[arch-general] File permissions with udisks/udisk2 mounts

Leonid Isaev lisaev at umail.iu.edu
Fri Nov 23 14:12:57 EST 2012 

On Thu, 22 Nov 2012 22:31:10 +0000
Paul Marwick <paul.marwick at gmail.com> wrote:

> Curtis Shimamoto wrote:
> 
> > Have you tried manually mounting with something like:
> >
> > # mount -o exec /dev/whatever /mount/point
> >
> > I don't use udisks, but I use pmount and (I think) it automatically
> > mounts with the noexec option. I have never had a reason to try to get
> > around this, so I also cannot speak to whether or not working around it
> > is functional.
> 
> Thanks for the suggestion. I hadn't tried that, though I had tried 
> pmount with the -e flag, which should set executable permissions.

No, it shouldn't. Please consult the manpage and run pmount with --debug.
You'll see that the relevant output is
===============
You can change with the -c optionspawnv(): executing /bin/mount '/bin/mount'
'-t' 'vfat' '-o'
'nosuid,nodev,user,quiet,shortname=mixed,async,atime,exec,uid=1000,gid=100,umask=077,fmask=0177,dmask=0077,utf8,iocharset=iso8859-1'
'/dev/sdb1' '/media/...'
===============
Notice that fmask is (automatically) set 0177 because vfat/ntfs has a creepy
feature of having all files executable. If you are OK with that, use "pmount
--fmask 0077 --exec".

In any case, even with noexec and fmask=0177, calling
"bash /media/<dir>/<script>" still works, so you must be doing something
wrong...

> 
> Mounted as you suggest, the script is executable. :) It failed again, 
> but that was because I didn't have mtools installed, and was easy to 
> fix. Interesting that a manual mount worked where pmount and mount using 
> 'noauto' in /etc/fstab didn't.
> 
> >
> > But I figure if you do it manually, and specify exec, if it still
> > doesn't work, then you at least then know that it is not specific to any
> > of these automounting functions you use.
> >
> :) I guess it proves that it is down to udisks/polkit. I'd still like to 
> know how I can control the options set by them, but at least your 
> suggestion allows me to do what I need. Thanks again.
> 
> Paul.
> 



-- 
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20121123/61bd4d09/attachment.asc>

More information about the arch-general mailing list