Thoughts about HAL, Ivman and Pmount.

Thu Oct 27 17:20:42 PDT 2005

On Thu, 27 Oct 2005 15:09:04 -0400
Martin Pitt <martin at piware.de> wrote:

> Hi Jonatan!
> 
> Jonatan Liljedahl [2005-10-26 21:31 -0200]:
> > IMHO, automounting should be done by system (hald or ivman running
> > as root), since if two users are running ivman at the same time
> > there will be big trouble when both tries to mount the same thing
> > under /media. There will be a war about who owns the mountpoint.
> 
> Mounting the device by hal does not solve this "war" at all.

No? If hal (or another system service) mounts it, then there will be
only ONE app that tries to mount the device, so no war.

> The
> problem is not that the device does not get mounted (it will be
> mounted in any case, it's just the question by whom), but the problem
> is to which user the device belongs.
> 
> Right now, pmount mounts devices with file systems that don't support
> permissions (vfat, iso9660, etc.) with umask 077, so that only the
> owner can read/write it. You can make the umask less strict with a
> command line argument or with a hal policy, but you are secure by
> default.

Unless pmount is called by ivman running as root, then it will be
mounted as ivman.plugdev with uid and gid mount options set accordingly,
and with umask 0002. And with my patch for pmount it allows any user in
"plugdev" group to unmount the device. (Yes I know, not an ideal
solution but it works for a small family LAN with one box and n
X-terminals).

> Mounting by root would mean that the device needs to be
> group or even world read/writable, which would entail that you could
> not use removable media to save private data any more.

Not very nice, you're right. So probably it would be better still to
don't automount anything at all, but only create the mountpoints and
then let the users mount/unmount it and the first user who mounts it
will own it.

> I see two options to mitigate this:
> 
>   - In Ubuntu, gnome-volume-manager has a patch that adds support for
>     multiseat, like found in the HP441. So by configuring
>     /etc/multiseat.conf properly, you can solve the conflict if you
>     have more than one head on your box.

In which way is it solved? Never heard of the HP441...

>   - g-v-m/ivman should be taught to only mount a device if their
>     $DISPLAY is currently active. Unfortunately I don't have an idea
>     how to determine this.

What do you mean "active" ? Can't two users be active at the same time?
For example, when I'm sitting here (logged in to X trough xdm) and my
girlfriend has logged in also, trough another box in this room acting as
an X terminal?
One thing that could be done would be to check the IP of the $DISPLAY
and only allow the user at localhost to mount and access devices, but
what if my girlfriend wants to put in her CD-ROM with photos and work
with them on the X terminal?

/Jonatan    -=( http://kymatica.com )=-