You are not logged in.
Hello everybody! ![]()
I have an external USB Toshiba hard drive with two partitions:
sdb
├─sdb1 crypto_LUKS
│ └─backup ext4 PrivateData
└─sdb2 ntfs PublicData As you can see the first partiion is ext4 and encrypted with LUKS. I use it for backups.
Now, the issue. I have a ASUS NUC with archlinux installed and two users: thewall (which is in sudoers) and pergolesi (which is not). When I try to unlock and mount the enrypted partition while logged as thewall, the mountpoint owner and group are wrong.
thewall:pergonuc ~ ▶ sudo /sbin/cryptsetup luksOpen /dev/disk/by-uuid/35a26e6* backup
Enter passphrase for /dev/disk/by-uuid/35a26e6*:
thewall:pergonuc ~ ▶ udisks --mount /dev/mapper/backup
Mounted /org/freedesktop/UDisks/devices/dm_2d1 at /media/PrivateData
thewall:pergonuc ~ ▶ ls -l /media
total 4.0K
drwx------ 8 pergolesi users 4.0K May 10 16:02 PrivateData/Same thing happens if I use mount.
I tried to write a udev rule:
thewall:pergonuc ~ ▶ cat /etc/udev/rules.d/85-backup.rules
KERNEL=="dm-1", SUBSYSTEM=="block", OWNER="thewall", GROUP="users"And I tested it:
thewall:pergonuc ~ ▶ sudo udevadm test $(udevadm info -q path -n /dev/dm-1) 2>&1
[sudo] password for root:
calling: test
version 219
This program is for debugging only, it does not run any program
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.
=== trie on-disk ===
tool version: 219
file size: 6687796 bytes
header size 80 bytes
strings 1715780 bytes
nodes 4971936 bytes
Load module index
timestamp of '/etc/systemd/network' changed
timestamp of '/usr/lib/systemd/network' changed
Parsed configuration file /usr/lib/systemd/network/99-default.link
Created link configuration context.
timestamp of '/etc/udev/rules.d' changed
Reading rules file: /usr/lib/udev/rules.d/10-dm.rules
Reading rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules
Reading rules file: /usr/lib/udev/rules.d/13-dm-disk.rules
Reading rules file: /usr/lib/udev/rules.d/40-hpet-permissions.rules
Reading rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules
Reading rules file: /usr/lib/udev/rules.d/42-usb-hid-pm.rules
Reading rules file: /usr/lib/udev/rules.d/50-udev-default.rules
Reading rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules
Reading rules file: /usr/lib/udev/rules.d/60-drm.rules
Reading rules file: /usr/lib/udev/rules.d/60-keyboard.rules
Reading rules file: /usr/lib/udev/rules.d/60-pcmcia.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-input.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-serial.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules
Reading rules file: /usr/lib/udev/rules.d/61-accelerometer.rules
Reading rules file: /usr/lib/udev/rules.d/61-gnome-bluetooth-rfkill.rules
Reading rules file: /usr/lib/udev/rules.d/61-gnome-settings-daemon-rfkill.rules
Reading rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs.rules
Reading rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules
Reading rules file: /usr/lib/udev/rules.d/69-cd-sensors.rules
Reading rules file: /usr/lib/udev/rules.d/69-dm-lvm-metad.rules
Reading rules file: /usr/lib/udev/rules.d/69-libmtp.rules
Reading rules file: /usr/lib/udev/rules.d/70-infrared.rules
Reading rules file: /usr/lib/udev/rules.d/70-mouse.rules
Reading rules file: /usr/lib/udev/rules.d/70-power-switch.rules
Reading rules file: /usr/lib/udev/rules.d/70-touchpad.rules
Reading rules file: /usr/lib/udev/rules.d/70-uaccess.rules
Reading rules file: /usr/lib/udev/rules.d/71-seat.rules
Reading rules file: /usr/lib/udev/rules.d/73-seat-late.rules
Reading rules file: /usr/lib/udev/rules.d/75-net-description.rules
Reading rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules
Reading rules file: /usr/lib/udev/rules.d/75-tty-description.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-cinterion-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-mtk-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-pcmcia-device-blacklist.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-platform-serial-whitelist.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-telit-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-usb-device-blacklist.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-usb-serial-adapters-greylist.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-nm-olpc-mesh.rules
Reading rules file: /usr/lib/udev/rules.d/78-sound-card.rules
Reading rules file: /usr/lib/udev/rules.d/80-drivers.rules
Reading rules file: /etc/udev/rules.d/80-iwlwifi.rules
Reading rules file: /usr/lib/udev/rules.d/80-libinput-device-groups.rules
Reading rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules
Reading rules file: /usr/lib/udev/rules.d/80-net-setup-link.rules
Reading rules file: /usr/lib/udev/rules.d/80-udisks.rules
Reading rules file: /usr/lib/udev/rules.d/80-udisks2.rules
Reading rules file: /etc/udev/rules.d/85-backup.rules
Reading rules file: /usr/lib/udev/rules.d/85-regulatory.rules
Reading rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules
Reading rules file: /usr/lib/udev/rules.d/90-libinput-model-quirks.rules
Reading rules file: /usr/lib/udev/rules.d/90-pulseaudio.rules
Reading rules file: /usr/lib/udev/rules.d/90-vconsole.rules
Reading rules file: /usr/lib/udev/rules.d/95-cd-devices.rules
Reading rules file: /usr/lib/udev/rules.d/95-dm-notify.rules
Reading rules file: /usr/lib/udev/rules.d/95-udev-late.rules
Reading rules file: /usr/lib/udev/rules.d/95-upower-csr.rules
Reading rules file: /usr/lib/udev/rules.d/95-upower-hid.rules
Reading rules file: /usr/lib/udev/rules.d/95-upower-wup.rules
Reading rules file: /usr/lib/udev/rules.d/99-systemd.rules
Reading rules file: /etc/udev/rules.d/uinput.rules
rules contain 196608 bytes tokens (16384 * 12 bytes), 27293 bytes strings
15075 strings (134241 bytes), 12762 de-duplicated (109262 bytes), 2314 trie nodes used
device 0x7fd3ff1d96c0 has devpath '/devices/virtual/block/dm-1'
device 0x7fd3ff1cea90 filled with db file data
LINK 'mapper/backup' /usr/lib/udev/rules.d/10-dm.rules:121
LINK 'disk/by-id/dm-name-backup' /usr/lib/udev/rules.d/13-dm-disk.rules:17
LINK 'disk/by-id/dm-uuid-CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup' /usr/lib/udev/rules.d/13-dm-disk.rules:18
IMPORT builtin 'blkid' /usr/lib/udev/rules.d/13-dm-disk.rules:23
probe /dev/dm-1 raid offset=0
LINK 'disk/by-uuid/f95bbfc7-b859-461a-a670-ddd572bafadc' /usr/lib/udev/rules.d/13-dm-disk.rules:25
LINK 'disk/by-label/PrivateData' /usr/lib/udev/rules.d/13-dm-disk.rules:26
GROUP 6 /usr/lib/udev/rules.d/50-udev-default.rules:52
OWNER 1002 /etc/udev/rules.d/85-backup.rules:1 # It looks like udev reads my rule
GROUP 100 /etc/udev/rules.d/85-backup.rules:1 # It looks like udev reads my rule
handling device node '/dev/dm-1', devnum=b254:1, mode=0660, uid=1002, gid=100
preserve permissions /dev/dm-1, 060660, uid=1002, gid=100
preserve already existing symlink '/dev/block/254:1' to '../dm-1'
found 'b254:1' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fdm-name-backup'
creating link '/dev/disk/by-id/dm-name-backup' to '/dev/dm-1'
preserve already existing symlink '/dev/disk/by-id/dm-name-backup' to '../../dm-1'
found 'b254:1' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fdm-uuid-CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup'
creating link '/dev/disk/by-id/dm-uuid-CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup' to '/dev/dm-1'
preserve already existing symlink '/dev/disk/by-id/dm-uuid-CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup' to '../../dm-1'
found 'b254:1' claiming '/run/udev/links/\x2fdisk\x2fby-label\x2fPrivateData'
creating link '/dev/disk/by-label/PrivateData' to '/dev/dm-1'
preserve already existing symlink '/dev/disk/by-label/PrivateData' to '../../dm-1'
found 'b254:1' claiming '/run/udev/links/\x2fdisk\x2fby-uuid\x2ff95bbfc7-b859-461a-a670-ddd572bafadc'
creating link '/dev/disk/by-uuid/f95bbfc7-b859-461a-a670-ddd572bafadc' to '/dev/dm-1'
preserve already existing symlink '/dev/disk/by-uuid/f95bbfc7-b859-461a-a670-ddd572bafadc' to '../../dm-1'
found 'b254:1' claiming '/run/udev/links/\x2fmapper\x2fbackup'
creating link '/dev/mapper/backup' to '/dev/dm-1'
preserve already existing symlink '/dev/mapper/backup' to '../dm-1'
created db file '/run/udev/data/b254:1' for '/devices/virtual/block/dm-1'
.ID_FS_TYPE_NEW=ext4
ACTION=add
DEVLINKS=/dev/disk/by-id/dm-name-backup /dev/disk/by-id/dm-uuid-CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup /dev/disk/by-label/PrivateData /dev/disk/by-uuid/f95bbfc7-b859-461a-a670-ddd572bafadc /dev/mapper/backup
DEVNAME=/dev/dm-1
DEVPATH=/devices/virtual/block/dm-1
DEVTYPE=disk
DM_ACTIVATION=1
DM_NAME=backup
DM_SUSPENDED=0
DM_UDEV_PRIMARY_SOURCE_FLAG=1
DM_UDEV_RULES_VSN=2
DM_UUID=CRYPT-LUKS1-35a26e65260a4eb28c66fb69a250d48c-backup
ID_FS_LABEL=PrivateData
ID_FS_LABEL_ENC=PrivateData
ID_FS_TYPE=ext4
ID_FS_USAGE=filesystem
ID_FS_UUID=f95bbfc7-b859-461a-a670-ddd572bafadc
ID_FS_UUID_ENC=f95bbfc7-b859-461a-a670-ddd572bafadc
ID_FS_VERSION=1.0
MAJOR=254
MINOR=1
SUBSYSTEM=block
TAGS=:systemd:
UDISKS_PRESENTATION_NOPOLICY=1
USEC_INITIALIZED=4618990911
Unload module index
Unloaded link configuration context.It looks like udev correctly reads my rule for the specified device, anyway the solution doesn't work and the partition is always mounted with wrong ownership.
I can workaround this by running this command on the mountpoint
sudo chown -R thewall:users /media/PrivateDataBut after a reboot permissions are wrong again.
Can anyone help me?
ps. I think the problem is that user pergolesi is logged in GNOME Shell and GDM or something else i f**king up udev...
Last edited by thewall (2015-05-19 15:37:20)
Offline
The owner and group of the mount point may be different from the owner and group of the filesystem root directory on the mounted disk, therefore, setting the owner of the mount point while the device is not mounted is not likely to succeed since the mount point and the associated owner and permissions will be masked by those of the filesystem root once the device is mounted. What is more, the kernel may potentially be somewhat displeased that you seize the mount points which usually should be owned by root (or am I wrong here?).
Did you try setting the user and group ID in the mount command like so (in this example assuming the uid and gid you want are both 1000)?
sudo mount /dev/mapper/backup /media/PrivateData -o uid=1000,gid=1000We are exactly the people our parents always warned us about.
Offline
The owner and group of the mount point may be different from the owner and group of the filesystem root directory on the mounted disk, therefore, setting the owner of the mount point while the device is not mounted is not likely to succeed since the mount point and the associated owner and permissions will be masked by those of the filesystem root once the device is mounted. What is more, the kernel may potentially be somewhat displeased that you seize the mount points which usually should be owned by root (or am I wrong here?).
Did you try setting the user and group ID in the mount command like so (in this example assuming the uid and gid you want are both 1000)?
sudo mount /dev/mapper/backup /media/PrivateData -o uid=1000,gid=1000
Hi, thanks for your answer.
That command will give you error, because you can't use that options on a ext4 partition, but only with NTFS or FAT.
Anyway, I was talking with a colleague this morning and I think I found the culprit.
The partition that causes the problem was created on my notebook with a user called thewall who has "uid=1000". Instead, on my NUC, user thewall has "uid=1002" and user pergolesi has "uid=1000". So, I think the partition is associated to uid=1000 and when I mount it on my NUC it gets owned by user pergolesi.
I'm gonna try to change uids on the NUC machine.
Offline
I solved my problem by changing user ids.
The partition owner is the partition creator and he is identified by his user id. So, in my case user thewall with uid=1000 created the partition on my NOTEBOOK. On my NUC (second machine) user thewall must have the same user id (1000) to have correct ownership of that partition.
Some useful commands to change user/group ids and to change permissions accordingly.
usermod -u <newuid> <username>
groupmod -g <newgid> <groupname>Thanks for the help. Bye ![]()
Offline