A USB stick mounted read-only for non-root users

[ant-222]

I have a USB stick that automount mounts in way that only root has write access to it:
-rwxr-xr-x 1 root wheel
This is what gpart show prints for this device:

=>      63  15132609  da1  MBR  (7.2G)
        63      8001       - free -  (3.9M)
      8064  15124608    1  fat32lba  (7.2G)

Is it possible to have mount with write access for non-privileged users?

[vermaden]

Hi,

yes - this is what I do all the time :)

Try my config at /usr/local/etc/automount.conf file - make sure to put YOUR username in the USER=xxx option.

  USERUMOUNT=YES
  USER=vermaden
  FM='caja --no-desktop'
  NICENAMES=YES

Let me know if it helped.

[ant-222]

Thank, it solved the problem. On some of the mounts the owner is root with complete permissions rwxrwxrwx, and on some it is the user specified in the USER setting with permissions rwxrwxr-x, which means that other users not in the same group still have no write access. Can I change that? Where is the automount.conf file documented?

[vermaden]

Probably the root owner with rwxrwxrwx permissions is for some FUSE mounted ones - not sure if it will be possible to change that ...

The automount.conf file is documented here:

% /usr/local/sbin/automount help               
AUTOMOUNT is a devd(8) based automounter for FreeBSD.

It supports following file systems:
UFS/FAT/exFAT/NTFS/EXT2/EXT3/EXT4/MTP/HFS/ISO9660

Add these to mount NTFS/exFAT/EXT4/HFS/XFS/MTP respectively:
 o sysutils/fusefs-ntfs
 o sysutils/fusefs-exfat
 o sysutils/fusefs-hfsfuse
 o sysutils/fusefs-lkl
 o sysutils/fusefs-simple-mtpfs

By default it mounts/unmounts all removable media but
it is possible to set some additional options at the
/usr/local/etc/automount.conf config file.

Below is a list of possible options with description.

MNT_PREFIX (set to /media by default)
  With this options You can alter the default root
  for mounting the removable media, for example to
  the /mnt directory.

  example: MNT_PREFIX='/media'

MNT_GROUP (wheel by default)
  If set to some group name, the mount command will
  chown(1) the mount directory with the group.

  example: group='operator'

MNT_MODE (set to 775 by default)
  Value for chmod on mount point.

FAT_ENCODING (set to en_US.UTF-8 by default)
  Only used with FAT32 mounts, specifies which
  encoding to use at the mount.

  example: FAT_ENCODING='en_US.ISO8859-1'

FAT_CODEPAGE (set to CP866 by default)
  Only used with FAT32 mounts, specifies which
  code page to use at the mount.

  example: FAT_CODEPAGE='cp437'

ISO9660_CODEPAGE (set to UTF-8 by default)
  Only used with cd9660 mounts, specifies which
  code page to use at the mount.

ATIME (set to NO by default)
  When set to NO it will mount filesystems with
  noatime option when possible.

  example: ATIME='YES'

RETRY_COUNT (set to 3 by default)
  How many times try to get file system type or try to mount.

  example: RETRY_COUNT='1'

RETRY_DELAY (set to 1 second by default)
  Delay beetwin retry attempt.

  example: RETRY_DELAY='2.5'

USERUMOUNT (set to NO by default)
  When set to YES it will 'chmod +s /sbin/umount'
  which would allow an USER to unmount the file
  system with their selected file manager.

  example: USERUMOUNT='YES'

NOTIFY (set to NO by default)
  Use 'notify-send' and 'libnotify' to show notifications
  of mounting and unmounting devices on the desktop.

  example: NOTIFY='YES'

WALL (set to NO by default)
  Use wall(1) to show notifications of mounting and
  unmounting devices on terminals of logged in users.

  example: WALL='YES'

FM ('exo-open --launch FileManager' by default)
  If set to file manager command, the mount will
  launch the specified command after successful
  mount. Works only if USER parameter is also set.

  example: FM='nautilus --browser --no-desktop'

BLACKLIST (unset by default)
  The automount will ignore devices defined here.

  example: BLACKLIST='da0 da3s1a'


BLACKLIST_REGEX (unset by default)
  The boolean flag option complements the above BLACKLIST option
  if one wants regex match instead of exact match for ignoring devices.
  Below will ignore all partitions ada0p1/ada0p2/... of ada0 device.

  example: BLACKLIST='ada0'
           BLACKLIST_REGEX=true

USER (root by default)
  If set to some username, the mount command will
  chown(1) the mount directory with the user and
  its primary user group. If used with FM option
  allows to launch the specified file manager after
  a successful mount.

  example: USER="vermaden"

REMOVEDIRS (set to YES by default)
  If set to YES the automount(8) will remove /media dir after unmount.

  example: REMOVEDIRS=NO

NICENAMES (set to NO by default)
  If set to YES the device/filesystem label will be used for /media dir name.

  example: NICENAMES=YES

IGNORE_SYS_PARTS (set to NO by default)
  If set to YES automount(8) will ignore system partitions like EFI or MSR.

  example: IGNORE_SYS_PARTS=YES

[ant-222]

I was looking in all the wrong places: the man page, and the project website. Now I see that MNT_GROUP is a good solution for my family PC: I can add all the members to a mounters group and use that in the config.

I see you have put a lot of effort into automount, and the result is impressive. Thank you.

[vermaden]

Thanks. Trying mate :)