Re: Make Debian automount mount devices in read only

To: debian-user@lists.debian.org
Subject: Re: Make Debian automount mount devices in read only
From: Carles Pina i Estany <carles@pina.cat>
Date: Fri, 4 Mar 2022 00:19:48 +0100
Message-id: <[🔎] YiFNFINfzWS7u6fs@pina.cat>
In-reply-to: <[🔎] 20220303154959.GA4240@axis.corp>
References: <[🔎] YiCDmTN6PIB7m2no@pina.cat> <[🔎] 20220303154959.GA4240@axis.corp>

Hi,

I'm providing more information and answering my own question (for my
laptop's installation).

On Mar/03/2022, David Wright wrote:
> On Thu 03 Mar 2022 at 10:00:09 (+0100), Carles Pina i Estany wrote:
> > 
> > My desktop computer (Debian 11.2) auto-mounts USB devices (hard disks,
> > etc.)
> 
> That doesn't help a great deal because there are several automounters
> available in Debian.

You are right - I thought that this was dealt only via systemd nowadays
(with applications using it).

> > I would like the devices to be mounted in read only mode by default. I
> > will remount them in rw if I need to.
> > 
> > They are not in my /etc/fstab
> > 
> > I've been looking at udev configuration files, rules, etc. but I'm
> > unsure which is the best way to go.
> > 
> > Is anyone here a bit more familiar with udev, systemd, etc. let me know
> > of a good approach please? The current Debian (and for many versions)
> > worked so well for me that I haven't dealt with this kind of settings,
> > I don't know which is the right tool to setup or how they interact with
> > eachother in detail anymore :-)
> 
> With Debian, I would guess that systemd is the way to go, because it's
> probably best supported. You probably want to read pages such as:
> 
> https://www.freedesktop.org/software/systemd/man/systemd.automount.html
> https://www.freedesktop.org/software/systemd/man/systemd.mount.html

Thanks for the pointers

[...]

> I've only used udev for creating mountpoints, as I don't believe

I've ended up using udev

> in automounting. I write my own rules files from scratch (man udev),
> and there are copious examples in /lib/udev/rules.d/ to steal from.

[...]

> Of course if you use a DE then all bets are off because they may use
> their own automounting scheme, qv, or something given above.

In this case I use a DE (lxde). I haven't properly dealt with all the
chain of events but the file manager pcmanfm is the one asking for the
password of the new device (if the device had one) or even just to open
the device.

pcmanfm seems to use gvfs and gvfs uses udev.

I ended up writing a new udev.d rule:
carles@pinux:~$ cat /etc/udev/rules.d/99-carles-read-only.rules 
ENV{UDISKS_MOUNT_OPTIONS_DEFAULTS}="ro,noexec"
carles@pinux:~$ 

This was found here:
http://storaged.org/doc/udisks2-api/latest/mount_options.html

Doing this the file system is mounted in ro which is what I wanted.

While searching for this information I've also found some ways to
execute hdparm -r1 on the device. I had used in the past hdparm -r0/-r1
for similar cases.

Anyway, tomorrow I can plug the hard disks and they will be read only by
default which is what I wanted.

Thanks and apologies for the lack of information in the initial email.
As I said, for many years, lxde just mounts the devices without any
problems and I lost touch with which systems are doing what in this
respect.

Cheers,

-- 
Carles Pina i Estany
https://carles.pina.cat

Reply to:

References:
- Make Debian automount mount devices in read only
  - From: Carles Pina i Estany <carles@pina.cat>
- Re: Make Debian automount mount devices in read only
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Installing minimal command line system with netinst.iso
Next by Date: Re: What is z3fold and do I need it? (error: /usr/sbin/mkinitramfs: 12: /etc/initramfs-tools/conf.d/local.conf: z3fold: not found)
Previous by thread: Re: Make Debian automount mount devices in read only
Next by thread: What is z3fold and do I need it? (error: /usr/sbin/mkinitramfs: 12: /etc/initramfs-tools/conf.d/local.conf: z3fold: not found)
Index(es):
- Date
- Thread