• Maths CO Docs
• Private
• Public
• Introduction: Use of this documentation

Changing the default gnome mount options (gnome-mount)

Keywords: gnome default mount options NTFS HAL gnome-mount VFAT HFS HFS+

Contents:

• NTFS default group and permissions
• Volumes are mounted noexec
  • Change the options for a given mount
  • Change the options for a Volume (for all future mounts)
• What are the system defaults
• More about lsdisk
• I want to complain!

Executive summary

This documents some of the ways (in sl5 and similar linux systems), to use the gnome-mount command to alter the way that Gnome will mount removable media.

NTFS default group and permissions

When an NTFS volume is mounted on the gnome desktop by HAL, it gets default permissions from the mount point downwards of UID:root 0700. To change the group (to match the right group) and alter the mask allow those in the group to read the files, run as the user:

gnome-mount -t -v -h /org/freedesktop/Hal/devices/volume_uuid_FA28A58D28A54A09 \
 --write-settings --mount-options "uid=$UID,gid=34407,umask=0027"

(replacing the 34407 with a suitable GID for that user), which will output something like:

gnome-mount 0.5
Writing settings for volume
hal udi:      /org/freedesktop/Hal/devices/volume_uuid_FA28A58D28A54A09
** (gnome-mount:2271): DEBUG: Writing to gconf directory \
 /system/storage/volumes/_org_freedesktop_Hal_devices_volume_uuid_FA28A58D28A54A09

and which will produce perms of uid:gid 0750 when the volume is next re-mounted and the same thereafter. The volume is identified by the UDI "volume_uuid_FA28A58D28A54A09" which is obtained by running:

~jp107/scripts/lsdisk -v 2

which will produce something like:

verb=2
Volume device=/dev/sdc1
 Volume UDI: /org/freedesktop/Hal/devices/volume_uuid_FA28A58D28A54A09
 Label=KINGSTON fstype=ntfs size=1998M
 Storage-info: bus=usb dev=/dev/sdc product="DT 101 II" serial=Kingston_DT_101_II_001CC0EC34F4F04016A7066D
  Storage UDI: /org/freedesktop/Hal/devices/storage_serial_Kingston_DT_101_II_001CC0EC34F4F04016A7066D

Of course, the volume has to be plugged in (althought not necessarily mounted) for this command to find it!

Volumes are mounted noexec

By default volumes (of all kinds) are mounted with options nodev,nosuid,noexec, obviously nosuid,nodev is a good idea but for some users noexec is a pain.

Note that this default does protect a gullable user from running random code on a disk that someone gave them so we probably don't want to change these defaults...

Change the options for a given mount

If you just want to run code once (or rarely) from a volume then changing the mount options after mounting is usually good enough.

To do this we can call gnome-mount with either the -d device or -h UDI options - and the device stuff is simpler to explain.

Here is a quick description based on one I recently sent to a user

gnome-mount is a command-line tool which uses the same interface (hal
in sl5) to manipulate disks that the desktop does.

To use gnome-mount to change optins for a disk you need to either give
it the 'device' or a Unique-Device-ID (UDI) of the volume. For changes
which last between mounts you need to use the UDI form.

For example I just plugged in a Flash drive which got mounted on
/media/KINGSTON, so I can see:

$ df -P /media/KINGSTON/
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/sdc1 1951200 790112 1161088 41% /media/KINGSTON

in this case the removable device was sdc1 but that will differ
depending on whether various names have already been used for other
removable devices.

$ echo "echo yes" > /media/KINGSTON/testit
$ chmod 755 /media/KINGSTON/testit
$ /media/KINGSTON/testit
-bash: /media/KINGSTON/testit: Permission denied

Now make it executable...

$ gnome-mount -d /dev/sdc1 --mount-options remount,exec
gnome-mount 0.5

And try running it:

$ /media/KINGSTON/testit
yes

But if I remove and re-attach the device, the permissions go back to
the default and we go back to:

$ /media/KINGSTON/testit
-bash: /media/KINGSTON/testit: Permission denied

But try that with an NTFS volume and you get an error because the fuse people don't seem to support remounting a volume!

Remember to play the game...

$ df -P /media/JSPtest1N/
Filesystem         1024-blocks      Used Available Capacity Mounted on
/dev/sdc1              1951456     34288   1917168       2% /media/JSPtest1N

So it is mounted from /dev/sdc1

$ echo "echo yes" > /media/JSPtest1N/testit
$ chmod 755 /media/JSPtest1N/testit 
$ /media/JSPtest1N/testit 
-bash: /media/JSPtest1N/testit: Permission denied

$ gnome-mount -n -t -d /dev/sdc1 --mount-options remount,exec 
gnome-mount 0.5
libhal-storage.c 1401 : INFO: called LIBHAL_FREE_DBUS_ERROR but dbusError was not set.

** (gnome-mount:13967): WARNING **: Mount failed for /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35
org.freedesktop.Hal.Device.Volume.UnknownFailure : Remounting is not supported at present.\
 You have to umount volume and then mount it once again. 


So we do that...

$ gnome-mount -n -t -d /dev/sdc1 -u                          
gnome-mount 0.5
libhal-storage.c 1401 : INFO: called LIBHAL_FREE_DBUS_ERROR but dbusError was not set.
Unmounted /dev/sdc1
$ gnome-mount -n -t -d /dev/sdc1 --mount-options exec
gnome-mount 0.5
libhal-storage.c 1401 : INFO: called LIBHAL_FREE_DBUS_ERROR but dbusError was not set.
Mounted /dev/sdc1 at "/media/JSPtest1N"

$ /media/JSPtest1N/testit 
yes

BUT now the ownerships and permissions etc now look wrong!

$ ls -al /media/JSPtest1N/testit 
-rwxrwxrwx 1 root root 9 Jun 16 20:45 /media/JSPtest1N/testit*

So actually we needed to pass uid= and umask= options:

$ gnome-mount -n -t -d /dev/sdc1 --mount-options exec,uid=$UID,umask=0077
gnome-mount 0.5
libhal-storage.c 1401 : INFO: called LIBHAL_FREE_DBUS_ERROR but dbusError was not set.
Mounted /dev/sdc1 at "/media/JSPtest1N"

Can we still run the code:

$ /media/JSPtest1N/testit 
yes

What about the permissions:

$ ls -al /media/JSPtest1N/testit 
-rwx------ 1 jp107 root 9 Jun 16 20:45 /media/JSPtest1N/testit*

Which is good enough for a quick test.

Change the options for a Volume (for all future mounts)

Now all this is fine for a one-off, but if you need to do this over and over, it will get very boring.

To change the options for future mounts you REALLY REALLY must use the -h UDI form, or it may not match the device next time you plug it in, and worse may match the WRONG device.

Use gnome-mount with the --write-settings option, to save them for all future sessions.

Here is an example for a user using a VFAT file-system

To make that permanent we need to know the file-system type since if
we set options we need to set them all (silly but true). This is a
VFAT disk, the default options are shortname=winnt,uid=,umask=0077 and
the

Now the UDI for this volume is
/org/freedesktop/Hal/devices/volume_uuid_2437_42D0 so I can set:

$ gnome-mount -h /org/freedesktop/Hal/devices/volume_uuid_2437_42D0 --write-settings \
  --mount-options "exec,shortname=winnt,uid=$UID,umask=0077"
gnome-mount 0.5
Writing settings for volume
hal udi: /org/freedesktop/Hal/devices/volume_uuid_2437_42D0

and then whenever that volume is mounted it will have the exec permissions.

And to undo this (set things back to the default for this volume):

$ gnome-mount -h /org/freedesktop/Hal/devices/volume_uuid_2437_42D0 --erase-settings
gnome-mount 0.5
Erasing settings for volume
hal udi: /org/freedesktop/Hal/devices/volume_uuid_2437_42D0

For an NTFS volume the default options are uid=,umask=0077 so a similar example use might be

$ ~jp107/scripts/lsdisk -v2
verb=2
Volume device=/dev/sdc1
 Volume UDI: /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35
 Label=JSPtest1N fstype=ntfs size=1998M
 Storage-info: bus=usb dev=/dev/sdc product="DT 101 II" serial=Kingston_DT_101_II_001CC0EC346EF040169D086F
  Storage UDI: /org/freedesktop/Hal/devices/storage_serial_Kingston_DT_101_II_001CC0EC346EF040169D086F
 Mounted: mountpoint=/media/JSPtest1N

$ gnome-mount -n -t -h /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35 --write-settings \
 --mount-options "exec,uid=$UID,umask=0077"
gnome-mount 0.5
Writing settings for volume
hal udi:      /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35

and again to remove the state use something like:

$ gnome-mount -n -t -h /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35 --erase-settings
gnome-mount 0.5
Erasing settings for volume
hal udi:      /org/freedesktop/Hal/devices/volume_uuid_76D22C65D22C2C35

What are the system defaults

If you are wondering, why don't we change the system defaults, we already have. The original defaults don't support NTFS or HFS volumes at all, and/or don't bother to set sane ownership (where that makes sense). You can read the file

/opt/ssetup/sl/5x/Config/desktop_tweaks/storage-options.DAMTP

For what we are currently setting - after various complaints from users. That directory also contains various other files with gconf settings which get loaded to set useful values/defaults (every night and during boot) based on complaints.

More about lsdisk

Note that I know that my lsdisk script doesn't generate the friendliest of output, though it is still probably better than telling people to read through /var/log/messages - especially since on most DAMTP machines the permissions mean that they can't read it...

lsdisk is a fairly simple piece of (python) code which walks the HAL device tree printing out information about disks and volumes - by default just removable ones.

I think it was the second (or third) piece of python I wrote, and the first to try to talk to HAL. Don't judge it too harshly!

$ ~jp107/scripts/lsdisk
Volume device=/dev/sdc1
 Label=KINGSTON fstype=vfat size=1998M
 Storage-info: bus=usb dev=/dev/sdc product="DT 101 II" serial=Kingston_DT_101_II_001CC0EC2F24F04016B606E6
 
$ ~jp107/scripts/lsdisk -v2
verb=2
Volume device=/dev/sdc1
 Volume UDI: /org/freedesktop/Hal/devices/volume_uuid_2437_42D0
 Label=KINGSTON fstype=vfat size=1998M
 Storage-info: bus=usb dev=/dev/sdc product="DT 101 II" serial=Kingston_DT_101_II_001CC0EC2F24F04016B606E6
  Storage UDI: /org/freedesktop/Hal/devices/storage_serial_Kingston_DT_101_II_001CC0EC2F24F04016B606E6

$ gnome-mount -ntp KINGSTON
gnome-mount 0.5
Resolved pseudonym "KINGSTON" -> /dev/sdc1
Mounted /dev/sdc1 at "/media/KINGSTON"
  
$ ~jp107/scripts/lsdisk -v2
verb=2
Volume device=/dev/sdc1
 Volume UDI: /org/freedesktop/Hal/devices/volume_uuid_2437_42D0
 Label=KINGSTON fstype=vfat size=1998M
 Storage-info: bus=usb dev=/dev/sdc product="DT 101 II" serial=Kingston_DT_101_II_001CC0EC2F24F04016B606E6
  Storage UDI: /org/freedesktop/Hal/devices/storage_serial_Kingston_DT_101_II_001CC0EC2F24F04016B606E6
 Mounted: mountpoint=/media/KINGSTON

$ gnome-mount -punt KINGSTON
gnome-mount 0.5
Resolved pseudonym "KINGSTON" -> /dev/sdc1
Unmounted /dev/sdc1

I want to complain!

This probably needs to be tidied up a lot! for any doco we expect users to read, and things will probably be completely different in sl6...

Complain to the usual address if anything in here seems to be wrong.

Written by John Sutton and Jon Peatfield