External media mounts
Phillip Susi
psusi at ubuntu.com
Mon Mar 4 19:50:54 PST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For a long time we have been mounting external media with mount
options to make sure that the current interactive user ( if there is
one? ) is the owner of the files. It occurs to me that this has been
the wrong approach.
Take a step back and ask yourself whether external mounts really
should be associated with a particular user. I don't think they
should. If I have an external disk full of family photos and I plug
it in while logged in as me, then my wife comes and switches to her
user, why should she not have access to the disk? If she wanted to,
she could simply unplug and replug the disk, and then it would be
mounted under her uid, though obviously this is undesirable.
I think the mount should be accessible to whichever session is
currently active on the seat. I think this can be implemented using
bind mounts. First, instead of mounting in /run/$USER/$VOL and making
the files owned by $USER, we mount in /run/media/$SEAT/$VOL, and make
the files owned by nobody, with mode 777. /run/media would obviously
be root.root 770. The active session would bind mount
/run/media/$SEAT/$VOL to /media/$VOL, and when switching the active
session, all mounted volumes would be bind mounted to the new session.
This way if if I plug in the disk or happen to be the first person to
log in with it cold plugged, I have access to it, and when my wife
comes by and switches active sessions, she too has access. On the
other hand, she can't leave a rogue program running in the background
to gain access to a private disk that I plug in after switching to my
session, and unplug before leaving the computer or switching back to
her session.
Also even if someone else logs in with my uid on a remote session,
they won't have access to the disk, because that would be a different
seat.
This also of course, preserves the old and familiar /media mount point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQEcBAEBAgAGBQJRNWueAAoJEJrBOlT6nu75cRQH/32cz5f8fAppd4o37lVtF2iX
jrJJMjVKNtdN5TiPu3iSOnEuu/D0hHFRkGj0hNXbRltC30hksM6/PI2MGEDfKkx0
lB+CIzhR2My7qFb9cJJMDGKtsvDfZZBDeRbXa9KfZ1l4+G9gV5c0z2psBkHqj8Ki
7keflODctXVCTfRc1RggZ+Lg4pKRGfS0xfef+of4X3XFbj/A99jbGdssS0mteEVj
8eBxHJZZYmL3nOgCyOXQc0BBHSFT6IA52Tf+3GvSyBP6lS0bM6TNxXRxkqQL+10V
2nBlNMfHu1TunSWtE9Pqec36NVAYUeyFbYVmgOl/etuece9ZRfBMpmayioJdjcs=
=7El1
-----END PGP SIGNATURE-----
More information about the devkit-devel
mailing list