| 2006-03-26 |
FreeBSD (HOWTO) - Mount Privileges |
This Mini-HOWTO explains how, as a (FreeBSD) system administrator, you can selectively grant users the permission to mount and manipulate a floppy (or any other device), without having to add them as a member of the wheel group. This is basically a result of the notes I jotted down after I finally decided to figure out how to be able to perform mount operations on a filesystem device without having to go through the cycle of suing and chmoding. The method I explain may neither be the best one nor the most secure one, but it definitely solved my problem. I'll be using the floppy device /dev/fd0 as an example, the method should work for other devices as well.
Login as the super user to peform the following steps ..
1. Set vfs.usermount
To grant all users with the permission to mount/umount filesystem devices, you need to set the vfs.usermount kernel variable with sysctl. The sysctl(8) command is used to get or set kernel state. If you want to view the current value of this variable, you can use the following command.
% systcl -a | grep vfs.usermount
which will probably show that the value is set to 0, meaning that regular users are not allowed to use the mount operations. You can override this variable temporarily, for as long as the kernel is not shutdown, by using the following command.
% sysctl vfs.usermount=1
which will set vfs.usermount's value to 1. To set this variable everytime that FreeBSD is started, add the following line to /etc/sysctl.conf which holds the kernel state defaults.
vfs.usermount=1
2. Create the device group
As the next step, create a group, say floppy for /dev/fd0. Any user who needs access to /dev/fd0 will need to be a member of the floppy group. The steps to do so are ...
% pw group add floppy
% pw group mod floppy -M root,vivek
The first step creates the group floppy and the second one adds users root and vivek to that group.
3. Set device group/permissions in devfs.conf
Next, set the group/permissions for the device, by adding the following two lines into /etc/devfs.conf
own /dev/fd0 root:floppy
perm /dev/fd0 0660
The first line sets the owner of /dev/fd0 as root and group as floppy followed by the second line which sets the permissions to 0660 (rw-rw----).
Thats it. Restart FreeBSD and log in as a user, who is a member of the device group and you'll be able to mount the device and perform read/write operations. Note: that the user must have access rights to the the mount point. For example, just create any directory inside home and use it as the mount point.
vivek $ mkdir ~/floppy
vivek $ mount -t msdosfs /dev/fd0 ~/floppy |
|
