Hello, C. Gatzemeier wrote: > Topic 2) in the original bugreport addresses removable (usb etc.) devices > pluged into a multi-user system whith several users loged in simultaniously, > i.e. terminal servers, multi-seat systems, or over the network etc. > > > I was looking for a way to ensure that the owner of say an usb-stick that > plugs it into the multi-seat system he works on is also the only one to > read/write his usb-stick. > > One idea would be for the user to be able to "lock" or better > reserve/schedule > whatever the mounting of the (next) removable media. Making sure no other > users sneek in on his usb-stick in the time between insertion and him > mounting his device or unmounting and him unpluging his media.
As far as I can tell, this is technically difficult. What would be the mechanism to reserve the device ? What happens when two users try to reserve the same device at the same time ?? For me, it seems to only push the problem earlier in time, but that wouldn't solve it : nothing could prevent a malicious user to permanently lock all the devices, and you wouldn't be able to access your data as well. One way might be to reserve the use of pmount to physically logged-in users, but that isn't always a good idea (think about, say, SMB shares, or even local hard-drives that are not permanently mounted for some reasons)... I now see better the problem which you are rising, but I currently don't see any technical solution - or at least, none that would be more fool-proof than the current (non) solution. My advice would be to resort to cryptography, if you fear for the safety of your data; pmounts handles that transparently (devices created with luksformat). I agree however that it wouldn't be convenient > --- > > I did make the mistake to mix two topics in one report. :( Yes, very bad ;-)... That's why I split the reports in the end. > Could the optimized mount options described under 1) already get implemented? > > Like mounting with --private or --public permissions, tweaking the > permissions > depending on current umask settings, filesystems (vfat) and locale (utf8)? Currently, pmount /dev/something mounts it privately (for filesystems that don't support permissions, others are not affected). pmount -u 022 /dev/something mounts it with umask = 022. That's basically your --public/--private options, except they have slightly different names. UTF8 is slightly more complex, as the Linux Kernel doesn't support UTF8 very well with FAT, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443514 I considered this part of the request to be implemented. > Thank you again for checking back on this report. You're welcome ;-) ! Regards, Vincent -- Vincent Fourmond, Debian Developer http://vince-debian.blogspot.com/ -- pretty boring signature, isn't it ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
