[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing pmount in Debian / New plugdev group

Hi Marco!

Marco d'Itri [2004-11-09 19:32 +0100]:
> On Nov 09, Martin Pitt <martin@piware.de> wrote:
> > We solved (4) by introducing a new group called 'plugdev'. Every user
> > who is a member of this group can access hotpluggable devices (digital
> > cameras, USB drives etc.). pmount can only be executed by members of
> > this group (it is root:plugdev 750), hal runs in this group to be able
> > to detect file systems (but it does not run in 'disk'), and udev
> > assigns the 'plugdev' group to removable devices (static drives remain
> > in group 'disk').
> I'm not sure about what I should do as the udev maintainer. The default
> udev configuration does not really know for sure if a given device is
> removable.

Our /etc/udev/udev.rules has two new rules directly after the cdrom
and floppy rules:

# put removable IDE/SCSI devices into group 'plugdev' instead of 'disk'
BUS="scsi", KERNEL="sd[a-z]*", PROGRAM="/etc/udev/removable.sh %k", RESULT="1", NAME="%k", MODE="0660", GROUP="plugdev"
BUS="ide", KERNEL="hd[a-z]*", PROGRAM="/etc/udev/removable.sh %k", RESULT="1", NAME="%k", MODE="0660", GROUP="plugdev"

The removable.sh shell script (pasted below) returns whether a device
is actually removable by looking at the "removable" sysfs attribute.
However, this attribute was introduced in the kernel not before 2.6.8.
This is okay for Ubuntu since it ships with, and since even
Sarge ships with (at some architectures at least), Etch will
certainly use 2.6.8+ as standard kernel. BTW, I do not want to force
this solution into Sarge, it is too late in the release cycle for such
changes (pmount has an RC bug to prevent Sarge migration).

However, this udev modification is safe even on older kernels; the
script will always return 0 there, which effectively disables above
rules. If devices are not in the plugdev group, but rather in "disk",
the following features will not work:

- pmount will refuse to mount PCMCIA drives since they look like
  normal IDE adapters; mounting USB and FireWire devices will still
  work, though, because pmount then checks the sysfs ancestry for
  USB/FireWire nodes.

- Media checking will not work (e. g. hal will not recognize the
  insertion of a card into an USB card reader), because hal does not
  run in the "disk" group.

- hal will be unable to detect file systems and device labels on the
  removeable devices for the same reason (not being in "disk").

- Users will be unable to partition, format, and label their USB

So hal/pmount/g-v-m will still be able to mount USB sticks, USB hard
drives, iPods, and so on, but will lack some reasonably important


----------- /etc/udev/removable.sh -----------------------
#!/bin/sh -e

# print "1" if device $1 is removable, "0" otherwise.
# The "removable" attribute appeared in Linux 2.6.8; this script will always
# print "0" for earlier kernels.


if [ -e "$REMOVABLE" ]; then
    cat "$REMOVABLE"
    echo "0"
exit 0

Martin Pitt                       http://www.piware.de
Ubuntu Developer            http://www.ubuntulinux.org
Debian GNU/Linux Developer       http://www.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: