Auto-login via USB thumb drive.

English Install/Boot/Login
21

I have more time to play with this now. I’m trying to configure my specific thumb drive to automount as read-only, but I’m struggling with finding documentation that shows me how to do this. Here’s the udev rule I currently have (/etc/udev/rules.d/10-usbkey.rules)


KERNEL!="sd[a-z][0-9]", GOTO="media_by_serial_auto_mount_end"


# See if it's the usb key we want to use, and if it's not, end.
SUBSYSTEMS!="usb", ATTRS{manufacturer}!="Kingston", ATTRS{product}!="DataTraveler 2.0", ATTRS{serial}!="<my serial number>", GOTO="media_by_serial_auto_mount_end


# Import FS infos
IMPORT{program}="/sbin/blkid -o udev -p %N"


# Get a label
ENV{dir_name}="%E{ID_FS_LABEL}"


# Global mount options
ACTION=="add", ENV{mount_options}="relatime"


# Filesystem-specific mount options
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="$env{mount_options},ro,nosuid,nodev,uid=1000,gid=100,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1$


# Mount the device
ACTION=="add", RUN+="/bin/mkdir -p /run/media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /run/media/%E{dir_name}"


# Clean up after removal
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /run/media/%E{dir_name}", RUN+="/bin/rmdir /run/media/%E{dir_name}"


# Exit
LABEL="media_by_serial_auto_mount_end"

I haven’t tried this rule yet, but it might work. The probably is the mount locations. I don’t want it mounting to /run/media/%E{ID_FS_LABEL}. I want it mounting to /run/media/<username>/%E{ID_FS_LABEL}, for example:

/run/media/spork/SSH\ KEYS

Can someone help me figure out how to always mount just this specific thumb drive as read-only and not read-right? Thanks!

22

I’m also tried this udev rule, but it didn’t seem to work either:


# See if it's the usb key we want to use, and if it is, then mount read-only
SUBSYSTEMS=="usb", ATTRS{manufacturer}=="Kingston", ATTRS{product}=="DataTraveler 2.0", ATTRS{serial}=="<my serial number>", ENV{UDISKS_MOUNT_OPTIONS}="ro"

I thought for certain this one would work, after reading about the UDISKS_MOUNT_OPTIONS, but it doesn’t seem to. I changed the ENV{UDISKS_MOUNT_OPTIONS} to MODE=“0555” and I can see /dev/sdc1 is created with 0555 file permissions, so I’m pretty sure the rule is being processed…I just can’t figure out how to set the mount options so it mounts as read-only.

23

Hi
Try adding before your last ENV entry;


ENV{ID_FS_USAGE}=="filesystem",
24

Thank you for the response. I tried and had no luck. I also ran udevadm control --reload-rules, although I don’t know if that’s necessary.

Maybe you could clarify something for me. From looking at various examples, my understanding is if there’s a double set of equal signs, it’s like an if statement. A single equal sign will set a value. My understanding is I can cascade the if’s and set’s. Whatever is on a single line would work. So, if I have something like:


SUBSYSTEMS=="usb", MODE="0555", ATTRS{manufacturer}=="Kingston", MODE="0666"

All usb subsystems will have the mode 0555, unless it’s a USB device made by Kingston. Is this correct?

Also, my understanding is by adding the


ENV{ID_FS_USAGE}=="filesystem",

we’re just adding another if. Essentially, if it’s a USB device, if it’s manufactured by Kingston, if the product is a DataTraveler 2.0, if the serial number is <my serial number> and if the ID_FS_USAGE is filesystem, then set the UDISKS_MOUNT_OPTIONS to ro. Is my understanding correct?

I was thinking I might have to do something with /etc/udisks2/something.conf file, but I’ve tried various things. I’m not even certain I got the filename correct or the values that I’d put in that .conf file, so maybe that’s why I couldn’t get it to work using the /etc/udisk2/ .conf file.

Any other suggestions?

Thanks!

25

Unlikely. udev runs helpers in separate namespace, so any mounts done there won’t be visible and disappear when helper exits.

26

On Fri 20 Jan 2017 02:26:01 AM CST, Spork Schivago wrote:

malcolmlewis;2809258 Wrote:
> Hi
> Try adding before your last ENV entry;
>
> >
Code:

> >
> ENV{ID_FS_USAGE}==“filesystem”,
>

> >
Thank you for the response. I tried and had no luck. I also ran
udevadm control --reload-rules, although I don’t know if that’s
necessary.

Maybe you could clarify something for me. From looking at various
examples, my understanding is if there’s a double set of equal signs,
it’s like an if statement. A single equal sign will set a value. My
understanding is I can cascade the if’s and set’s. Whatever is on a
single line would work. So, if I have something like:

Code:

SUBSYSTEMS==“usb”, MODE=“0555”, ATTRS{manufacturer}==“Kingston”,
MODE=“0666”

All usb subsystems will have the mode 0555, unless it’s a USB device
made by Kingston. Is this correct?

Also, my understanding is by adding the

Code:

ENV{ID_FS_USAGE}==“filesystem”,

we’re just adding another if. Essentially, if it’s a USB device, if
it’s manufactured by Kingston, if the product is a DataTraveler 2.0, if
the serial number is <my serial number> and if the ID_FS_USAGE is
filesystem, then set the UDISKS_MOUNT_OPTIONS to ro. Is my
understanding correct?

I was thinking I might have to do something with
/etc/udisks2/something.conf file, but I’ve tried various things. I’m
not even certain I got the filename correct or the values that I’d put
in that .conf file, so maybe that’s why I couldn’t get it to work using
the /etc/udisk2/ .conf file.

Any other suggestions?

Thanks!

Hi
So if you open a terminal and switch to root user and run the command;


udevadm monitor

Plug the device in and see what is happening, plug in a different usb
device and compare…

Hmmm, doesn’t have an SD card reader… at least SD cards have a ro
switch…


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

27

That’s what I was wondering. So it’s very likely that the UDISKS_MOUNT_OPTIONS is actually going through, but the udisk2 helper or whatever it is just doesn’t use it.

So, can I somehow configure the udisks2 helper to always automount the device as read-only? I have googled this and have had limited success finding promising results. From reading the man page, I see I can create a configuration file under /etc/udisks2. I’m not 100% sure on the filename though or how to set the read-only value.

28

What UDISKS_MOUNT_OPTIONS? Where have you got it from?

So, can I somehow configure the udisks2 helper to always automount the device as read-only?

There is no “udisks2 helper”. It calls normal “mount”. The udisk2 role is to enumerate available devices and provide privileged daemon to perform actions that require root privileges. The actual mounting is initiated by client, that usually is provided by your desktop environment. udisks2 comes with simple command line client udisksctl. So it is up to this client to tell udisks to mount specific device as read-only.

Alternative is to list device in /etc/fstab, in which case udisks2 simply takes options from there.

29

Mount helpersudisksctl

I learned about the UDISKS_MOUNT_OPTIONS from here:

https://bugs.freedesktop.org/show_bug.cgi?id=33461

For some reason, I thought the patch was being used. I don’t think it is though. If I were to patch my udev, would it make a difference? From what you’re saying, even if the UDISKS_MOUNT_OPTIONS patch is there, it still won’t help any.

Thank you for explaining the udisks2 stuff. The reason I thought there was a udisks2 helper was because when I ran the mount command, I saw this:


/dev/sdc1 on /run/media/spork/SSH KEYS type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=100,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2)

The part I’m referring to is where it says uhelper=udisks2. Is there way to add an /etc/fstab option where it only mounts this specific drive read-only? I cannot assume the partition will always be /dev/sdc1 and I need away to distinguish this drive from other drives.

I want to make sure I understand this. So udisks allows non-root users to mount devices. The desktop environment, in my case, Gnome, will either interact with the udisks2 daemon directly or it’ll call udisksctl, which in turn will call mount? Is that correct? If so, where does udev come into play?

I’m trying to understand this and I apologize if some of these questions are rather simple.

I’ve been using multiple sites for resources. I got a good bit of information from here:

https://wiki.archlinux.org/index.php/udisks

The Mount helpers section is what lead me to believe that there was some wrapper that I might be able to configure to tell it to automount just this thumb drive as read-only.

30

Okay, last night, I didn’t have much sleep, we have a baby that doesn’t sleep well at night yet. But I’m more rested and have a better mind today. I now know the UDISKS_MOUNT_OPTIONS isn’t an option. I’m leaning towards the fstab entry. From what I’ve read, udisks2 will honor the various mount options that are in there. I know how to specify this specific thumbdrive only for the fstab entry. But I want the thumb drive to mount in the /run/media/<username>/<fs label> directory. The <username> is the important part. There’s no way to do that with an fstab entry, is there?

Is there a way to do that with that first udev rule I posted, the one that calls mount directly? Some way to figure out the username that’s logged into Gnome and then store that in a variable, so if I’m logged in and I pop in the thumb drive, it mounts to /run/media/<my username>/… and if someone else is logged in, it’ll mount to their /run/media/<username>/… directory?

31

Well, as suggested this patch would help in this case.

I saw this:

/dev/sdc1 on /run/media/spork/SSH KEYS type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=100,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2)

The part I’m referring to is where it says uhelper=udisks2.

This is umount helper.

Is there way to add an /etc/fstab option where it only mounts this specific drive read-only? I cannot assume the partition will always be /dev/sdc1 and I need away to distinguish this drive from other drives.

The simplest way is to use one of /dev/disks/by-* links that use device properties that are presumed to be unique and persistent.

So udisks allows non-root users to mount devices. The desktop environment, in my case, Gnome, will either interact with the udisks2 daemon directly or it’ll call udisksctl, which in turn will call mount? Is that correct?

Yes

If so, where does udev come into play?

It manages device files under /dev.

udisks - ArchWiki

The Mount helpers section is what lead me to believe that there was some wrapper

All helpers listed there are udisks clients.

32

Just specify this path as mount point as long as you have only one thumb drive and only one user. /run disappears on every reboot, so using some more persistent path is better. If you want to do it for arbitrary fs_label or user, unknown in advance, this is not possible.

33

So without patching udisks2 to add the UDISKS_MOUNT_OPTIONS, I cannot get the thumb drive to mount under /run/media/<usernames>/<fs label>? The username is the important part.

The patch was for udisks, not udisks2, however, it might not be that hard to port it to udisks2. I could look into that. I’d just have to make sure every time my system is updated, I reinstall the patched version of udisks2.

Thanks for the help. I guess that answers my questions.

34

I almost had it. I found a way to obtain the username, the filesystem label. My udev rule called a simple script to make the directory, mount, remove the directory, and unmount the thumb drive. I just didn’t realize I couldn’t run mount at that time. I tried finding a way to run mount, by changing something in systemd-udev.service or whatever it was. Something like MountFlags=shared is what I changed the option to, but even after a reboot, I still couldn’t run the mount command. I also tried the udisksctl mount command, but same issue. I was just trying to exhaust all my options. I’m thinking I’ll probably have to go the fstab route. This is unfortunate and I’ll have to change some of my programs to not care about the username. Thanks for the help though.

I learned a lot since I first asked for help.

35

I got the auto-mounting as read-only working. It mounts properly too, which is also a big plus!

Here’s a copy of my /etc/udev/rules.d/10-usbkey.rules file


# See if it's the usb key we want to use, and if it is, then mount read-only
SUBSYSTEMS!="usb", ATTRS{manufacturer}!="Kingston", ATTRS{product}!="DataTraveler 2.0", ATTRS{serial}!="5B6B14875188", GOTO="NOT_OUR_KEY"


# Create the directory
ACTION=="add", RUN+="/home/spork/src/mount_key.sh '%E{DEVNAME}' '%E{ID_FS_LABEL}'"


# Remove the directory
ACTION=="remove", RUN+="/home/spork/src/unmount_key.sh '%E{DEVNAME}' '%E{ID_FS_LABEL}'"


LABEL="NOT_OUR_KEY"

I haven’t finished the unmount_key.sh script, but the mounting script is finished. I should put it somewheres besides /home/spork/src/ directory. But for now, while I’m still testing, I’ll leave it there:
Here’s my mount_key.sh file:


#!/bin/bash


# Determine which user is currently logged into X-Windows.
PROCESS=`pgrep  -f "/usr/lib/gdm/gdm-x-session --run-script"`
USERNAME=`grep -z 'USERNAME=' /proc/${PROCESS}/environ | tr -d 'USERNAME='`


# Set our variables.


# Make sure we were passed a device name.
if  -z "${1}" ]; then
# We weren't, assign a bad device name and abort.
  DEVNAME='/dev/null'
# We'll never see this message.
  echo -e "We're probably not ready to mount yet, we have no device name...";
  exit -1;
else
  DEVNAME=${1}
fi


# Make sure we were passed a volume label.
if  -z "${2}" ]; then
# We weren't, assign a default label.
  ID_FS_LABEL='no_label'
  echo -e "We're probably not ready to mount yet, we have no filesystem label...";
  exit -2;
else
  ID_FS_LABEL=${2}
fi


# Make sure username was populated.
if  -z "${USERNAME}" ]; then
# It wasn't, assign a generic username.
  USERNAME='no_user'
fi


# Make sure our directory isn't already populated.
if  -d "/run/media/${USERNAME}/${ID_FS_LABEL}" ]; then
# We'll never see this message.
  echo -e "Something is already mounted under '/run/media/${USERNAME}/${ID_FS_LABEL}'.  Exiting...";
  exit -2;
else
# Create our new mount point directory.
  mkdir -p "/run/media/${USERNAME}/${ID_FS_LABEL}"
fi


# Sleep long enough for the file system to initialize.
sleep 2;


# Mount the device read-only.
/usr/bin/mount -o ro "${DEVNAME}" "/run/media/${USERNAME}/${ID_FS_LABEL}"

I haven’t fully tested it, but it works. I pop in the thumb drive and I see that it’s automatically mounting as read-only, which is good.