eject and pam support in Fedora

Bill Crawford billcrawford1970 at gmail.com
Wed Mar 5 09:58:25 UTC 2008 

On 05/03/2008, Karel Zak <kzak at redhat.com> wrote:

>   Unfortunately, it also works for non-CD/DVD devices.

This might conceivably still be a good thing (e.g. /dev/sd[e-h] on my
machine here at work are all different slots in the card reader on the
front of the box).

>   Unfortunately, eject(8) is ***broken by design***, because
>   automatically calls umount(8) before an eject ioctl.

That's pretty necessary if there's a cd or dvd mounted and you need to
eject it. Arguably it would be good if the kernel would notice it's
mounted and unmount it rather than requiring userspace to do so; but
then you have the problem of authorization all over again (*plus* the
problem of mechanism versus policy).

>          $ umount /dev/sda8
>          umount: only root can unmount LABEL=/mnt/misc from /mnt/misc

IIRC this is what the old "users" mount option was meant to cover.

>   Well, try other way:
>
>          $ grep sda8 /proc/mounts
>          /dev/sda8 /mnt/misc ext3 rw,relatime,data=ordered 0 0
>
>          $ eject sda8
>          umount: /: device is busy
>          umount: /: device is busy
>          eject: unmount of `/' failed
>
>         $ grep sda8 /proc/mounts; echo $?
>         1

Ouch.

Similar example here:

    [bill at bill ~]$ eject mapper/System-Local
    umount: /usr/local: device is busy
    umount: /usr/local: device is busy
    eject: unmount of `/usr/local' failed

So you're quite right, that's BAD.

>   From my point of view this is ***security bug*** (#432187), because
>   eject(8) bypasses /etc/fstab setting.

Oh, definitely a problem. Perhaps there's some better way to handle it.

Trouble is, the old alternative (only root can do this) meant people
using root account pretty indiscriminately. There is a conflict
between having a designated administrator, and user accounts who may
need to access hardware in this way; luckily most of the time this
isn't an issue because the owner of the machine is the one sitting at
it.

>   The normal UNIX design is use small separated commands rather than
>   one super-command. eject(8) should print "error: device is mounted"
>   rather than directly umount the device.

Then it fails to do what it says on the tin, "eject" a removable device.

It used to be that you had to put "users" as a mount option in
/etc/fstab to allows multiple users to mount/unmount e.g. a CD or DVD.
That's been "broken" by the move to completely dynamic handling of
removable devices and mountpoints by hal.

You're right, but we need a replacement for eject or to make it work
right, ... having it just fail will result in either lots of people
having to be given a root password who wouldn't otherwise, or lots of
extra time wasted by administrators of shared machines.

More information about the devel mailing list