Episode 006 – pmount

Most desktop environments have a way to auto mount any device you connect to the system that is partitioned for storage. Plugging in a usb drive to a system running Gnome, KDE, or XfCE4 will generally offer to mount the device for you and make it available to your preferred file manager. But those who chose to run a lighter environment, say with a window manager like Fluxbox, WindowMaker, FVWM2 or run without X at all may not have the luxury of their devices auto-mounting in this way. You could work with editing your /etc/fstab to get the proper permissions for a user to mount devices like this or you could save yourself some time by using the pmount, or policy mount,  command.

Most distributions do not install pmount out of the box but it is a quick download form most package managers. Once installed there is some configuration that may need to be done before a use can utilize the pmount command.  The /etc/pmount.allow file must be created listing all the possible devices that will be mountable using pmount. This file contains of whitelist of devices that can be mounted. Pmount will mount removable devices that are not listed in this file, so depending on the device you want to use is detected pmount may or may not be allowed to mount the device unless it is whitelisted in /etc/pmount.allow.

To determine if a device is flagged as removable issue this command:

cat /sys/block/[device]/removable

Where [device] is the device on your system.  If the value is “1” then it is removable and does not need a whitelist entry. If it is 0 then it is not considered a removable device and must be whitelisted to be used with pmount.

Devices are specifed in the whilelist one per line.  Globs are allowed so instead of

sda
sda1
sda2
sda3

You can specify:

sda[123]

By default all devices are mounted under the /media directory by their given partition name.  So issuing:

pmount /dev/sdb1

Will mount parition 1 of device sdb on /media/sdb1. You can also pass a label to pmount and the partition or device will be mounted under that label:

pmount /dev/sdb clipzip

Will mount /dev/sdb under /media/clipzip instead of /media/sdb.

Successful mounting of a device by pmount occurs if the following conditions are met:

  1. The device is a block device (i.e.; hard drive, flash drive, dvd)
  2. The device is not already listed in fstab.
  3. The device is not already mounted according to mtab.
  4. If the mount point already exists it is not being used by another device.
  5. The device is removable or it is listed in the /etc/pmount.allow whitelist.
  6. Finally, the device will mount if it is not locked.

To find out what partitions are available for mounting when you plug a drive into your system you can issue the dmesg command which will show you the device name andthe partitions on the device.

If you issue the pmount command by itself it will show all the devices mounted by the pmount command (if there are any), just like issuing the mount command.

Once a device is mounted use the pumount command to umount it:

pumount /dev/sdb

There are a number of mount options you can pass to pmount, the list is as follows and includes the defaults:

  •  -r or –read-only – mount device as read-only.
  • -w or –read-write – mount device as read-write (default)
  • -s or –sync – device mounts without write caching (default is async)
  • -A or –noatime – mount device with noatime (default is atime)
  • -e or –exec – mount device with exec option (default is noexec).

If you are using a flash device you probably do not want to use the -s or –sync option as this turns off write caching and will increase the amount of time it takes to perform operations on the file system as every change will need to be written immediately. Although if you are prone to just pulling out usb devices before unmounting them  you may want to implement this option.

Pmount will autodetect the filesystem of the partition being mounted. Should it have difficulty for some reason you can pass the filesystem using the -t or –type flag. Syntax is the same as the mount command. Pmount supports many file systems but as of this entry btrfs is not supported.

The default umask for pmount is dependent on the filesystem.  Generally it is 022 which equates to the following permissions:  rw-r–r– (644) for files and rwxr-xr-x (755) for directories.  Remember the equation for this is:

files = 666 – umask
directories = 777 – umask

The default umask for VFAT and NTFS is 077 which creates files with rw——- (600) and directories rwx—— (700). Specifying the umask will only work with filesystems that will take a umask value, otherwise the value is ignored.

If you are attempting to mount an encrypted filesystem you will be prompted upon executing pmount for the passphrase.  You can specify a file to be used for this passphrase with the -p or –passphrase option.

Remember, to unmount a device mounted with pmount you issue the pumount command. Always unmount your device before physically removing it.

Pmount is a great utility to have on a desktop system but before installing it on a server, make sure you absolutely need this type of application. Allowing users to arbitrarily mount and unmount devices on a server is a security risk.

Bibliography:

  • man pmount
  • man umask
  • info umask

If the video is not clear enough view it off the YouTube website and select size 2 or full screen.  Or download the video in Ogg Theora format:

Thank you very much

 

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Episode 006 – pmount

  1. Miggs says:

    Hello. Nice tutorial.

    I try to use pmount with Debian Wheezy but whenever i issue ‘pmount -w /dev/sdb’ it returns ‘mount: warning: /media/sdb seems to be mounted read-only.’ and i get a read-only /media/sdb as such.

    Do you have any idea of why is this happening?

    • dannSWashko says:

      Do you already have an option for /dev/sdb in /etc/fstab? If so I believe the options in there will override pmount.

  2. Terry Cloth says:

    Dear Moderator: I still flubbed it, as I thought `code’ would protect the angle brackets. Please kill the previous two attempts. 🙁 Hoping third time’s the charm:

    A couple of Debian notes:
    1) Only members of the plugdev group can use pmount.
    # addgroup username plugdev
    will make it work for those users you trust.
    2) There’s also pmount-hal which makes it almost as nice as
    GUI automounts of removable devices:
    % pmount-hal /dev/sdb1
    will read the volume label and create a mountpoint of that
    name under /media, so you get a nice setup along the lines of
    /media/mythumbdrive
    Who could ask for anything more? 🙂

    Maybe these work with other distros, too?