HOWTO: mounting an USB device as normal non-root user in OpenBSD
- 1.1 Abstract
- 1.2 Read the mount man page
- 1.3 Determine the partition label
- 1.4 Create the node or directory serving as mount point.
- 1.5 Set sysctl ' kern.usermount' to '1'
- 1.6 Get read and write permissions for the 'sd0' device
- 1.7 Mount the disk as as normal non-root user
- 1.8 User mounting example with mount point under '/mnt'
1.1 Abstract
How reading the OpenBSD mount man page can help us in mounting devices as normal user without superuser powers, or without using 'sudo'. An external USB hard drive is used as example.
1.2 Read the mount man page
Code:
SYNOPSIS
mount [-Aadfruvw] [-t type]
mount [-dfrsuvw]
special |
nodemount [-dfruvw] [-o options] [-t type]
special nodeDESCRIPTION
The mount command invokes a file system specific program to prepare and
graft the
special device or remote node (rhost:path) on to the file sys-
tem tree at the point
node. If either
special or
node are not provided,
the appropriate information is taken from the fstab(5) file.
For disk partitions, the
special device must correspond to a partition
registered in the disklabel(5).
The system maintains a list of currently mounted file systems. If no ar-
guments are given to mount, this list is printed.
A mount point
node must be an existing directory for a mount to succeed
(except in the special case of /, of course). Only the superuser may
mount file systems unless
kern.usermount is nonzero (see sysctl(8)), the
special device is readable and writeable by the user attempting the
mount, and the mount point
node is owned by the user attempting the
mount.
So in short the requirements for mounting are:
- If ' special device' is a disk partition, it must have a label in supplied by the 'disklabel(5)' program.
- A node is an existing directory.
- Only if the sysctl kern.usermount is non-zero, a non-root user is allowed to mount.
- The special device is readable and writeable by the the user attempting the mount.
- The node, the directory used as mount point, must be readable and writeable by the the user attempting the mount.
1.3 Determine the partition label
After inserting an USB hard disk, we see the following in '/var/log/messages':
Code:
umass0 at uhub0 port 3 configuration 1 interface 0
umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:
SCSI0 0/direct fixed
sd0: 38154MB, 4864 cyl, 255 head, 63 sec, 512 bytes/sec, 78140160 sec total The USB disk is treated as a SCSI device with the sd driver. We check what 'fdisk' and 'disklabel' have to say about 'sd0'.
Code:
$ fdisk sd0Disk: sd0 geometry: 4864/255/63 [78140160 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
------------------------------------------------------------------------
*0: 0C 0 1 1 - 4863 254 63 [ 63: 78140097 ] Win95 FAT32L
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
$ disklabel sd0disklabel: warning, DOS partition table with no valid OpenBSD partition
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: 0M9AT00
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 4864
total sectors: 78140160
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0 # microseconds
track-to-track seek: 0 # microseconds
drivedata: 0
16 partitions:
# size offset fstype [fsize bsize cpg]
c: 78140160 0 unused 0 0
i: 78140097 63 MSDOS From this information we conclude that we have to use the 'sd0i' disklabel.
Code:
$ mount -t msdos /dev/sd0i node
1.4 Create the node or directory serving as mount point.
The simplest way is to create this directory in our home directory.
Code:
$ mkdir usb ; ls -ld usbdrwxr-xr-x 2 j65nko j65nko 512 Oct 14 00:44 usb
We are the owner of the directory and thus have read and write permission.
Another possibility is to have 'root' create a subdirectory under '/mnt'. and give us read and write permissions of that subdirectory.
After creating the node 'usb' we have all parameters for the 'mount' command:
Code:
$ mount -t msdos /dev/sd0i usb
1.5 Set sysctl ' kern.usermount' to '1'
Code:
$ sysctl -a | grep mountkern.usermount=0
[snip]
The current value is '0'. To set it to 1
Code:
# sysctl kern.usermount=1kern.usermount: 0 -> 1
This is a temporary measure, which will be lost on reboot. To have this enabled at boot time, edit the '/etc/sysctl.conf' file and add a line like this:
Code:
kern.usermount=1 # allow non-root users to mount devices.
1.6 Get read and write permissions for the 'sd0' device
We have a look at the 'sd0i' device:
Code:
$ ls -l /dev/sd0ibrw-r----- 1 root operator 4, 8 Sep 5 2007 /dev/sd0i
The easiest way is to join the 'operator' group and to give this group write permissions for 'sd0'.
We check this group:
Code:
# grep operator /etc/groupoperator:*:5:root
We add ourselves to the 'operator' group and for a change, check our membership with 'groupinfo' instead of 'grep'.
Code:
# usermod -G operator j65nko # groupinfo operatorname operator
passwd *
gid 5
members root j65nko
We are added to the 'operator' group.
As a beneficial side-effect, we also can 'shutdown' our computer as normal user.
Code:
$ ls -l $(which shutdown)-r-sr-x--- 1 root operator 192368 Aug 28 2007 /sbin/shutdown
Give the group read and write permissions:
Code:
$ sudo chmod g=rw /dev/sd0*$ ls -l /dev/sd0*brw-rw---- 1 root operator 4, 0 Sep 5 2007 /dev/sd0a
brw-rw---- 1 root operator 4, 1 Sep 5 2007 /dev/sd0b
brw-rw---- 1 root operator 4, 2 Sep 5 2007 /dev/sd0c
brw-rw---- 1 root operator 4, 3 Sep 5 2007 /dev/sd0d
brw-rw---- 1 root operator 4, 4 Sep 5 2007 /dev/sd0e
brw-rw---- 1 root operator 4, 5 Sep 5 2007 /dev/sd0f
brw-rw---- 1 root operator 4, 6 Sep 5 2007 /dev/sd0g
brw-rw---- 1 root operator 4, 7 Sep 5 2007 /dev/sd0h
brw-rw---- 1 root operator 4, 8 Sep 5 2007 /dev/sd0i
brw-rw---- 1 root operator 4, 9 Sep 5 2007 /dev/sd0j
brw-rw---- 1 root operator 4, 10 Sep 5 2007 /dev/sd0k
brw-rw---- 1 root operator 4, 11 Sep 5 2007 /dev/sd0l
brw-rw---- 1 root operator 4, 12 Sep 5 2007 /dev/sd0m
brw-rw---- 1 root operator 4, 13 Sep 5 2007 /dev/sd0n
brw-rw---- 1 root operator 4, 14 Sep 5 2007 /dev/sd0o
brw-rw---- 1 root operator 4, 15 Sep 5 2007 /dev/sd0p
Now members of the 'operator' group can read as well write to all labels of a 'sd0' device.
1.7 Mount the disk as as normal non-root user
Code:
$ mount /dev/sd0i usb$ mount/dev/wd0a on / type ffs (local, noatime, softdep)
/dev/sd0i on /home/j65nko/usb type msdos (local, nodev, nosuid, uid=1000, gid=1000)
You see that the OpenBSD 'mount' can infer the fileystem type from the disklabel. So we can omit the '-t msdos' option.
A peek inside:
Code:
$ ls -l usbdrwxr-xr-x 1 j65nko j65nko 32768 Oct 14 00:46 7.1
drwxr-xr-x 1 j65nko j65nko 32768 Sep 3 2007 AMD64
-rwxr-xr-x 1 j65nko j65nko 70 Sep 7 09:05 MD5
drwxr-xr-x 1 j65nko j65nko 32768 Nov 2 2006 bup
-rwxr-xr-x 1 j65nko j65nko 4788 Aug 20 2007 dmesg.amd64
-rwxr-xr-x 1 j65nko j65nko 362014720 Sep 7 09:04 hercules-j65nko-homedir.dump
drwxr-xr-x 1 j65nko j65nko 32768 Sep 8 2007 snap
-rwxr-xr-x 1 j65nko j65nko 914180 Sep 2 23:43 vmstat-html.xwd
-rwxr-xr-x 1 j65nko j65nko 673705 Sep 2 23:43 vmstat-xml.xwd
-rwxr-xr-x 1 j65nko j65nko 33718 Sep 23 22:48 yaconrep.tgz
Mission accomplished. We can do sudo-less mounts.
1.8 User mounting example with mount point under '/mnt'
The following transcript shows how to mount the OpenBSD root partition 'a' residing on the second hard disk 'wd1'.
Code:
# mkdir /mnt/j65nko && chown j65nko /mnt/j65nko# ls -ld /mnt/j65nko/drwxr-xr-x 2 j65nko wheel 512 Oct 22 22:30 /mnt/j65nko/
# exit$ mount -o ro /dev/wd1a /mnt/j65nko$ mount/dev/wd0a on / type ffs (local, noatime, softdep)
/dev/wd1a on /mnt/j65nko type ffs (local, nodev, nosuid, read-only)
$ cd /mnt/j65nko/$ ls -ldrwxr-xr-x 2 root wheel 512 Oct 20 21:09 altroot
drwxr-xr-x 2 root wheel 1024 Oct 20 21:13 bin
-r-xr-xr-x 1 root wheel 42388 Oct 22 03:20 boot
-rw-r--r-- 1 root wheel 7361204 Oct 22 03:19 bsd
-rw-r--r-- 1 root wheel 7475098 Oct 22 03:19 bsd.mp
-rw-r--r-- 1 root wheel 6354960 Oct 22 03:19 bsd.rd
drwxr-xr-x 3 root wheel 20992 Oct 22 19:23 dev
drwxr-xr-x 20 root wheel 2048 Oct 22 19:23 etc
drwxr-xr-x 3 root wheel 512 Oct 22 14:09 home
drwxr-xr-x 2 root wheel 512 Oct 20 21:09 mnt
drwx------ 2 root wheel 512 Oct 22 14:20 root
drwxr-xr-x 2 root wheel 1536 Oct 20 21:14 sbin
drwxr-xr-x 2 root wheel 512 Oct 20 21:09 stand
lrwxr-xr-x 1 root wheel 11 Oct 22 03:19 sys -> usr/src/sys
drwxrwxrwt 4 root wheel 512 Oct 22 19:23 tmp
drwxr-xr-x 17 root wheel 512 Oct 17 20:09 usr
drwxr-xr-x 23 root wheel 512 Oct 17 20:09 var
One of the reasons for opting for the read-only mount option:
Code:
$ ls -l /dev/wd1abrw-r----- 1 root operator 0, 16 Sep 5 2007 /dev/wd1a
You understand?