Allowing ordinary users to mount a CD

Nivel · ‎04-26-2007

Under HP-UX 11.11 on a C8000, how do I let ordinary users mount a CD? Normally, mount command does not allow non-root users to do this.

Vladimir Fabecic · ‎04-26-2007

sudo can do the job
Install and configure sudo

In vino veritas, in VMS cluster

spex · ‎04-26-2007

Hello,

Aside from 'sudo', there's 'automount' and a pair of mount/umount scripts that are suid root.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/
# man 1m automount
# man 1 chmod

PCS

Marco A. · ‎04-26-2007

The better option to achive that is by using Sudo.
Sudo (super user do), generally pronounced , is a program for Unix-like operating systems such as BSD, Mac OS X, and Linux that allows users to run programs with the security privileges of another user (normally the system's superuser) in a secure manner.

By default it is installed in /usr/bin.

Download it from :

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Hope this helps,

Rgds

Just unplug and plug in again ....

Nivel · ‎04-27-2007

Thanks for the replies. So, there isn't an easier way to permit non-root users to read the files from a CD on an HP-UX machine? Sudo seems to require a user to enter a password, and even then he is restricted to a limited time. What I want to do is set something up, as root, once only, to permit all subsequent users to read a CD. Any more ideas? Thanks in advance

Marco A. · ‎04-27-2007

The sudo need to be used is the users want to "mount" the CD, for reading just apply different permissions.

Rgds,

Marco

Just unplug and plug in again ....

James R. Ferguson · ‎04-27-2007

Hi Nev:

One other reasonable option would be to write a simple C (wrapper) program that has its setuid bit set and is owned by 'root'. The code does nothing more than issue a 'mount' request for a specific CD/DVD drive.

Regards!

...JRF...

Bill Hassell · ‎04-27-2007

> So, there isn't an easier way to permit non-root users to read the files from a CD on an HP-UX machine?

SUDO is the best way. Anything else such as writing a shell wrapper and setting the SUID bit is so full of security problems that you might as well tell all the users the root password.

> Sudo seems to require a user to enter a password, and even then he is restricted to a limited time.

Not at all. The default settings in sudoers is not meant to be useful but just has some basic sections. The password request is *NOT* for the root password but for the user to repeat their login password. However, you can turn off that option in sudoers. You can also remove the nag message that says to be careful. You can explicitly define the mount command and the umount command along with the mount point (ie, mount /cdrom).

> What I want to do is set something up, as root, once only, to permit all subsequent users to read a CD.

SUDO will do all of this for you in a secure manner. The user will simply type:

sudo mount /cdrom

And that's it. Check the man pages for the sudoers file.

Bill Hassell, sysadmin

James R. Ferguson · ‎04-27-2007

Hi (again):

Depending upon the release you are running, you may *not* even be able to execute a setuid *shell* script. This will be the case, by default, beginning with 11.23. Notice, however, that my suggestion was not for a setuid shell script but rather a small piece of C-code to which the setuid bit is applied. The code performs an 'execv' call of a string that specifies a CD/DVD mount.

Regards!

...JRF...

James R. Ferguson · ‎04-27-2007

Hi:

I should hasten to add to:

> Depending upon the release you are running, you may *not* even be able to execute a setuid *shell* script.

That this is the default setting and can be overridden by setting the kenerl parameter 'secure_sid_scripts=0'.

Regards!

...JRF...

James R. Ferguson · ‎04-27-2007

Hi:

I should hasten to add to:

> Depending upon the release you are running, you may *not* even be able to execute a setuid *shell* script.

That this is the default setting and can be overridden by setting the kenerl parameter 'secure_sid_scripts=0'.

Regards!

...JRF...

Dennis Handly · ‎04-27-2007

I assume besides letting them mount CDs, you are going to have to let them unmount them? Otherwise you can just have the CD mounted at boot time and not change it.

Nivel · ‎04-29-2007

Thanks for the replies. Dennis, users will need to mount and unmount several CDs while they are logged on.

Peter Nikitka · ‎04-30-2007

Hi,

you can create an automount map, which deals with local devices, so no further superuser intervention is need for mounting.
The unmounting will be done by the automounter as well, when no access to the device is done after some period of time.

In /etc/auto_master:
/media -ro /etc/auto.local

cat /etc/auto.local
cdrom -fstype=cdfs,rr,ro :/dev/cdrom
dvd -fstype=cdfs,cdcase,ro :/dev/cdrom

where /dev/cdrom is a hard link I created to the default device in the HW-path /dev/dsk/c0t0d0...

Note that the colon ':' is the redirection to a local device.
Having a medium inserted, the automounter will mount it when accessing it, e.g. via
ls -l /media/cdrom

mfG Peter

PS: After the addition of the new map, you'll have to execute
automount -v
to activate it.

mfG Peter

The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"

Nivel · ‎04-30-2007

Peter, thanks for this. Unfortunately, I can't get it to work! I have put the new lines in auto_master and auto.local as per your instructions. I have entered:
ln /dev/dsk/c3t1d0 /dev/cdrom
to create a hardware link, and entered:
automount -v
to activate the new map.
However, ls -l /media/cdrom just hangs.
Also, and if I can get this to work, automount cannot be used by a non-root user. The application I am writing will require that a non-root user can power up the HP C8000, log in, and read a CD that has been previously recorded. How often will automount need to be entered?
Thanks in advance.

Nivel · ‎05-01-2007

Peter, I have now got your suggestion to work. Your suggested line for inclusion in auto_master should have been /media /etc/auto.local -ro
Also, it won't work until automountd has been run. However, as I need to allow non-root users to power-up the workstation, and log in and read previously recorded CDs, your idea isn't quite what I wanted, as automountd and automount need to be executed, by root, whenever the workstation is powered-up. Apart from using sudo, I'm sure there must be a solution out there!

Bill Hassell · ‎05-01-2007

> Apart from using sudo, I'm sure there must be a solution out there!

Is there a reason not to use sudo since it gives you all your requirements. Users can mount and unmount CDs at anytime. You can even create an alias called cdmount and cdunmount:

alias cdmount="sudo mount /cdrom"
alias cdunmount="sudo mount /cdrom"

Put all the mount options in /etc/fstab including noauto so the CD won't be mounted automatically at bootup:

/dev/dsk/c0t4d0 /cdrom cdfs ro,rr,noauto 0 0

Bill Hassell, sysadmin

Nivel · ‎05-01-2007

I haven't had a chance to try sudo yet, as it needs compiling (from the link that another response suggested), and my compiler hasn't arrived yet.

Dave Hutton · ‎05-01-2007

You shouldn't have to compile it:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Download it from software.hp.com and search for express. Or click the above link and it should be a pre-packaged version. (depot)

Peter Nikitka · ‎05-01-2007

Hi,

once the maps for automount are configured, it will restart at every system boot, when activated in
/etc/rc.config.d/ndsconf
AUTOFS=1

(or something similar - no HP at hand here)

Then no interaction with the root account is needed to mount or umount a CD:
Everytime a 'normal' user executes
ls /media/cdrom

the CD/DVD in the drive will be mounted.
After the inactivity timeout the CD will be umounted by the automount daemon and can be ejected.

Thus root is only needed to do the initial setup - the normal handling can be done by every user without additional privilegs.

mfG Peter

The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"

Bill Hassell · ‎05-01-2007

Sorry, I should have pointed out that the majority of open source software is available from HP already compiled and packaged with SD. Just download and run swinstall.

Bill Hassell, sysadmin

Nivel · ‎05-01-2007

Peter, Thanks again for your help.
AUTOFS is 1 in the nfsconf file already.
However, NFS_CLIENT and NFS_SERVER are both set to "0", so I guess the settings in nfsconf are being ignored at boot up, so automount and automountd are not being run automatically. I am running a C8000 as a stand alone workstation, so do I set these two options to "1"?

Peter Nikitka · ‎05-01-2007

Hi,

on my server there is a setting for this, because the automounter is used for real NFS purposes as well. Having a rp3440 at hand now, I see that in
/sbin/init.d/nfs.client
the processing of the automount entry is done only when having set
NFS_CLIENT=1
in /etc/rc.config.d/nfsconf

Though not required, when automouunt is used purely for handling local devices, you must activate the NFS client to get it started at boot time.

mfG Peter

The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"

Nivel · ‎05-02-2007

Thanks Peter, this works perfectly now.
While the use of sudo would also have been a neat solution, automount is already built in.
Thanks for all replies.

Nivel · ‎05-02-2007

Peter's solution to set up an automount map works fine.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Allowing ordinary users to mount a CD

Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD

Re: Allowing ordinary users to mount a CD