|
Home > Archive > alt.os.linux > December 2002 > Re: PermissionProblems while mounting vfat!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: PermissionProblems while mounting vfat!
|
|
| Paul Lutus 2002-12-15, 4:25 pm |
| On Sun, 15 Dec 2002 20:06:32 +0100, TheGreatMie wrote:
> I'm using RedHat8 and I'm trying to mount a Windows98SE (vfat) partition.
> It all worked out well, but only root has the permission to write files...
> I changed the permissions with chmod to '777', but when I mounted it again,
> still only root was able to write files.
> The line FSTAB file looks like this:
>
> /dev/hda1 /mnt/windows vfat auto,users,rw,uid=500 0 0
>
> Who can help me out?
Tihs is asked every day.
/dev/hda1 /mnt/windows vfat auto,users,rw,uid=500,umask=0 0 0
--
Paul Lutus
http://www.arachnoid.com
| |
| Lenard 2002-12-15, 4:25 pm |
| begin virus.exe On Sun, 15 Dec 2002 20:06:32 +0100, TheGreatMie wrote:
> I'm using RedHat8 and I'm trying to mount a Windows98SE (vfat)
> partition. It all worked out well, but only root has the permission to
> write files... I changed the permissions with chmod to '777', but when I
> mounted it again, still only root was able to write files. The line
> FSTAB file looks like this:
>
> /dev/hda1 /mnt/windows vfat auto,users,rw,uid=500 0 0
>
> Who can help me out?
>
> thnx alot,
> Jaap
/dev/hda1 /mnt/windows vfat auto,users,rw,umask=0 0 0
| |
| Robert Newson 2002-12-15, 4:25 pm |
| TheGreatMie wrote:
> I'm using RedHat8 and I'm trying to mount a Windows98SE (vfat) partition.
> It all worked out well, but only root has the permission to write files...
> I changed the permissions with chmod to '777', but when I mounted it again,
> still only root was able to write files.
> The line FSTAB file looks like this:
>
> /dev/hda1 /mnt/windows vfat auto,users,rw,uid=500 0 0
Try:
/dev/hda1 /mnt/windows vfat uid=0,gid=499,umask=002 0 0
Then editing /etc/group (use 'vigr' as root), add to your groups:
vfat:x:499:<comma separated list of users allowed to write to vfat>
What the mount options mean:
uid=0 - make root 'own' the vfat files
gid=499 - put the files in group 499
umask=002 - make the files have access permission 'rwxrwxr-x'
You could just add ',umask=0' to the options in your current fstab entry,
but the version given above allows you to control those users allowed to
write into the 'doze partition - only those in the 'vfat' group can. [Use
any free group number instead of 499 if you want to.]
> Who can help me out?
>
> thnx alot,
> Jaap
| |
| Mike-UK 2002-12-15, 8:25 pm |
| On Sun, 15 Dec 2002, Robert Newson wrote:
> TheGreatMie wrote:
>
> > I'm using RedHat8 and I'm trying to mount a Windows98SE (vfat) partition.
> > It all worked out well, but only root has the permission to write files...
> > I changed the permissions with chmod to '777', but when I mounted it again,
> > still only root was able to write files.
> > The line FSTAB file looks like this:
> >
> > /dev/hda1 /mnt/windows vfat auto,users,rw,uid=500 0 0
>
>
> Try:
>
> /dev/hda1 /mnt/windows vfat uid=0,gid=499,umask=002 0 0
>
> Then editing /etc/group (use 'vigr' as root), add to your groups:
>
> vfat:x:499:<comma separated list of users allowed to write to vfat>
>
> What the mount options mean:
>
> uid=0 - make root 'own' the vfat files
> gid=499 - put the files in group 499
> umask=002 - make the files have access permission 'rwxrwxr-x'
>
STATUS="delurk"
I tried the above, (and the other suggestions) myself, but got something I
didn't quite want, ie: executable files on my vfat partition.
I seem to be doing ok with...
/dev/hda5 /home/vfat vfat uid=1001,gid=100,user,auto,rw 0 0
Is this something that may be of use?
--
Signature line applied for/in the post...
VectorLinux available at
http://ibiblio.org/vectorlinux
| |
| Mike-UK 2002-12-16, 6:24 pm |
| On Mon, 16 Dec 2002, Robert Newson wrote:
>
> You need the eXecute permission to be able to search directories, so try
> adding noexec:
>
> /dev/hda5 /home/vfat vfat uid=1001,gid=100,umask=002,noe
xec 0 0
>
>
> > I seem to be doing ok with...
> >
>
> > /dev/hda5 /home/vfat vfat uid=1001,gid=100,user,auto,rw 0 0
>
>
> Do you really want [non-root] users the ability to [u]mount the hard disk
> vfat partition ('user' option) after boot (the 'auto' option allows 'mount
> -a', as called during boot, to mount the fs)?
>
Not quite sure what you mean here. According to the man page I have
installed, the 'user' switch "implies the options noexec,nosuid,nodev"
unless overridden by counteracting switches like exec being written
specifically.
I had the idea the point was that the defined user could indeed mount,
unmount, read and write to the vfat partition? Obviously this needs a
little care in setting up as leaving the vfat open to anyone to read/write
is not really a good idea. I thought I'd figured out how to do this with
the above suggestion (this relies on the vfat mount-dir being owned by
the user account). Can you see a problem with this?
--
Signature line applied for/in the post...
VectorLinux available at
http://ibiblio.org/vectorlinux
| |
| Sybren Stuvel 2002-12-17, 3:25 pm |
| In alt.os.linux Mike-UK enlightened us with:
> Not quite sure what you mean here. According to the man page I have
> installed, the 'user' switch "implies the options noexec,nosuid,nodev"
> unless overridden by counteracting switches like exec being written
> specifically.
This is correct. The primary effect of "user" is that any user can
mount/unmount the partition. The implied effects as stated in the man
page are there to secure the partition. Without these, a user would for
instance be able to mount a CDROM with device-files on it with
world-writable permissions on them, and actually use these to erase data
etc.
> I had the idea the point was that the defined user could indeed mount,
> unmount, read and write to the vfat partition?
You're wrong - it has nothing to do with the ability to read & write the
partition.
> Obviously this needs a little care in setting up as leaving the vfat
> open to anyone to read/write is not really a good idea.
Indeed!
> I thought I'd figured out how to do this with the above suggestion
> (this relies on the vfat mount-dir being owned by the user account).
> Can you see a problem with this?
It simply won't work, because the owner/permissions of the mount point
are defined by the root of the mounted partition. See the 'uid', 'gid'
and 'umask' options in the man page of 'mount'.
Sybren
-- [colo
r=darkred]
>>> RUNNING A MICROSOFT GAME USING WINE <<<[/color]
sybren@sybren:Mechwarrior Mercenaries$ wine MW4Mercs.exe
INSTR_IDT_Emulate Evil attempt to exploit win9x system security flaws detected
INSTR_IDT_Emulate UNIX system security is too strong, can't emulate properly
| |
| Robert Newson 2002-12-17, 11:25 pm |
| Mike-UK wrote:
> On Mon, 16 Dec 2002, Robert Newson wrote:
>
>>You need the eXecute permission to be able to search directories, so try
>>adding noexec:
>>
>>/dev/hda5 /home/vfat vfat uid=1001,gid=100,umask=002,noe
xec 0 0
>>
>>>I seem to be doing ok with...
>>>
>>>/dev/hda5 /home/vfat vfat uid=1001,gid=100,user,auto,rw 0 0
>>
>>Do you really want [non-root] users the ability to [u]mount the hard disk
>>vfat partition ('user' option) after boot (the 'auto' option allows 'mount
>>-a', as called during boot, to mount the fs)?
>
> Not quite sure what you mean here. According to the man page I have
> installed, the 'user' switch "implies the options noexec,nosuid,nodev"
> unless overridden by counteracting switches like exec being written
> specifically.
>
> I had the idea the point was that the defined user could indeed mount,
> unmount, read and write to the vfat partition? Obviously this needs a
> little care in setting up as leaving the vfat open to anyone to read/write
> is not really a good idea. I thought I'd figured out how to do this with
> the above suggestion (this relies on the vfat mount-dir being owned by
> the user account). Can you see a problem with this?
If any user can [u]mount the vfat partition, then when mounting unless
specified, the 'umask=' comes from the current process. If they set
'umask=0' in their current process, they wil have 'rwxrwxrwx' on all files
(and with no sticky bit available, full deletion rights for all the
files/directories on the vfat disk?):
$ man mount
....
Mount options for fat
....
umask=value
Set the umask (the bitmask of the permissions that
are not present). The default is the umask of the
current process. The value is given in octal.
So setting 'uid=' and 'gid=' will have no effect as they can set world
'rwx'. The safest way to protect your [online] vfat (I can see) is to only
let root mount it with specific 'uid=', 'gid=' and 'umask=' making it only
owner/group writable and adding those users permitted write access to the
specific group - that's why I leave it as owned by root ('uid=0'): as a
reminder.
I personally would only use 'user' for removable media (floppies, etc) where
it makes sense (if the user doesn't remove their media, that's their
problem..., plus 'noexec' is a must in case they deliberately don't remove
their media); only allowing root to [u]mount non-removable (HDs, etc), where
the disk is 'shared'.
| |
| Charles Sullivan 2002-12-18, 10:25 am |
| On Sun, 15 Dec 2002 20:37:18 -0500, Mike-UK wrote:
> On Sun, 15 Dec 2002, Robert Newson wrote:
>
>> TheGreatMie wrote:
>>
>> > I'm using RedHat8 and I'm trying to mount a Windows98SE (vfat)
>> > partition. It all worked out well, but only root has the permission
>> > to write files... I changed the permissions with chmod to '777', but
>> > when I mounted it again, still only root was able to write files. The
>> > line FSTAB file looks like this:
>> >
>> > /dev/hda1 /mnt/windows vfat auto,users,rw,uid=500 0 0
>>
>>
>> Try:
>>
>> /dev/hda1 /mnt/windows vfat uid=0,gid=499,umask=002 0 0
>>
>> Then editing /etc/group (use 'vigr' as root), add to your groups:
>>
>> vfat:x:499:<comma separated list of users allowed to write to vfat>
>>
>> What the mount options mean:
>>
>> uid=0 - make root 'own' the vfat files gid=499 - put the files in
>> group 499 umask=002 - make the files have access permission 'rwxrwxr-x'
>>
>>
> STATUS="delurk"
>
> I tried the above, (and the other suggestions) myself, but got something
> I didn't quite want, ie: executable files on my vfat partition.
Are the files really executable, or are they just displayed that way
when you run 'ls'? The exec/noexec mount options actually do work, but with
newer kernels all vfat files are displayed as executable regardless of whether
they are or not.
I test this by copying the following Linux script to my vfat partition and
attempting to run it from there.
--------------------
#! /bin/bash
echo "Executing test script"
--------------------
|
|
|
|
|