(fedora) Re: running shell scripts from external USB disk

Mikkel L. Ellertson mikkel at infinity-ltd.com
Sat May 20 14:35:36 UTC 2006 

wwp wrote:
> Hello,
> 
> 
> On Fri, 19 May 2006 10:41:04 -0500 "Mikkel L. Ellertson" <mikkel at infinity-ltd.com> wrote:
> 
>> Jacob (=Jouk) Jansen wrote:
>>> Karsten wrote on 19-MAY-2006 16:20:35.24
>>>> On Fri, May 19, 2006 at 04:00:07PM +0200, Jacob (=Jouk) Jansen wrote:
>>>> Hi all,
>>>>
>>>> I have a FC5 system with an internal disk and a external USB disk
>>>> withanext3 partition on it. If a shell script (bash,csh etc..) is
>>>> located on the internal drive it works fine. If I copy it to the USB
>>>> disk I get problems: (why????)
>>> [snip]
>>>> Check the output of 'mount' for that device. I'm pretty sure that it has
>>>> been mounted with the 'noexec' flag.
>>>  You are right.
>>>  How to change this? This USB disk is mounted automatically when pluged
>>> in. I cannot edit fstab since than the machine fails to boot when the
>>> disk is not present.
>>>
>>>                         Jouk
>>>
>> You can add a local HAL rule to override the default behavior when
>> mounting USB drives. For security reasons, you may want to make the
>> rule specific to that USB drive. You will want to replace the noexec
>> option with the nosuid option so that someone can not plug in a USB
>> drive with a suid root binary that they can use to hack the system.
>> (Easy way to crack a system - suid root an editor, and modify
>> /etc/passwd so you can log in as root.)
> 
> If I've well-understood some recent (and less recent) posts here, HAL is no
> longer able to change the mount options - what a pain! I could confirm it, it
> fails at passing exec or any other mount option, lines like the following fail:
> 
> (excerpts from /usr/share/hal/fdi/policy/95userpolicy/mydevice.fdi
> [..]
>         <merge key="volume.policy.mount_option.noexec" type="bool">false</merge>
>         <merge key="volume.policy.mount_option.exec" type="bool">true</merge>
> [..]
> 
> 
Did this ever work? I thought that HAL used the first matching rule
it found. So it would find the rules in 90defaultpolicy first, and
use them. But I have explored the changes in FC5 yet. The impression
I get is that programs running under the GUI desktop can override
the default HAL mounting rules.
 This is something I need to look into when I get some spare time. I
have a USB card reader that reads Compact Flash and Smart Media
cards. The problem is that it does not report if there is a SM card
in the reader or not, so I need a special rule so that the SM socket
is not auto mounted. Otherwise it takes forever to mount the CF card
if I do not have a SM card installed. (Read timeouts.)

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

More information about the users mailing list