Jan 102009
 

Policy Mount, pmount is a wrapper around the standard mount program to allow regular users to automatically mount removable devices without having a matching /etc/fstab entry. pmount  also  supports  encrypted devices which use dm-crypt and have LUKS metadata. If a LUKS-capable cryptsetup is installed, pmount will use it to decrypt the device first and mount the mapped unencrypted device instead.


pmount maintains an access list that specifies the devices that can mounted by these regular users. The file /etc/pmount.allow is the file which whitelists the device that can pmounted.  Every removable device that needs to be allowied to mount using pmount needs to entered here (one per line). No entries in the file means that no removable device is allowed to be mounted using pmount and when the user tries to mount it, he may receive an error like:

device /dev/mmcblk0p1 is not removable

Install pmount

Click this oneclick install from Packman to install pmount on your openSUSE. This is supported on openSUSE 11.1/openSUSE 11.0 (x86/x64). This should download the YMP file and automatically launch the YaST package manager. Click Next on the initial pmount install window and next on the install proposal window which shows the  repository that will be added and the packages that will be installed on your openSUSE. This should start adding the repositories and the package pmount and required dependencies. Click Finish once the installation compeltes successfully.

pmount1 pmount2

pmount3

This should install pmount under /usr/bin/pmount

opensuse111:~ # which pmount
/usr/bin/pmount

Edit the file /etc/pmount.allow and enter the removable device that you need to allow reglar users to mount. My /etc/pmount.allow file looks like this

opensuse111:~  # cat /etc/pmount.allow
# /etc/pmount.allow
# pmount will allow users to additionally mount all devices that are
# listed here.
/dev/mmcblk0p1

In the above the line /dev/mmcblk0p1 will allow my Memory Cards on the card reader be mount using pmount

To mount a device

opensuse111:~ # pmount <dev> <label>

where the <label> will be a mount point under /media. if no label is mentioned, the device name is used as the mount point under /media.

For example

opensuse111:~ #  pmount /dev/mmcblk0p1 sdcard

Here the mount point is /media/sdcard. To check if the device is mounted, type pmount (devices mounted through pmount) or mount (all devices mounted)

opensuse111:~ # mount
/dev/sda6 on / type ext3 (rw,acl,user_xattr)
/proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda7 on /home type ext3 (rw,acl,user_xattr)
/dev/sda1 on /windows/C type fuseblk (rw,noexec,nosuid,nodev,allow_other,default_permissions,blksize=4096)
/dev/sda2 on /windows/D type fuseblk (rw,noexec,nosuid,nodev,allow_other,default_permissions,blksize=4096)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
gvfs-fuse-daemon on /home/saihari/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=saihari)
/dev/mmcblk0p1 on /media/sdcard type vfat (rw,noexec,nosuid,nodev,quiet,shortname=mixed,uid=0,gid=0,umask=077,fmask=0177,dmask=0077,utf8,iocharset=iso8859-1)

For more options using the “-h” option.

opensuse111:~ # pmount -h
Usage:

pmount [options] <device> [<label>]
….

Options:
-r          : force <device> to be mounted read-only
-w          : force <device> to be mounted read-write
-s, –sync  : mount <device> with the ‘sync’ option (default: ‘async’)
-A, –noatime
mount <device> with the ‘noatime’ option (default: ‘atime’)
-e, –exec  : mount <device> with the ‘exec’ option (default: ‘noexec’)
-t <fs>     : mount as file system type <fs> (default: autodetected)
-c <charset>: use given I/O character set (default: ‘utf8′ if called
in an UTF-8 locale, otherwise mount default)
-u <umask>  : use specified umask instead of the default (only for
file sytems which actually support umask setting)
–fmask <fmask>
use specified fmask
–dmask <dmask>
use specified dmask
-p <file>, –passphrase <file>
read passphrase from file instead of the terminal
(only for LUKS encrypted devices)
-d, –debug : enable debug output (very verbose)
-h, –help  : print this help message and exit successfuly
-V, –version
print version number and exit successfully

To troubleshoot a mount issue, try mounting with the “-d” option

The following has debug enabled and run without and with an entry in /etc/pmount.allow to throw some light on the level of useful information one will get.

DEBUG without entry in /etc/pmount.allow

opensuse111:~ # pmount -d /dev/mmcblk0p1 sdcard
resolved /dev/mmcblk0p1 to device /dev/mmcblk0p1
Checking for device ‘/dev/mmcblk0p1′ in ‘/etc/fstab’
-> not foundmount point to be used: /media/sdcard
no iocharset given, current locale encoding is UTF-8
locale encoding uses UTF-8, setting iocharset to ‘utf8′
locale encoding uses UTF-8: will mount FAT with utf8 optionCleaning lock directory /var/lock/pmount_dev_mmcblk0p1
Checking for device ‘/dev/mmcblk0p1′ in ‘/etc/mtab’
-> not foundChecking for device ‘/dev/mmcblk0p1′ in ‘/proc/mounts’
-> not founddevice_whitelist: checking /etc/pmount.allow…
device_whitlisted(): nothing matched, returning 0
find_sysfs_device: looking for sysfs directory for device 179:1
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/sda (8:0)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/sr0 (11:0)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop0 (7:0)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop1 (7:1)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop2 (7:2)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop3 (7:3)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop4 (7:4)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop5 (7:5)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop6 (7:6)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/loop7 (7:7)
find_sysfs_device: checking whether /dev/mmcblk0p1 is on /sys/block/mmcblk0 (179:0)
find_sysfs_device: major device numbers match
find_sysfs_device: minor device numbers do not match, checking partitions…
find_sysfs_device: checking whether device /dev/mmcblk0p1 matches partition 179:0
find_sysfs_device: checking whether device /dev/mmcblk0p1 matches partition 179:1
find_sysfs_device: -> partition matches, belongs to block device /sys/block/mmcblk0
device_removable: could not find a sysfs device for /dev/mmcblk0p1
Error: device /dev/mmcblk0p1 is not removable
policy check failed

DEBUG with entry in /etc/pmount.allow

opensuse111:~ # pmount -d /dev/mmcblk0p1 sdcard
resolved /dev/mmcblk0p1 to device /dev/mmcblk0p1
Checking for device ‘/dev/mmcblk0p1′ in ‘/etc/fstab’
-> not foundmount point to be used: /media/sdcard
no iocharset given, current locale encoding is UTF-8
locale encoding uses UTF-8, setting iocharset to ‘utf8′
locale encoding uses UTF-8: will mount FAT with utf8 optionCleaning lock directory /var/lock/pmount_dev_mmcblk0p1
Checking for device ‘/dev/mmcblk0p1′ in ‘/etc/mtab’
-> not foundChecking for device ‘/dev/mmcblk0p1′ in ‘/proc/mounts’
-> not founddevice_whitelist: checking /etc/pmount.allow…
comparing /dev/mmcblk0p1 against whitelisted ‘/dev/mmcblk0p1′
device_whitlisted(): match, returning 1
policy check passed
spawnv(): executing /sbin/cryptsetup ‘/sbin/cryptsetup’ ‘isLuks’ ‘/dev/mmcblk0p1′
spawn(): /sbin/cryptsetup terminated with status 234
device is not LUKS encrypted, or cryptsetup with LUKS support is not installed
locking mount point directory
mount point directory locked
blkid gave FS vfat for ‘/dev/mmcblk0p1′
VFAT in a UTF-8 locale: using option utf8
filesystem is vfat and charset is utf-8: using iso8859-1
You can change with the -c optionspawnv(): executing /bin/mount ‘/bin/mount’ ‘-t’ ‘vfat’ ‘-o’ ‘nosuid,nodev,user,quiet,shortname=mixed,async,atime,noexec,uid=0,gid=0,umask=077,fmask=0177,dmask=0077,utf8,iocharset=iso8859-1′ ‘/dev/mmcblk0p1′ ‘/media/sdcard’
spawn(): /bin/mount terminated with status 0
unlocking mount point directory
mount point directory unlocked

Click Here to visit the project homepage.