(fedora) Re: running shell scripts from external USB disk
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Sat May 20 14:35:36 UTC 2006
wwp wrote:
> Hello,
>
>
> On Fri, 19 May 2006 10:41:04 -0500 "Mikkel L. Ellertson" <mikkel at infinity-ltd.com> wrote:
>
>> Jacob (=Jouk) Jansen wrote:
>>> Karsten wrote on 19-MAY-2006 16:20:35.24
>>>> On Fri, May 19, 2006 at 04:00:07PM +0200, Jacob (=Jouk) Jansen wrote:
>>>> Hi all,
>>>>
>>>> I have a FC5 system with an internal disk and a external USB disk
>>>> withanext3 partition on it. If a shell script (bash,csh etc..) is
>>>> located on the internal drive it works fine. If I copy it to the USB
>>>> disk I get problems: (why????)
>>> [snip]
>>>> Check the output of 'mount' for that device. I'm pretty sure that it has
>>>> been mounted with the 'noexec' flag.
>>> You are right.
>>> How to change this? This USB disk is mounted automatically when pluged
>>> in. I cannot edit fstab since than the machine fails to boot when the
>>> disk is not present.
>>>
>>> Jouk
>>>
>> You can add a local HAL rule to override the default behavior when
>> mounting USB drives. For security reasons, you may want to make the
>> rule specific to that USB drive. You will want to replace the noexec
>> option with the nosuid option so that someone can not plug in a USB
>> drive with a suid root binary that they can use to hack the system.
>> (Easy way to crack a system - suid root an editor, and modify
>> /etc/passwd so you can log in as root.)
>
> If I've well-understood some recent (and less recent) posts here, HAL is no
> longer able to change the mount options - what a pain! I could confirm it, it
> fails at passing exec or any other mount option, lines like the following fail:
>
> (excerpts from /usr/share/hal/fdi/policy/95userpolicy/mydevice.fdi
> [..]
> <merge key="volume.policy.mount_option.noexec" type="bool">false</merge>
> <merge key="volume.policy.mount_option.exec" type="bool">true</merge>
> [..]
>
>
Did this ever work? I thought that HAL used the first matching rule
it found. So it would find the rules in 90defaultpolicy first, and
use them. But I have explored the changes in FC5 yet. The impression
I get is that programs running under the GUI desktop can override
the default HAL mounting rules.
This is something I need to look into when I get some spare time. I
have a USB card reader that reads Compact Flash and Smart Media
cards. The problem is that it does not report if there is a SM card
in the reader or not, so I need a special rule so that the SM socket
is not auto mounted. Otherwise it takes forever to mount the CF card
if I do not have a SM card installed. (Read timeouts.)
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the users
mailing list