Make default mount umasks less tight

Bug #453605 reported by Rey Tucker
210
This bug affects 55 people
Affects Status Importance Assigned to Milestone
gvfs
Expired
Wishlist
udisks (Ubuntu)
Won't Fix
Undecided
Unassigned
Declined for Precise by Martin Pitt
Trusty
Confirmed
Undecided
Unassigned
udisks2 (Ubuntu)
Fix Released
Medium
Martin Pitt
Declined for Precise by Martin Pitt
Trusty
Triaged
Medium
Unassigned

Bug Description

There should be an easy way to configure the default umask for VFAT/NTFS/similar file systems (perhaps through the existing gconf system, which has /system/storage/default_options/vfat/mount_options ?).

Revision history for this message
Rey Tucker (rtucker) wrote :
Martin Pitt (pitti)
Changed in devicekit-disks (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Martin Pitt (pitti) wrote :

We won't change the behaviour in udisks, there needs to be some default after all. However, it's conceivable to add a configuration option for this in nautilus.

affects: devicekit-disks (Ubuntu) → nautilus (Ubuntu)
Changed in nautilus (Ubuntu):
importance: Low → Wishlist
summary: - vfat removable media defaults to world-readable files
+ Make default mount umasks configurable
Revision history for this message
Martin Pitt (pitti) wrote : Re: Make default mount umasks configurable

BTW, in lucid, VFAT drives are mounted with umask 077 again, as in Jaunty.

description: updated
Revision history for this message
Rey Tucker (rtucker) wrote :

A configuration option would be excellent.

Thanks for looking into this! :-)

Revision history for this message
X-Ander (x-ander) wrote :

I have added the following lines to my /etc/fstab:

/dev/sdb1 /media/usbd1 auto noauto,rw,user,shortname=mixed,dmask=02,fmask=0113,utf8=1,flush 0 2
/dev/sdc1 /media/usbd2 auto noauto,rw,user,shortname=mixed,dmask=02,fmask=0113,utf8=1,flush 0 2

Now two USB flash drives are mounted as I want. I don't need more because I have only two USB connectors free at my netbook.

The idea was suggested by http://hal.freedesktop.org/docs/DeviceKit-disks/Device.html#Device.FilesystemMount

Revision history for this message
Adrian Roman (adyroman5) wrote : Re: [Bug 453605] Re: Make default mount umasks configurable

I've tried the solution suggested above but when I stick the NTFS USB drive
in, it says it can't mount it and point to this bit of documentation:

Unprivileged block device mounts work only if all the below requirements are
met:

   1. ntfs-3g is compiled with integrated FUSE support
   2. the ntfs-3g binary is at least version 1.2506
   3. the ntfs-3g binary is set to setuid-root
   4. the user has access right to the volume
   5. the user has access right to the mount point

http://www.tuxera.com/community/ntfs-3g-faq/#unprivileged

But the default ntfs-3g version shipped with Lucid is not compiled with
integrated FUSE support:

user@host:~$ ntfs-3g --version
ntfs-3g 2010.3.6 external FUSE 28
user@host:~$

So maybe that works only for FAT drives? Anybody have a workaround for NTFS
drives in that case? :)

On Fri, May 7, 2010 at 1:15 PM, X-Ander <email address hidden> wrote:

> I have added the following lines to my /etc/fstab:
>
> /dev/sdb1 /media/usbd1 auto
> noauto,rw,user,shortname=mixed,dmask=02,fmask=0113,utf8=1,flush 0 2
> /dev/sdc1 /media/usbd2 auto
> noauto,rw,user,shortname=mixed,dmask=02,fmask=0113,utf8=1,flush 0 2
>
> Now two USB flash drives are mounted as I want. I don't need more
> because I have only two USB connectors free at my netbook.
>
> The idea was suggested by http://hal.freedesktop.org/docs/DeviceKit-
> disks/Device.html#Device.FilesystemMount<http://hal.freedesktop.org/docs/DeviceKit-%0Adisks/Device.html#Device.FilesystemMount>
>
> --
> Make default mount umasks configurable
> https://bugs.launchpad.net/bugs/453605
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Revision history for this message
Dana Goyette (danagoyette) wrote : Re: Make default mount umasks configurable

I'm marking this regression-release, because as commented on in the duplicate, we went from Jaunty (HAL) offering NTFS drives as 777 by default (I believe), with gconf options to change permissions, to Karmic (devkit-disks / udisks) offering no way to change permissions from 700 -- and thus no way to share an NTFS USB drive with Samba.

tags: added: regression-release
Revision history for this message
Dana Goyette (danagoyette) wrote :

Also, I tried to change "Nautilus" (linked to upstream bug tracker) to "gvfs", and got:
Internal Server Error
NotImplementedError

affects: nautilus → gvfs
Changed in gvfs:
status: Unknown → New
Changed in gvfs:
importance: Unknown → Wishlist
Revision history for this message
Ivan Razumov (iarspider) wrote :

Any chance of this to be fixed in the non-geek way? It's 10.10 already, and this bug is still here!

Revision history for this message
Harry Sufehmi (harry-sufehmi) wrote :

Amazing that this old bug manages to exist through 2011.

Anyway - I've googled around, and the only fix seems to be the one described on this post :
https://bugs.launchpad.net/ubuntu/+source/devicekit-disks/+bug/482501/comments/13

However, when I tried to install the source for devicekit-disks, I got error message : "Unable to find a source package for devicekit-disks"

I looked on the repository server, and the only source I could find is devicekit-disks_007.orig.tar.gz
(example: http://kambing.ui.ac.id/ubuntu/pool/main/d/devicekit-disks/devicekit-disks_007.orig.tar.gz)

So I downloaded it - then I found out that the content is different than the explanation in the post above.
(https://bugs.launchpad.net/ubuntu/+source/devicekit-disks/+bug/482501/comments/13)

Here I'm stuck with 2 years old bug, with a workaround which doesn't work anymore.

Any hints would be much appreciated.

Thanks !

Revision history for this message
Jan (jcgb) wrote :

Really nothing changed for another year? Thats poor.

Revision history for this message
Vetinari (vetinaria) wrote :

and a few months later, nothing...

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Quotting pitti from comment #2:
> We won't change the behaviour in udisks, there needs to be some default after all.

Please completely remove dmask from the vfat/ntfs mount options, like fmask already is (absent).
Patch available at LP #482501.

I assume that dmask=0077 was added at some point in order to protect the contents of the mountpoint?
Nowadays, all user-mounted media is protected by the attributes of the parent directory, /media/username.
guest@pc:~$ ls /media/alkisg
ls: cannot open directory /media/alkisg: Permission denied

Inside /media/username/mountpoint, directories and files should be world-readable to behave better when copied elsewhere (LP #592748), e.g. in ~/Documents, which is supposed to be world-readable by default.
For example, ~/.local is drwx------ but ~/.local/share is drwxr-xr-x,
similarly, /media/username should be drwx------ and /media/username/mountpoint/folders should be drwxr-xr-x.

For people needing a quick workaround, and since none exists yet, here's a really bad one that nevertheless does work for me:
# For the newer udisks2:
sudo sed 's/dmask=[0-9]\{4\}/dmask=0022/' -i /usr/lib/udisks2/udisksd
# For the older udisks:
sudo sed 's/dmask=[0-9]\{4\}/dmask=0022/' -i /usr/lib/udisks/udisks-daemon
# And reboot.

If udisks/udisks2 don't get fixed in some reasonable time, I'll upload patches packages for the LTS Ubuntu releases in the Greek Schools PPA. Unfortunately that'll be a pain, especially for udisks updates.

About configurability in nautilus, I don't think it will be needed if dmask gets removed. And in any case configurability belongs in udisks, not in packages that use udisks, because then every package that uses udisks should provide such an option.

Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in udisks (Ubuntu):
status: New → Confirmed
Changed in udisks2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

P.S. completely removing dmask from the mount options and letting /media/username "cover" the permission issues,
couples well with UDISKS_FILESYSTEM_SHARED,
so that people that want USB drives to be shared across users,
can just specify UDISKS_FILESYSTEM_SHARED="1" in udev for those drives.

Then /media/mountpoint will be world-readable for vfat/ntfs, as expected
(as opposed to /media/username/mountpoint which is protected with the default UDISKS_FILESYSTEM_SHARED="0").

no longer affects: nautilus (Ubuntu)
Revision history for this message
Martin Pitt (pitti) wrote :

udisks 1 is ancient and unmaintained, I won't fix it there.

For udisks 2 this seems to make sense at first sight. I'll look into this more closely; we need to retain a sensible behaviour for executable files.

Changed in udisks (Ubuntu):
status: Confirmed → Won't Fix
Changed in udisks2 (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

AFAIK, the showexec mount parameter that you're already using handles the executable files just fine, and it won't be affected by the dmask change.

Output from a patched udisks2 with dmask dropped:

alkisg@pc ~ $ grep vfat /proc/self/mountinfo
35 22 8:33 / /media/alkisg/usbstick rw,nosuid,nodev,relatime - vfat /dev/sdc1 rw,uid=1000,gid=1000,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,showexec,utf8,flush,errors=remount-ro
alkisg@pc ~ $ cd /media/alkisg/usbstick/
alkisg@pc /media/alkisg/usbstick $ touch test.exe test.com test.bat test.txt
alkisg@pc /media/alkisg/usbstick $ ls -lha test.*
-rwxr-xr-x 1 alkisg alkisg 0 Jan 20 19:21 test.bat
-rwxr-xr-x 1 alkisg alkisg 0 Jan 20 19:21 test.com
-rwxr-xr-x 1 alkisg alkisg 0 Jan 20 19:21 test.exe
-rw-r--r-- 1 alkisg alkisg 0 Jan 20 19:21 test.txt

Revision history for this message
Dimitri John Ledkov (xnox) wrote : binary junk

some attachment

Martin Pitt (pitti)
summary: - Make default mount umasks configurable
+ Make default mount umasks less tight
Revision history for this message
Martin Pitt (pitti) wrote :
Changed in udisks2 (Ubuntu):
status: Confirmed → Fix Committed
Changed in udisks2 (Ubuntu Trusty):
status: New → Triaged
Changed in udisks2 (Ubuntu):
importance: Undecided → Medium
Changed in udisks2 (Ubuntu Trusty):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package udisks2 - 2.1.5-1

---------------
udisks2 (2.1.5-1) experimental; urgency=medium

  [ Martin Pitt ]
  * New upstream release:
    - Drop default [df]mask for VFAT and NTFS (LP: #453605)
  * Drop our patches, included upstream.
  * debian/rules: Configure with --enable-fhs-media, to continue mounting in
    /media instead of /run/media. (Previously done by a Debian patch)
  * debian/tests/upstream-system: Drop ntfs-3g test dependency; due to a bug
    in the BLKRRPART ioctl this causes eternal udev and thus mount hangs.
    (see LP #1398859)
  * udisks2-inhibit: Don't use mount --move, as it doesn't work under shared
    mounts (i. e. under systemd). (LP: #1410851)

  [ Michael Biebl ]
  * Update Vcs-Browser URL to use cgit and https.
 -- Martin Pitt <email address hidden> Fri, 06 Mar 2015 09:29:30 +0100

Changed in udisks2 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Mike (0x656b694d) wrote :

Hello,

Should it work now with the UDF system as well?
Currently with the default options only root can see the content of a DVD recorded on a DVD recorder.
I can manually remount with mode=444,dmode=555, but not my father. I'd like to know before upgrading his computer to Ubuntu beta release.

Thanks.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in udisks (Ubuntu Trusty):
status: New → Confirmed
Changed in gvfs:
status: New → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.