Mounting Drives

Mount options

  • defaults: equivalent to rw,suid,dev,exec,auto,nouser,async
  • user, users: implicit default values of noexec,nosuid,nodev
  • suid
  • Using the suid option (implicitly or explicitly) for writeable-executable partitions other than "/" is a security risk, as it potentially lets users alter and execute files that run with a greater level of access than they're allowed, for files in which the SUID and rwx bits are enabled.
  • For files owned by root, it potentially allows the users to run commands with root access.
  • Even if the w bit is disabled for a file in the above cases, it still presents a potential security risk, if the file performs (or might perform in the future) any actions that users with r and x access to it shouldn't be able to perform.
  • If suid is used, when possible:
  • Use noexec
  • Use ro
  • Periodically scan for files with the SUID / SGID bit enabled.  Disable SUID / SGID for any files for which it's not absolutely necessary.
Umount options
  • -l :  lazy unmount
  • -f :  force unmount
Mount points
  • The access rights and user / group ownership for the top-most directory of a mounted partition are not affected by the access rights and user / group ownership of the physical mount point (with the possible exception of Zip drives).
  • When a partition is mounted, the top-most directory of the mounted partition replaces the physical mount point, and the physical mount point can not be accessed.
  • While a partition is not mounted, changes to the mount point apply to the physical mount point.
  • For ext2 and other file systems that can store access rights and user / group ownership, while the partition is mounted, changes to the mount point apply to the top-most mounted directory.
  • For fat32 / fat16 partitions, the default access rights for a mounted partition are determined by root's umask value, and the default user / group ownership is root (at least, when the partitions are auto-mounted).  The default values can be overridden using the umask, gid, and uid mount options.
  • For floppy disks using fat32 / fat16, the default access rights are set by the umask value of the user who mounts the drive, and the user / group ownership is that of the user who mounts the drive (this may also apply to fat32 / fat16 hard-drive partitions).
  • For CDs, the default user / group ownership is root.

Hard drives

Create mount point (as root)

  • mkdir /mnt/data  (mount point for hard drive partition)
  • chmod 777 /mnt/data  (rwx access for all users)
  • chmod 775 /mnt/data  (rwx access for owner and group, r and x access for others)
  • chmod 770 /mnt/data  (rwx access for owner and group, no access for others)
  • chmod 755 /mnt/data  (rwx access for owner, r and x access for group and others)
  • By default, use "root" for the user / group membership of the physical mount point, and use 755 for the access rights (chmod).

In /etc/fstab

  • /dev/hd<a..h><1..16>  <directory>  <msdos, vfat, ext2, ...>  umask=0 0 0  (full access rights for all users in this example with umask=0)
Examples
fat32
  • /dev/hda4  /mnt/data  vfat  umask=0  0 0  (rwx access for all)
  • /dev/hda4  /mnt/data  vfat  umask=111  0 0  (rw access for all)
fat
  • /dev/hda4  /mnt/data  msdos  umask=0  0 0  (rwx access for all)

From the command line

  • mount -t <msdos, vfat, ext2, ...>  /dev/hd<a..h><1..16>   <directory>
  • mount -t <msdos, vfat, ext2, ...>  [-o <user,exec,rw,...>*] /dev/hd<a..h><1..16>   <directory>
  • mount -a  (causes all filesystems mentioned in /etc/fstab, those without noauto, to be mounted)
  • umount -a  (causes all of the filesystems mentioned in /etc/mtab, except for those with the proc filesystem, to be unmounted)

Floppy drives

In /etc/fstab

  • /dev/fd0  /mnt/floppy  auto  noauto,owner  0 0

CD drives

In /etc/fstab

  • /dev/cdrom  /mnt/cdrom  udf,iso9660  noauto,owner,ro  0 0

ISO images

From the command line
  • mount -o loop -t iso9660 <isofilename> <mountpoint>

Zip drives

Loading relevant modules

Parallel port Zip drives

With root access, type "/sbin/lsmod" to see the list of currently-loaded modules.

In /etc/rc.d/rc.local, add the following lines (in this order) for any of the following modules that are not already loaded.

  • insmod scsi_mod
  • insmod parport
  • insmod ppa
  • insmod lp
  • insmod parport_pc  (not sure about the order for loading this module, somewhere after "parport")

Create mount point

  • mkdir /mnt/zip  (mount point for Zip drive)
  • chmod 666 /mnt/zip  (rw access for all users)

In /etc/fstab

  • /dev/sda4  /mnt/zip  vfat  noauto,rw,user,nosuid,sync,mode=0777  0 0
  • Usage of the "sync" option disables buffering of write accesses, which is slower but safer.

From the command line

  • mount -t vfat /dev/sda4 /mnt/zip
  • umount /mnt/zip
  • mount /dev/sda4  (other parameters obtained from /etc/fstab)
  • umount /dev/sda4