of /root changed
to operator der?
Click to expand...

I don't know, I'm not clear on that, with creating accounts for the user and group, and granting permissions for device mounting through those commands mentioned at the beginning, is the result of the configuration.
 
grahamperrin said:
service -e | sort
Click to expand...
/media $ service -e | sort
Code: 
/etc/rc.d/automount
/etc/rc.d/automountd
/etc/rc.d/autounmountd
/etc/rc.d/bgfsck
/etc/rc.d/cleanvar
/etc/rc.d/cron
/etc/rc.d/devd
/etc/rc.d/devmatch
/etc/rc.d/dmesg
/etc/rc.d/gptboot
/etc/rc.d/hostid
/etc/rc.d/hostid_save
/etc/rc.d/ip6addrctl
/etc/rc.d/kldxref
/etc/rc.d/mixer
/etc/rc.d/motd
/etc/rc.d/moused
/etc/rc.d/netif
/etc/rc.d/newsyslog
/etc/rc.d/ntpdate
/etc/rc.d/os-release
/etc/rc.d/rctl
/etc/rc.d/resolv
/etc/rc.d/savecore
/etc/rc.d/sendmail
/etc/rc.d/sshd
/etc/rc.d/syslogd
/etc/rc.d/virecover
/usr/local/etc/rc.d/dbus
:/media $
 
Thanks.

<https://www.freebsd.org/cgi/man.cgi?query=automount&sektion=8&manpath=FreeBSD>

The solution at <https://forums.freebsd.org/posts/476550> involved use of sysutils/automount (not to be confused with the automount in FreeBSD). There's also discussion of devfs.

If I'm not mistaken, KDE Plasma allows me to mount things without difficulty – with suitable ownership – on demand, for example this mount point automatically created a few minutes ago:

Code: 
% ls -dhl /media/Freecom_Mobile_Drive_XXS_29251B141A00_p1
drwxr-xr-x  1 grahamperrin  wheel    16K  1 Jan  1980 /media/Freecom_Mobile_Drive_XXS_29251B141A00_p1
%

I could as easily set preferences in Plasma for things to mount automatically, but for a variety of reasons, I prefer to not automate mounts.

Other recent discussions of devfs(8) include page 2 of a topic about Intel graphics.
 
teo said:
In the image published at the beginning, you will see in the properties of the folder (nautilus) generated by the system when mounting automatically the dispositive the permissions that the root system owner and its wheel group have to
execute/read/write, while the user does not have permissions as operator and this disabled in mode graphic for change manualy as user.
Click to expand...
Right, I lost track of information available.

teo said:
/etc/rc.d/automount
/etc/rc.d/automountd
/etc/rc.d/autounmountd
Click to expand...
Better use sysutils/automount based on devd(8). It works out of the box, without configuration, also grants users execution permission to umount(8) . If you decide to use this utility, to not interfere with automountd(8), disable all configurations made to work with automountd(8), in special in /boot/loader.conf (autofs_load) and /etc/rc.conf (autofs_enable).


If you insist on using automountd(8), set to /etc/auto_master read/write/execution permissions mode creation mask "070" (see chmod(1) for details) to the "wheel" group (or set mask for everybody: 777). The mode creation mask will be valid for FAT file system mounted with mount_msdosfs(8) only:
Code: 
/media                  -media            -nosuid,noatime,autoro,-m=770

To have read/write access to a FAT file system mounted by automountd(8) all the user needs is to be in the wheel group (unless the mask is set to 777, then the user doesn't have to be in a specific group). No configuration necessary in
- /etc/devfs.rules
- /etc/sysctl.conf (vfs.usermount=1)
- /etc/rc.conf (devfs_system_ruleset="system")
 
You must log in or register to reply here.
Back
Top