You are not logged in.
Pages: 1
Hello, I'm trying to make an NTFS partition mountable, unmountable, readable and writable by a user without sudo. Here's what I've tried so far...
setuid on the mount, umount and ntfs-3g binaries as root:
# chmod u+s /bin/mount
# chmod u+s /bin/umount
# chmod u+s /bin/ntfs-3g
I also tried this method on the ntfs-3g website, don't know if this makes any difference (it didn't for me)
# chown root $(which ntfs-3g)
# chmod 4755 $(which ntfs-3g)
And, when that didn't work, I tried this: (also on the ntfs-3g website)
# chown root.users $(which ntfs-3g)
# chmod 4750 $(which ntfs-3g)
Here is the relevant line from fstab:
/dev/sdb1 /media/data ntfs-3g users,uid=1000,gid=100,fmask=0113,dmask=0002 0 0
And, strangely enough, this partition can be UNMOUNTED with no hassle, and mounts/unmounts sucessfully with sudo.
As a side note, my ext3 partition is mountable and unmountable by user all the time with no problems, with this line:
/dev/sda3 /media/downloads ext3 users,defaults 0 0
I chowned /media to the user recursively. I'd chown the entire filesystem if I thought it would work.
# chown username:users -R /media
I modified policykit.conf and created a "polkitparser" as per this guide:
http://bbs.archlinux.org/viewtopic.php?id=65070
I edited sudoers to add:
username ALL=(ALL) NOPASSWD: /bin/ntfs-3g
username ALL=(ALL) NOPASSWD: /bin/mount
username ALL=(ALL) NOPASSWD: /bin/umount
The user is a member of the following groups: wheel video audio optical storage scanner power users policykit hal and dbus.
I think the problem is related to the ntfs-3g binary somehow , but I can't quite see what's wrong.
Edit: solved! I'll write it tomorrow when I'm not so tired.
Last edited by darkbeanies (2009-09-06 01:23:27)
Offline
Okay, I got it, I wrote it out again here so at least it will still exist somewhere when I destroy all the data on my disks with my newly escalated privileges...
1. Make a new /etc/PolicyKit/PolicyKit.conf containing this...
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/Pol … config.dtd">
<!-- See the manual page PolicyKit.conf(5) for file format -->
<config version="0.1">
<define_admin_auth user="NAME_OF_USER"/>
</config>
2. Create /etc/rc.d/polkitparser, made it executable and add it to daemons in rc.conf:
#!/bin/bash
# general config
. /etc/rc.conf
. /etc/rc.d/functions
stat_busy "Parsing groups for policykit handling"
export storage_users=$(cat /etc/group | grep -i storage | cut -d ':' -f 4 | sed 's/,/|/')
export power_users=$(cat /etc/group | grep -i power | cut -d ':' -f 4 | sed 's/,/|/')
stat_done
exit 0
3. My .xinitrc now starts with exec ck-launch-session (insert name of WindowManager), though I have no idea what this does, or whether it makes any difference.
4. Issued the following commands as root:
chown root.storage $(which ntfs-3g)
chmod 4750 $(which ntfs-3g)
5. User is member of wheel video audio optical storage power users policykit hal and dbus. I have no clue which of these are relevant.
6. Created this symbolic link, which I think makes all NTFS volumes writable. Or something. Obviously you need ntfs-3g.
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs
7. Added this to hal.conf:
<policy group="power">
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
</policy>
<policy group="storage">
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
</busconfig>
8. Setuid as root on the /bin/mount and bin/umount commands.
9. Delete all the entries from fstab and folders in /media which might clash with hal's behaviour. I removed everything from fstab except for the / partition and an ext3 data partition that seems to behave properly. The only thing in media is a folder for mounting the data partition.
10. /media was chowned to (USER_NAME)
11. Sudoers contains this:
username ALL=(ALL) NOPASSWD: /bin/ntfs-3g
username ALL=(ALL) NOPASSWD: /bin/mount
username ALL=(ALL) NOPASSWD: /bin/umount
12. Hoorah! Everything you plug into your computer can successfully be mounted and unmounted by (YOUR_USER_NAME), whether it be NTFS, USB, EXT3, CD or DVD! Well, maybe not a CD, but you could install thunar andthe thunar-volman package, for example, and then cd and dvd can be set to autoplay! Just like on a Bill Gates system!
13. Hopefully, some Linux veteran will see this and be so offended by the steps above that they will rewrite it with the pointless stuff removed. I wasn't taking any chances though!
14. I am ashamed to say, I spent at least ten minutes after I had done this just mounting and unmounting drives.......
Offline
Pages: 1