Re: parted is ALMOST suitable
On Fri 11 Nov 2016 at 18:09:33 +0100, Pascal Hambourg wrote: > Le 11/11/2016 à 17:24, Brian a écrit : > > > >As the manual says: > > > > CACHE_FILE= > > Overrides the standard location of the cache file. This setting > > can be overridden by the environment variable BLKID_FILE. Default > > is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a > > /run directory. > > In Wheezy the man page does not mention /run, and there is no > /run/blkid/blkid.tab. > > >>However note that /dev/sdb* is owned by group "floppy" and my standard user > >>account is a member of this group. > > > >If you are on Jessie (and have not altered any udev rules) you have a > >broken system. > > This computer runs Wheezy and I did not alter udev rules. Looks like things > have changed with Jessie. Wheezy has /etc/udev/rules.d/91-permissions.rules; Jessie doesn't. This thread has a short discussion on gparted and bug #439409. The bug report was submitted for Wheezy and the behaviour you observe formed the basis of an argument. The bug report now has a different complexion but has still not been updated to reflect the altered situation. -- Brian.
Re: parted is ALMOST suitable
Le 11/11/2016 à 17:24, Brian a écrit : As the manual says: CACHE_FILE= Overrides the standard location of the cache file. This setting can be overridden by the environment variable BLKID_FILE. Default is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a /run directory. In Wheezy the man page does not mention /run, and there is no /run/blkid/blkid.tab. However note that /dev/sdb* is owned by group "floppy" and my standard user account is a member of this group. If you are on Jessie (and have not altered any udev rules) you have a broken system. This computer runs Wheezy and I did not alter udev rules. Looks like things have changed with Jessie.
Re: parted is ALMOST suitable
On Fri 11 Nov 2016 at 15:38:07 +0100, Pascal Hambourg wrote: > Le 08/11/2016 à 00:54, Brian a écrit : > > > >When blkid is run as root it creates the file > >/run/blkid/blkid.tab. A user running blkid only gets to see the contents > >of blkid.tab. > > That does not appear to be completely correct. > If I run blkid as a standard user after plugging a USB drive, it lists the > USB drive partition, although blikd.tab was not modified. > > $ /sbin/blkid | grep sdb > /dev/sdb1: LABEL="USB DISK" UUID="48DB-E077" TYPE="vfat" > > $ grep sdb /etc/blkid.tab || echo not found > not found As the manual says: CACHE_FILE= Overrides the standard location of the cache file. This setting can be overridden by the environment variable BLKID_FILE. Default is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a /run directory. > However note that /dev/sdb* is owned by group "floppy" and my standard user > account is a member of this group. If you are on Jessie (and have not altered any udev rules) you have a broken system. Please post the output of 'ls -l /etc/udev/rules.d'. -- Brian.
Re: parted is ALMOST suitable
Le 08/11/2016 à 00:54, Brian a écrit : When blkid is run as root it creates the file /run/blkid/blkid.tab. A user running blkid only gets to see the contents of blkid.tab. That does not appear to be completely correct. If I run blkid as a standard user after plugging a USB drive, it lists the USB drive partition, although blikd.tab was not modified. $ /sbin/blkid | grep sdb /dev/sdb1: LABEL="USB DISK" UUID="48DB-E077" TYPE="vfat" $ grep sdb /etc/blkid.tab || echo not found not found However note that /dev/sdb* is owned by group "floppy" and my standard user account is a member of this group.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 04:56:36PM -0700, Joe Pfeiffer wrote: > Brianwrites: [...] > >> Hopefully. But that's not because bash checks that (as parted is). > >> It's because the permissions on the device file are set right! > > > > udev doesn't come into the picture for removable disks? It did on > > pre-Jessie. > > What is the relevance of udev here? Yes, udev sets the permissions, but > the issue is whether they're right not who sets them. Exactly. That was my take, too. It's udev's job to react to events generated by the kernel and to set up things in user space (perms, symlinks, whatnot) according to whatever policy the distro and the sysadmin have set up. That's why the rules in /lib/udev (distribution) and /etc/udev (sysad, override the distro's) exist. The kernel is no place to have those rules, it's just the one enforcing them. Layering, again :-) - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgkN10ACgkQBcgs9XrR2kbR+gCdEXRyxAM6+Wx/mcZ4FSxf4LMl T1sAn0yMoDTouLMigQyXHLvUFpP+RCbe =ijKP -END PGP SIGNATURE-
Re: parted is ALMOST suitable
Brianwrites: > On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote: > >> On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote: >> > >> > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed >> > disk. It's the same for a removable disk. The system came like that. >> >> Hopefully. But that's not because bash checks that (as parted is). >> It's because the permissions on the device file are set right! > > udev doesn't come into the picture for removable disks? It did on > pre-Jessie. What is the relevance of udev here? Yes, udev sets the permissions, but the issue is whether they're right not who sets them.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 08:48:04PM +, Brian wrote: > On Wed 09 Nov 2016 at 21:35:14 +0100, to...@tuxteam.de wrote: [...] > > Hm. Layering error. > > Sorry. I'm unfamiliar with this term ("layering errors") Sorry. Was meaning to say "layering violation": you design complex systems in layers and try to take care of each aspect in the relevant layer. In our case, the OS ("lower layer" of sorts) takes care of access control, the application takes care of the user. This does away with subtle irritations (in our case: "but the user *has* access permissions to the block device, why...?) brought about by conflicting decisions in different layers ("has explicitly to be UID 0" vs. "has to have read or read/write access to the block device). > and was just trying to point out that the basis on which the report was > submitted is no longer valid and an additional report could make the > point without relying on outdated ideas. regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgjkWgACgkQBcgs9XrR2kazcQCdFWjUKAkxdBKKnj8ONpNlJi1h aRkAnievFzGn6TeACL0LcEC3Rlioc6LR =Z5Jw -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 21:35:14 +0100, to...@tuxteam.de wrote: > On Wed, Nov 09, 2016 at 05:38:01PM +, Brian wrote: > > On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote: > > > > > >> > Futzing with partitions is the admin's job. > > > >> Could be, but it's not (g)parted's job to enforce these kinds of rules: > > [...] > > > > It costs extra code with at best no benefit. > > > > A well-made couple of points. But a user being able to shoot himself > > in his own foot with other tools as a way of bolstering the argument > > doesn't bear close scrutiny nowadays. > > But this should be taken care of by the device files having appropriate > permissions. An /dev/sda having -rw-rw-rw- is asking for trouble, I > think we all agree on this :-) I hope so. > > Perhaps a reason for updating > > the bug record to clarify what the issue is? > > Hm. Layering error. Sorry. I'm unfamiliar with this term ("layering errors") and was just trying to point out that the basis on which the report was submitted is no longer valid and an additional report could make the point without relying on outdated ideas. -- Brian.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 05:38:01PM +, Brian wrote: > On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote: > > > >> > Futzing with partitions is the admin's job. > > >> Could be, but it's not (g)parted's job to enforce these kinds of rules: [...] > > It costs extra code with at best no benefit. > > A well-made couple of points. But a user being able to shoot himself > in his own foot with other tools as a way of bolstering the argument > doesn't bear close scrutiny nowadays. But this should be taken care of by the device files having appropriate permissions. An /dev/sda having -rw-rw-rw- is asking for trouble, I think we all agree on this :-) > Perhaps a reason for updating > the bug record to clarify what the issue is? Hm. Layering error. regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgjiIIACgkQBcgs9XrR2kbPQACeOgjjHNwDURiKeeI8id4iNn9i eMsAn1rAkCgZXl3bL8MkzYwp0L27MeHA =0fEr -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 06:29:32PM +, Brian wrote: [...] > Raw disk access to a device the user does not own *is* sacred. YES! And the OS takes care of that part! > Access to a device the user does own is up to the user. Again: wholeheartedly, yes. > Applications should not prevent that legitimate access taking > place. Thank you for raising the disk image situation. Seems we are in violent agreement :-) regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgjh70ACgkQBcgs9XrR2kYDbACfQXr6xzcSxZDyrEHuyB3hh5mv kGAAnRFzgDDZkfTQowy+XN4hNhHNsiQF =O5aX -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote: > On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote: > > On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote: > > > > > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > > > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > > > > > > > >>> *HOWEVER* parted requires root privileges. That is not > > > > > >>> acceptable. > > > > > >>> Suggestions? > > > > > >>> TIA > > > > > > Futzing with partitions is the admin's job. > > > > > > > > > > Could be, but it's not (g)parted's job to enforce these kinds of > > > > > rules: > > > > > that's what Unix permissions (and Linux's capabilities) are for. > > > > > > > > > > It's OK to add a warning and prompt the user to make sure he really > > > > > means to do that, but there's no point *preventing* the user from > > > > > shooting his own foot with this tool if he can do it with other > > > > > tools anyway. > > > > > > > > Users here get no opportunity to shoot themselves or anyone else in the > > > > foot. Access to raw disks is over my dead body. So I do not understand > > > > your point. > > > > > > C'mon. Cut the drama. Dead bodies and that. > > > > It's a turn of phrase. Sometimes used with a touch of humour. > > > > > As if "raw disk" were some kind of sacred stuff. In my case they are > > > simple files on disk (disk images). Shall I have to become root every > > > time I have to write a partition table to that? No. I just use fdisk. > > > > > > It's the job of file (device) permissions to ensure that. Or are you > > > going to patch around bash's redirection operator too, to keep "users" > > > from shooting themselves in the foot by issuing > > > > > > echo "mumble" > /dev/sda2 > > > > > > Not really. > > > > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed > > disk. It's the same for a removable disk. The system came like that. > > Hopefully. But that's not because bash checks that (as parted is). > It's because the permissions on the device file are set right! udev doesn't come into the picture for removable disks? It did on pre-Jessie. > IOW, it's not the application's job (bash or parted), it's the OS's > job (with the sysadmin's help) to check access permissions. > > BTW it's very easy to fool the application itself (and this migh be > a perverse "solution" to Richard's problem). Just run gparted under > fakeroot. It won't convey you read/write permissions you don't have, > but it will fool gparted to think it's running as root: Would you please give an example of when it is possible to fool the application and obtain somthing you otherwise wouldn't obtain as a user.
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 08:10:37 -0600, Richard Owlett wrote: > On 11/9/2016 4:27 AM, to...@tuxteam.de wrote: > >[*SNIP*] > > > >BTW it's very easy to fool the application itself (and this might be > >a perverse "solution" to Richard's problem). Just run gparted under > >fakeroot. It won't convey you read/write permissions you don't have, > >but it will fool gparted to think it's running as root: > > That may do the trick. Especially as what I wanted was descriptive > information concerning the physical partition and wanted it displayed in a > convenient format. I was explicitly avoiding operations requiring root > privileges to avoid "shooting self in foot". 'fakeroot gparted' will not do the trick for you. It is a dead end solution for what you want. -- Brian.
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote: > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > > > >>> *HOWEVER* parted requires root privileges. That is not acceptable. > > > >>> Suggestions? > > > >>> TIA > > > > Futzing with partitions is the admin's job. > > > > > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > > > that's what Unix permissions (and Linux's capabilities) are for. > > > > > > It's OK to add a warning and prompt the user to make sure he really > > > means to do that, but there's no point *preventing* the user from > > > shooting his own foot with this tool if he can do it with other > > > tools anyway. > > > > Users here get no opportunity to shoot themselves or anyone else in the > > foot. Access to raw disks is over my dead body. So I do not understand > > your point. > > C'mon. Cut the drama. Dead bodies and that. When I wrote that I had in mind the advice to put a user in the disk group to get 'lsblk -f' to give a wanted output. It will work. It also gives the user the opportunity to completely destroy the system with dd. > As if "raw disk" were some kind of sacred stuff. In my case they are > simple files on disk (disk images). Shall I have to become root every > time I have to write a partition table to that? No. I just use fdisk. > > It's the job of file (device) permissions to ensure that. Or are you > going to patch around bash's redirection operator too, to keep "users" > from shooting themselves in the foot by issuing > > echo "mumble" > /dev/sda2 > > Not really. Raw disk access to a device the user does not own *is* sacred. Access to a device the user does own is up to the user. Applications should not prevent that legitimate access taking place. Thank you for raising the disk image situation. -- Brian.
Re: parted is ALMOST suitable
On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote: > >> > Futzing with partitions is the admin's job. > >> Could be, but it's not (g)parted's job to enforce these kinds of rules: > >> that's what Unix permissions (and Linux's capabilities) are for. > >> It's OK to add a warning and prompt the user to make sure he really > >> means to do that, but there's no point *preventing* the user from > >> shooting his own foot with this tool if he can do it with other > >> tools anyway. > > > Users here get no opportunity to shoot themselves or anyone else in the > > foot. Access to raw disks is over my dead body. > > So your users don't have access rights to the raw disks? > Great! then (g)parted doesn't need to check anything since the kernel > will do that already. > > > So I do not understand your point. > > The fact that it checks if the user is UID 0 is either useless (because > the user doesn't have write access to the device anyway, as should > usually be the case for the real physical devices connected to the > machine) or annoying (because it doesn't give any extra security since > the user can shoot himself in the foot with any number of other tools > anyway). > > It costs extra code with at best no benefit. A well-made couple of points. But a user being able to shoot himself in his own foot with other tools as a way of bolstering the argument doesn't bear close scrutiny nowadays. Perhaps a reason for updating the bug record to clarify what the issue is? -- Brian.
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 12:01:10 +0100, to...@tuxteam.de wrote: > On Wed, Nov 09, 2016 at 10:45:52AM +, Brian wrote: > > [...] > > > I hope cfdisk is an acceptable alternative to gparted, which is not on > > my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda: > > Permission denied". > > We are talking past each other, I think. > > The above result is to be expected. I'm perfectly OK with that. > You'd get that wih or without fakeroot (it doesn't convey powers > to you you don't have. That feat would imply a gaping security > hole in Linux. There are some, but the most obvious have been > covered -- hopefully! long ago. > > The point Stefan (and me) are trying to make is that *the application > has no business in checking user permissions*, and parted is doing > exactly that ("am I root?"). It's something to be left to the OS > (try to open the device and catch an EACCESS error; translate that > for the user. That's what cfdisk above *is* doing, and I'm fine > with that! > > *If* you happen to have read/write access to a device/file [1], then > cfdisk would let you just go ahead (right behaviour), while gparted > would stop you ("nyah nyah you aren' root" -- *wrong*). > > [1] Stefan and me have given examples where that would make sense. #439409 was filed in 2007 and in the context of repartiting an external device. In 2011 the question was asked: > Are you sure that you can simply "cat /dev/sdg" on > your GNU/Linux distribution? To which the answer was: > Huh? Of course, I"m sure. If the question had been asked after April 2014 and the release of udev 204-9 the answer would (or should) have been "no". The command can be tried on Jessie. "Permission denied" is the result. This makes it impossible for a user to cat a Debian ISO to a USB stick. That's also the subject of a bug report. But nothing to do with gparted. Granted that gparted should not be checking user permissions and there is a case for having it stop doing so. However, ceasing to check if the user is UID 0 doesn't get him anywhere (with an external device) unless he or gparted can sneak past udev. A disk image as a file is a different matter. -- Brian.
Re: parted is ALMOST suitable
On Tuesday 08 November 2016 20:49:08 Stefan Monnier wrote: > > Feel free to weight in ;-) > >^^^ > No idea where this `t` came from, > > > Stefan There's a gremlin in your keyboard too, is there? ;-) Lisi
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 10:45:52AM +, Brian wrote: [...] > I hope cfdisk is an acceptable alternative to gparted, which is not on > my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda: > Permission denied". We are talking past each other, I think. The above result is to be expected. I'm perfectly OK with that. You'd get that wih or without fakeroot (it doesn't convey powers to you you don't have. That feat would imply a gaping security hole in Linux. There are some, but the most obvious have been covered -- hopefully! long ago. The point Stefan (and me) are trying to make is that *the application has no business in checking user permissions*, and parted is doing exactly that ("am I root?"). It's something to be left to the OS (try to open the device and catch an EACCESS error; translate that for the user. That's what cfdisk above *is* doing, and I'm fine with that! *If* you happen to have read/write access to a device/file [1], then cfdisk would let you just go ahead (right behaviour), while gparted would stop you ("nyah nyah you aren' root" -- *wrong*). [1] Stefan and me have given examples where that would make sense. - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgjAfYACgkQBcgs9XrR2kaPIwCeNf0Fb9cP5e4efUT3KoPrnK+V 87kAn0pivYKxpFwnQb0wa7i1rrpZdtsF =FBNW -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote: > On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote: > > On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote: > > > > > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > > > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > > > > > > > >>> *HOWEVER* parted requires root privileges. That is not > > > > > >>> acceptable. > > > > > >>> Suggestions? > > > > > >>> TIA > > > > > > Futzing with partitions is the admin's job. > > > > > > > > > > Could be, but it's not (g)parted's job to enforce these kinds of > > > > > rules: > > > > > that's what Unix permissions (and Linux's capabilities) are for. > > > > > > > > > > It's OK to add a warning and prompt the user to make sure he really > > > > > means to do that, but there's no point *preventing* the user from > > > > > shooting his own foot with this tool if he can do it with other > > > > > tools anyway. > > > > > > > > Users here get no opportunity to shoot themselves or anyone else in the > > > > foot. Access to raw disks is over my dead body. So I do not understand > > > > your point. > > > > > > C'mon. Cut the drama. Dead bodies and that. > > > > It's a turn of phrase. Sometimes used with a touch of humour. > > > > > As if "raw disk" were some kind of sacred stuff. In my case they are > > > simple files on disk (disk images). Shall I have to become root every > > > time I have to write a partition table to that? No. I just use fdisk. > > > > > > It's the job of file (device) permissions to ensure that. Or are you > > > going to patch around bash's redirection operator too, to keep "users" > > > from shooting themselves in the foot by issuing > > > > > > echo "mumble" > /dev/sda2 > > > > > > Not really. > > > > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed > > disk. It's the same for a removable disk. The system came like that. > > Hopefully. But that's not because bash checks that (as parted is). > It's because the permissions on the device file are set right! > > IOW, it's not the application's job (bash or parted), it's the OS's > job (with the sysadmin's help) to check access permissions. > > BTW it's very easy to fool the application itself (and this migh be > a perverse "solution" to Richard's problem). Just run gparted under > fakeroot. It won't convey you read/write permissions you don't have, > but it will fool gparted to think it's running as root: 'fakeroot lsblk -f' gives the same output on Jessie as 'lsblk -f". > tomas@rasputin:~$ whoami > tomas > tomas@rasputin:~$ fakeroot whoami > root > tomas@rasputin:~$ > > So try running "fakeroot gparted" -- that might help. No need for > elevated permissions :-) > > Fakeroot is in the like-named package. I hope cfdisk is an acceptable alternative to gparted, which is not on my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda: Permission denied". -- Brian.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote: > On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote: > > > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > > > > > >>> *HOWEVER* parted requires root privileges. That is not > > > > >>> acceptable. > > > > >>> Suggestions? > > > > >>> TIA > > > > > Futzing with partitions is the admin's job. > > > > > > > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > > > > that's what Unix permissions (and Linux's capabilities) are for. > > > > > > > > It's OK to add a warning and prompt the user to make sure he really > > > > means to do that, but there's no point *preventing* the user from > > > > shooting his own foot with this tool if he can do it with other > > > > tools anyway. > > > > > > Users here get no opportunity to shoot themselves or anyone else in the > > > foot. Access to raw disks is over my dead body. So I do not understand > > > your point. > > > > C'mon. Cut the drama. Dead bodies and that. > > It's a turn of phrase. Sometimes used with a touch of humour. > > > As if "raw disk" were some kind of sacred stuff. In my case they are > > simple files on disk (disk images). Shall I have to become root every > > time I have to write a partition table to that? No. I just use fdisk. > > > > It's the job of file (device) permissions to ensure that. Or are you > > going to patch around bash's redirection operator too, to keep "users" > > from shooting themselves in the foot by issuing > > > > echo "mumble" > /dev/sda2 > > > > Not really. > > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed > disk. It's the same for a removable disk. The system came like that. Hopefully. But that's not because bash checks that (as parted is). It's because the permissions on the device file are set right! IOW, it's not the application's job (bash or parted), it's the OS's job (with the sysadmin's help) to check access permissions. BTW it's very easy to fool the application itself (and this migh be a perverse "solution" to Richard's problem). Just run gparted under fakeroot. It won't convey you read/write permissions you don't have, but it will fool gparted to think it's running as root: tomas@rasputin:~$ whoami tomas tomas@rasputin:~$ fakeroot whoami root tomas@rasputin:~$ So try running "fakeroot gparted" -- that might help. No need for elevated permissions :-) Fakeroot is in the like-named package. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgi+f8ACgkQBcgs9XrR2kbsNgCggZ+IxtEt3EomY0RhA+erYApz f2UAn3Big3UUWWJ7ZWhAG184NCu7EPvm =YNug -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote: > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > > > >>> *HOWEVER* parted requires root privileges. That is not acceptable. > > > >>> Suggestions? > > > >>> TIA > > > > Futzing with partitions is the admin's job. > > > > > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > > > that's what Unix permissions (and Linux's capabilities) are for. > > > > > > It's OK to add a warning and prompt the user to make sure he really > > > means to do that, but there's no point *preventing* the user from > > > shooting his own foot with this tool if he can do it with other > > > tools anyway. > > > > Users here get no opportunity to shoot themselves or anyone else in the > > foot. Access to raw disks is over my dead body. So I do not understand > > your point. > > C'mon. Cut the drama. Dead bodies and that. It's a turn of phrase. Sometimes used with a touch of humour. > As if "raw disk" were some kind of sacred stuff. In my case they are > simple files on disk (disk images). Shall I have to become root every > time I have to write a partition table to that? No. I just use fdisk. > > It's the job of file (device) permissions to ensure that. Or are you > going to patch around bash's redirection operator too, to keep "users" > from shooting themselves in the foot by issuing > > echo "mumble" > /dev/sda2 > > Not really. That gives "-bash: /dev/sda2: Permission denied" for me with a fixed disk. It's the same for a removable disk. The system came like that. -- Brian.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote: > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > > > >>> *HOWEVER* parted requires root privileges. That is not acceptable. > > >>> Suggestions? > > >>> TIA > > > Futzing with partitions is the admin's job. > > > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > > that's what Unix permissions (and Linux's capabilities) are for. > > > > It's OK to add a warning and prompt the user to make sure he really > > means to do that, but there's no point *preventing* the user from > > shooting his own foot with this tool if he can do it with other > > tools anyway. > > Users here get no opportunity to shoot themselves or anyone else in the > foot. Access to raw disks is over my dead body. So I do not understand > your point. C'mon. Cut the drama. Dead bodies and that. As if "raw disk" were some kind of sacred stuff. In my case they are simple files on disk (disk images). Shall I have to become root every time I have to write a partition table to that? No. I just use fdisk. It's the job of file (device) permissions to ensure that. Or are you going to patch around bash's redirection operator too, to keep "users" from shooting themselves in the foot by issuing echo "mumble" > /dev/sda2 Not really. regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgi4sEACgkQBcgs9XrR2kZqqACfdO/MbOeWhqyJHco4uOlI9l35 2FkAn2FsqBIT+AYMWlqrS52IydW5dgU1 =fTKB -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 08, 2016 at 02:41:45PM -0500, Stefan Monnier wrote: > >>> *HOWEVER* parted requires root privileges. That is not acceptable. > >>> Suggestions? > >>> TIA > > Futzing with partitions is the admin's job. > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > that's what Unix permissions (and Linux's capabilities) are for. > > It's OK to add a warning and prompt the user to make sure he really > means to do that, but there's no point *preventing* the user from > shooting his own foot with this tool if he can do it with other > tools anyway. > > > fdisk also want's root (or > > sudo). You want some user poking around in the disk(s)? > > BTW, I have a pending bug report around this very same issue: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439409 > > Feel free to weight in ;-) Done. For me "this is the way gparted is designed" sounds so wrong on many levels that it took me a while to articulate myself :-) regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlgi4EUACgkQBcgs9XrR2kZQIgCcDwa+lVLv8fFUrJhMq8URV4Xq kzcAnRX6iNYN/fSKCe84iC/xWHkpJ5ZY =xRqQ -END PGP SIGNATURE-
Re: parted is ALMOST suitable
>> > Futzing with partitions is the admin's job. >> Could be, but it's not (g)parted's job to enforce these kinds of rules: >> that's what Unix permissions (and Linux's capabilities) are for. >> It's OK to add a warning and prompt the user to make sure he really >> means to do that, but there's no point *preventing* the user from >> shooting his own foot with this tool if he can do it with other >> tools anyway. > Users here get no opportunity to shoot themselves or anyone else in the > foot. Access to raw disks is over my dead body. So your users don't have access rights to the raw disks? Great! then (g)parted doesn't need to check anything since the kernel will do that already. > So I do not understand your point. The fact that it checks if the user is UID 0 is either useless (because the user doesn't have write access to the device anyway, as should usually be the case for the real physical devices connected to the machine) or annoying (because it doesn't give any extra security since the user can shoot himself in the foot with any number of other tools anyway). It costs extra code with at best no benefit. Stefan
Re: parted is ALMOST suitable
> Feel free to weight in ;-) ^^^ No idea where this `t` came from, Stefan
Re: parted is ALMOST suitable
On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote: > >>> *HOWEVER* parted requires root privileges. That is not acceptable. > >>> Suggestions? > >>> TIA > > Futzing with partitions is the admin's job. > > Could be, but it's not (g)parted's job to enforce these kinds of rules: > that's what Unix permissions (and Linux's capabilities) are for. > > It's OK to add a warning and prompt the user to make sure he really > means to do that, but there's no point *preventing* the user from > shooting his own foot with this tool if he can do it with other > tools anyway. Users here get no opportunity to shoot themselves or anyone else in the foot. Access to raw disks is over my dead body. So I do not understand your point. -- Brian.
Re: Correction - Re: parted is ALMOST suitable
On Tue 08 Nov 2016 at 05:19:15 -0600, Richard Owlett wrote: > On 11/8/2016 4:58 AM, Richard Owlett wrote: > >[snip] > > > >Actually I now have two options, "udevadm info" and "/sbin/blkid". > >>From Brian's comment on bug #776905, in future releases "blkid" > >may be an option. > > I'll have to modify that. Brian has stated in another sub-thread: > >... When blkid is run as root it creates the file > >/run/blkid/blkid.tab. A user running blkid only gets to see the contents > >of blkid.tab. There is no change to blkid.tab unless the command is run > >by root again. This makes /sbin/blkid useless as a user command for the > >purposes discussed in this thread. I probably gave the impression somewhere in this narrative that blkid as non-root was ok. It isn't; apologies. On Jessie you basically have only the single choice of udevadm. But it is still a win. :) -- Brian.
Re: parted is ALMOST suitable
On Tue 08 Nov 2016 at 06:40:26 -0600, David Wright wrote: > On Tue 08 Nov 2016 at 04:58:05 (-0600), Richard Owlett wrote: > > On 11/7/2016 8:36 PM, Michael Lange wrote: > [...] > > >I think that the command Brian suggested: > > > > > > udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE > > > > > >used with every partition that is returned by > > > > > > cat /proc/partitions > > > > > >might be a good option for the OP. > > > > Actually I now have two options, "udevadm info" and "/sbin/blkid". > > >From Brian's comment on bug #776905, in future releases "blkid" > > may be an option. > > You may find useful information in /run/udev/data/b8:0 etc > without having to run any commands yourself. These files stay > up to date as devices are plugged/unplugged. I thought so too, but went off the idea when trying to figure out which device was which and script it. udevadm (and lsblk) gets it information from /run/udev/data/ anyway. -- Brian.
Re: parted is ALMOST suitable
> On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: >> *HOWEVER* parted requires root privileges. That is not acceptable. >> Suggestions? >> TIA Futzing with partitions is the admin's job. fdisk also want's root (or sudo). You want some user poking around in the disk(s)? -- Glenn English
Re: parted is ALMOST suitable
On Tue 08 Nov 2016 at 04:58:05 (-0600), Richard Owlett wrote: > On 11/7/2016 8:36 PM, Michael Lange wrote: [...] > >I think that the command Brian suggested: > > > > udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE > > > >used with every partition that is returned by > > > > cat /proc/partitions > > > >might be a good option for the OP. > > Actually I now have two options, "udevadm info" and "/sbin/blkid". > >From Brian's comment on bug #776905, in future releases "blkid" > may be an option. You may find useful information in /run/udev/data/b8:0 etc without having to run any commands yourself. These files stay up to date as devices are plugged/unplugged. Cheers, David.
Correction - Re: parted is ALMOST suitable
On 11/8/2016 4:58 AM, Richard Owlett wrote: [snip] Actually I now have two options, "udevadm info" and "/sbin/blkid". From Brian's comment on bug #776905, in future releases "blkid" may be an option. I'll have to modify that. Brian has stated in another sub-thread: ... When blkid is run as root it creates the file /run/blkid/blkid.tab. A user running blkid only gets to see the contents of blkid.tab. There is no change to blkid.tab unless the command is run by root again. This makes /sbin/blkid useless as a user command for the purposes discussed in this thread.
Re: parted is ALMOST suitable
On 11/7/2016 5:54 PM, Brian wrote: On Mon 07 Nov 2016 at 21:07:45 +0100, Pascal Hambourg wrote: Le 07/11/2016 à 15:18, Richard Owlett a écrit : tomas@rasputin:~$ ls -al /dev/sd* brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 So you'd have to be associated to the "disk" group to read those things and you'd have to *be* root to write. Evidently not a solution. Added myself to both "disk" and "root" groups. Had no effect when attempting to run either lsblk or parted. Did you start a new session after adding yourself to the group ? New groups are only taken into account when opening a session. FWIW, adding myself to the "disk" group and starting a new session worked with lsblk -f. Didn't try parted. Is the suggestion to give a user raw access to disks a serious one? Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man page has a caution when not used as root, it seems to currently work on my immediately available Debian machine. Indeed blkid uses a cache file which is readable by everyone and is updated by udev. A very useful observation. When blkid is run as root it creates the file /run/blkid/blkid.tab. A user running blkid only gets to see the contents of blkid.tab. There is no change to blkid.tab unless the command is run by root again. This makes /sbin/blkid useless as a user command for the purposes discussed in this thread. I can confirm that on a fresh install /sbin/blkid does NOT return the desired information. However I do not recall running it as root before running it as user on the machine I had been using, so the may be other programs which create blkid.tab .
Re: parted is ALMOST suitable
On 11/7/2016 8:36 PM, Michael Lange wrote: On Mon, 7 Nov 2016 23:48:53 + Lisi Reiszwrote: Speaking as a Jessie user, changing to root and using lsblk -f is quicker and easier! Sure, but the OP said that's not an option. I think that the command Brian suggested: udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE used with every partition that is returned by cat /proc/partitions might be a good option for the OP. Regards Michael Actually I now have two options, "udevadm info" and "/sbin/blkid". From Brian's comment on bug #776905, in future releases "blkid" may be an option.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 07:54:23PM +0300, Reco wrote: > Hi. > > On Mon, Nov 07, 2016 at 04:05:17PM +0100, to...@tuxteam.de wrote: > > On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote: > > > I started writing that in my previous message, but then I actually > > > tested it on my own system. Good thing I did, because I got the > > > same result as Richard: being in group disk, which has read/write > > > access on /dev/sda*, does NOT give you output in the FSTYPE and other > > > fields of lsblk -f. It certainly surprised me. > > > > Indeed. I suspect lsblk is checking the user ID itself instead of > > letting the OS do its thing. For whatever reasons I can't fathom. [...] > The definition of this function contains this little gem (getuid call): [...] > /* try libblkid (fallback) */ > if (getuid() != 0) > return; /* no permissions to read from the device */ [...] > I.e. insufficient device permissions will return NULL anyway, so there's > little point of checking whenever the calling user is root or not. Hey, thanks for actually following through. My dirty imagination was right, for one time :-) Actually this is an anti-pattern: trying to do a job in advance before the "right" architecture layer has a chance at doing a better job. More complexity, less functionality. regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlghmDQACgkQBcgs9XrR2kaAoACfTYpAbwbTnMVeqP6Dldyyo/M1 96sAn1VIzOsjtUpCFhQzuG/rvO2Ja/yA =LN4U -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Mon, 7 Nov 2016 23:48:53 + Lisi Reiszwrote: > > Speaking as a Jessie user, changing to root and using lsblk -f is > quicker and easier! Sure, but the OP said that's not an option. I think that the command Brian suggested: udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE used with every partition that is returned by cat /proc/partitions might be a good option for the OP. Regards Michael .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. Uncontrolled power will turn even saints into savages. And we can all be counted on to live down to our lowest impulses. -- Parmen, "Plato's Stepchildren", stardate 5784.3
Re: parted is ALMOST suitable
On Mon 07 Nov 2016 at 23:48:53 +, Lisi Reisz wrote: > On Monday 07 November 2016 19:15:50 Brian wrote: > > On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote: > > > On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote: > > > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f' > > > > shows all the fields populated. I wonder what Felipe Salvador is using? > > > > > > ~$ apt-show-versions util-linux > > > util-linux:amd64/testing 2.28.2-1 uptodate > > > > > > ~$ cat /etc/debian_version > > > stretch/sid > > > > This is my situation too. 'lsblk -f' works. If not working on Jessie is > > thought to be a bug it is hardly worth reporting to the BTS except as a > > wishlist bug. It is unlikely to be fixed for Jessie. > > > > Richard Owlett and others are fortunately left with two methods to > > identify a file system on a mounted or unmounted partition as a user. > > Certain operations on a Linux system may require root privileges; > > getting this information is not one of them. In fact, the information > > is also available in /run/udev and /run/blkid; so there is another two > > sources. > > Speaking as a Jessie user, changing to root and using lsblk -f is quicker and > easier! > > It is a remarkably useful command that I had not come across before. > (The -f). Thanks to those in this thread who have introduced it. I must > explore lsblk more fully. Yes, it is a useful command and a shame that FSTYPE, UUID, and LABEL are the only fields which need root to be displayed. It's likely #776905, which is fixed on testing/unstable. -- Brian.
Re: parted is ALMOST suitable
On Mon 07 Nov 2016 at 21:07:45 +0100, Pascal Hambourg wrote: > Le 07/11/2016 à 15:18, Richard Owlett a écrit : > >>> > >>> tomas@rasputin:~$ ls -al /dev/sd* > >>> brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda > >>> brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 > >>> brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 > >>> brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 > >>> > >>>So you'd have to be associated to the "disk" group to read those > >>>things and you'd have to *be* root to write. > > > >Evidently not a solution. Added myself to both "disk" and "root" groups. > >Had no effect when attempting to run either lsblk or parted. > > Did you start a new session after adding yourself to the group ? > New groups are only taken into account when opening a session. > FWIW, adding myself to the "disk" group and starting a new session worked > with lsblk -f. Didn't try parted. Is the suggestion to give a user raw access to disks a serious one? > >Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man > >page has a caution when not used as root, it seems to currently work on > >my immediately available Debian machine. > > Indeed blkid uses a cache file which is readable by everyone and is updated > by udev. A very useful observation. When blkid is run as root it creates the file /run/blkid/blkid.tab. A user running blkid only gets to see the contents of blkid.tab. There is no change to blkid.tab unless the command is run by root again. This makes /sbin/blkid useless as a user command for the purposes discussed in this thread. -- Brian.
Re: parted is ALMOST suitable
On Monday 07 November 2016 19:15:50 Brian wrote: > On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote: > > On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote: > > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f' > > > shows all the fields populated. I wonder what Felipe Salvador is using? > > > > ~$ apt-show-versions util-linux > > util-linux:amd64/testing 2.28.2-1 uptodate > > > > ~$ cat /etc/debian_version > > stretch/sid > > This is my situation too. 'lsblk -f' works. If not working on Jessie is > thought to be a bug it is hardly worth reporting to the BTS except as a > wishlist bug. It is unlikely to be fixed for Jessie. > > Richard Owlett and others are fortunately left with two methods to > identify a file system on a mounted or unmounted partition as a user. > Certain operations on a Linux system may require root privileges; > getting this information is not one of them. In fact, the information > is also available in /run/udev and /run/blkid; so there is another two > sources. Speaking as a Jessie user, changing to root and using lsblk -f is quicker and easier! It is a remarkably useful command that I had not come across before. (The -f). Thanks to those in this thread who have introduced it. I must explore lsblk more fully. Lisi
Re: parted is ALMOST suitable
Le 07/11/2016 à 15:18, Richard Owlett a écrit : tomas@rasputin:~$ ls -al /dev/sd* brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 So you'd have to be associated to the "disk" group to read those things and you'd have to *be* root to write. Evidently not a solution. Added myself to both "disk" and "root" groups. Had no effect when attempting to run either lsblk or parted. Did you start a new session after adding yourself to the group ? New groups are only taken into account when opening a session. FWIW, adding myself to the "disk" group and starting a new session worked with lsblk -f. Didn't try parted. Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man page has a caution when not used as root, it seems to currently work on my immediately available Debian machine. Indeed blkid uses a cache file which is readable by everyone and is updated by udev.
Re: parted is ALMOST suitable
On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote: > On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote: > > > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f' > > shows all the fields populated. I wonder what Felipe Salvador is using? > > ~$ apt-show-versions util-linux > util-linux:amd64/testing 2.28.2-1 uptodate > > ~$ cat /etc/debian_version > stretch/sid This is my situation too. 'lsblk -f' works. If not working on Jessie is thought to be a bug it is hardly worth reporting to the BTS except as a wishlist bug. It is unlikely to be fixed for Jessie. Richard Owlett and others are fortunately left with two methods to identify a file system on a mounted or unmounted partition as a user. Certain operations on a Linux system may require root privileges; getting this information is not one of them. In fact, the information is also available in /run/udev and /run/blkid; so there is another two sources. -- Brian.
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 07:59:56AM -0700, Joe Pfeiffer wrote: > Felipe Salvadorwrites: > > > On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: > >> On 11/7/2016 6:20 AM, Felipe Salvador wrote: > >> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > >> > > *HOWEVER* parted requires root privileges. That is not acceptable. > >> > > Suggestions? > >> > > TIA > >> > > >> > lsblk -fr ? > >> > > >> > >> Debian is perverse ;{ > >> man page suggested good things. > >> However when run as other than root, there is a column heading "FSTYPE". > > > >> It is blank for all partitions. > >> They are present when run as root. > >> Thanks for trying. > > > > I don't see this behaviour > > > > ~$ lsblk -fr > > NAME FSTYPE LABEL UUID MOUNTPOINT > > sda > > sda1 ext2 ... /boot > > sda2 ext4 ... / > > sda3 ext2 ... /tmp > > etc etc etc > > > > or > > > > file -s /dev/sda{1..5} | awk '{print $5}' > > I was just about to post a very similar followup when I discovered a > gaping security hole (really, about as big as it gets) on my machine: > > snowball:404$ ls -l /dev/sda2 > brw-rw-rw- 1 root root 8, 2 Nov 7 07:54 /dev/sda2 > > You might want to check your permissions as well brw-rw 1 root disk 8, 0 nov 7 11:00 /dev/sda I'm in the disk group -- Felipe Salvador
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote: > On Mon 07 Nov 2016 at 09:27:47 -0600, Richard Owlett wrote: > > > On 11/7/2016 8:19 AM, Felipe Salvador wrote: > > > > > >I don't see this behaviour > > > > > >~$ lsblk -fr > > >NAME FSTYPE LABEL UUID MOUNTPOINT > > >sda > > >sda1 ext2 ... /boot > > >sda2 ext4 ... / > > >sda3 ext2 ... /tmp > > >etc etc etc > > > > > >or > > > > > >file -s /dev/sda{1..5} | awk '{print $5}' > > > > richard@full-jessier:~$ lsblk -fr > > NAME FSTYPE LABEL UUID MOUNTPOINT > > sda > > sda1 > > sda2 > > sda5 > > sda6 > > sda7 > > sda8[SWAP] > > sda9/ > > sda10 > > sda11 > > sda12 > > sdb > > sdb1 > > sr0 > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f' > shows all the fields populated. I wonder what Felipe Salvador is using? ~$ apt-show-versions util-linux util-linux:amd64/testing 2.28.2-1 uptodate ~$ cat /etc/debian_version stretch/sid -- Felipe Salvador
Re: parted is ALMOST suitable
[snip] file -s /dev/sda{1..5} | awk '{print $5}' I was just about to post a very similar followup when I discovered a gaping security hole (really, about as big as it gets) on my machine: snowball:404$ ls -l /dev/sda2 brw-rw-rw- 1 root root 8, 2 Nov 7 07:54 /dev/sda2 I use stretch, but I have: $ ls -l /dev/sda2 brw-rw 1 root disk 8, 2 nov 7 07:37 /dev/sda2 You might want to check your permissions as well
Re: parted is ALMOST suitable
Hi. On Mon, Nov 07, 2016 at 04:05:17PM +0100, to...@tuxteam.de wrote: > On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote: > > I started writing that in my previous message, but then I actually > > tested it on my own system. Good thing I did, because I got the > > same result as Richard: being in group disk, which has read/write > > access on /dev/sda*, does NOT give you output in the FSTYPE and other > > fields of lsblk -f. It certainly surprised me. > > Indeed. I suspect lsblk is checking the user ID itself instead of > letting the OS do its thing. For whatever reasons I can't fathom. According to the source (util-linux-2.25.2), '-f' flag should add these to the output: add_column(columns, ncolumns++, COL_NAME); add_column(columns, ncolumns++, COL_FSTYPE); add_column(columns, ncolumns++, COL_LABEL); add_column(columns, ncolumns++, COL_UUID); add_column(columns, ncolumns++, COL_TARGET); To determine COL_FSTYPE, probe_device function is used. The definition of this function contains this little gem (getuid call): static void probe_device(struct blkdev_cxt *cxt) { ... /* try udev DB */ if (get_udev_properties(cxt) == 0) return; /* success */ cxt->probed = 1; /* try libblkid (fallback) */ if (getuid() != 0) return; /* no permissions to read from the device */ pr = blkid_new_probe_from_filename(cxt->filename); if (!pr) return; So whoever wrote this was either lazy or too smart or both, as blkid_new_probe_from_filename does this: blkid_probe blkid_new_probe_from_filename(const char *filename) { ... fd = open(filename, O_RDONLY|O_CLOEXEC); if (fd < 0) return NULL; I.e. insufficient device permissions will return NULL anyway, so there's little point of checking whenever the calling user is root or not. Reco
Re: parted is ALMOST suitable
On Monday 07 November 2016 14:48:29 Richard Owlett wrote: > On 11/7/2016 7:57 AM, to...@tuxteam.de wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote: > > > > [...] > > > >>> Debian is trying to protect you from someone taking over your... > >>> say Apache [...] > >> > >> My Debian machines do not physically have networking capability. > >> See my email hearder. Mr. Gates can handle some things ;/ > > > > No physical networking capability is needed for surprising things > > to happen. Spiritual network access may be enough (say playing a > > video file which carries a stack smashing exploit for your video > > player). > > > > I seem to discern in you the old DOS attitude which brought about > > a Golden Era of Virus (which is returning via the "The Browser is > > The Machine", mind you ;-) > > > > (please, don't take the above really seriously: but yes, many > > decisions behind all that permissions circus in Unix and children > > can be traced back to an effort to separate different things. > > If you let that concept sink in, you won't be surprised as often). > > I doubt that were are that far apart in goals. I'm so old > fashioned that I remember when the "cores" of core memory were > visible to the naked eye. My husband is so old fashioned that he insists on using cheques. The problem is that workmen et al don't like cheques. So I have taken to suggesting that he should pay me by cheque and I will pay the workmen electronically. I want them to work for us again!! Sometimes Richard, you have to accept that they have invented the quartz watch and not insist on using a wind up, then complaining when the local watch cleaner has closed down because everyone else has switched to quartz. Lisi
Re: parted is ALMOST suitable
Le septidi 17 brumaire, an CCXXV, Greg Wooledge a écrit : > There is a minuscule decrease > in efficiency when another directory in PATH has to be searched, but > it's probably not going to be noticeable. What will be noticeable, though, it the namespace pollution. For people using autocompletion extensively, adding hundreds of commands in the PATH has a very visible consequence, often requiring re-learning a few common keystrokes. Regards, -- Nicolas George signature.asc Description: Digital signature
Re: parted is ALMOST suitable
On Mon 07 Nov 2016 at 09:27:47 -0600, Richard Owlett wrote: > On 11/7/2016 8:19 AM, Felipe Salvador wrote: > > > >I don't see this behaviour > > > >~$ lsblk -fr > >NAME FSTYPE LABEL UUID MOUNTPOINT > >sda > >sda1 ext2 ... /boot > >sda2 ext4 ... / > >sda3 ext2 ... /tmp > >etc etc etc > > > >or > > > >file -s /dev/sda{1..5} | awk '{print $5}' > > richard@full-jessier:~$ lsblk -fr > NAME FSTYPE LABEL UUID MOUNTPOINT > sda > sda1 > sda2 > sda5 > sda6 > sda7 > sda8[SWAP] > sda9/ > sda10 > sda11 > sda12 > sdb > sdb1 > sr0 I get the same as you on Debian 8.6. On unstable the command 'lsblk -f' shows all the fields populated. I wonder what Felipe Salvador is using? At the least there is a little mystery. At the most it could be you have run across buggy behaviour. It appears to me that permissions, security, root privileges etc, etc have nothing to do with it. None of the information is security sensitive or requires root access and is available from elsewhere. For example: udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE This command is probably more useful than lsblk for use in scripts. -- Brian.
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 09:57:14AM -0600, Richard Owlett wrote: > In any case, off-list someone suggested using >/sbin/blkid /dev/sda* > That works. *BUT* I wonder about unknown implications of "/sbin" > being required if not explicitly running as root. It's simply because /sbin is not in your default PATH as a regular user. Most of the commands in /sbin require root privileges to do their jobs, but there are a few that don't, at least for certain limited parts of their jobs. (/sbin/ifconfig is probably the most famous.) If you want to run this command without root privileges, you can add /sbin to your PATH. This is not a security problem. It's just that most regular users don't need these commands. There is a minuscule decrease in efficiency when another directory in PATH has to be searched, but it's probably not going to be noticeable.
Re: parted is ALMOST suitable
On 11/7/2016 8:27 AM, Greg Wooledge wrote: On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote: Evidently not a solution. Added myself to both "disk" and "root" groups. Had no effect when attempting to run either lsblk or parted. Is there a reason you can't use sudo? Not a matter of "need" but of "desire". Sample output on my system at work: [*SNIP* You can even configure sudo not to prompt you for a password. Certain operations on a Linux system simply require root privileges, and your insistence on "not having to be root" is not rational. Over the last three score years rationality not questioned, but Prof. A. "This young man can be persistent." Prof. B. "Yes", looong pause "about what he wants to be." I was a youngster of 50 at the time. This group has drummed into me that root privileges are not to be taken lightly. My innate sense of "how things SHOULD work" shouts there should be finer control. In any case, off-list someone suggested using /sbin/blkid /dev/sda* That works. *BUT* I wonder about unknown implications of "/sbin" being required if not explicitly running as root.
Re: parted is ALMOST suitable
On 11/7/2016 8:19 AM, Felipe Salvador wrote: On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: On 11/7/2016 6:20 AM, Felipe Salvador wrote: On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? TIA lsblk -fr ? Debian is perverse ;{ man page suggested good things. However when run as other than root, there is a column heading "FSTYPE". It is blank for all partitions. They are present when run as root. Thanks for trying. I don't see this behaviour ~$ lsblk -fr NAME FSTYPE LABEL UUID MOUNTPOINT sda sda1 ext2 ... /boot sda2 ext4 ... / sda3 ext2 ... /tmp etc etc etc or file -s /dev/sda{1..5} | awk '{print $5}' richard@full-jessier:~$ lsblk -fr NAME FSTYPE LABEL UUID MOUNTPOINT sda sda1 sda2 sda5 sda6 sda7 sda8[SWAP] sda9/ sda10 sda11 sda12 sdb sdb1 sr0 richard@full-jessier:~$ su Password: root@full-jessier:/home/richard# lsblk -fr NAME FSTYPE LABEL UUID MOUNTPOINT sda sda1 ntfs Main ... sda2 sda5 ntfs Projects ... sda6 ntfs F_drive ... sda7 ntfs OldMachine ... sda8 swap ... sda9 ext4 full-jessie ... sda10 ext2 jessie-dvds ... sda11 ext2 myrepo ... sda12 ext2 poolbak ... I am using Debian 8.6.0 with MATE DE installed from purchased set of DVD's. For another project I had reason to verify the MD5SUMS of DVD1 and DVD2.
Re: parted is ALMOST suitable
Felipe Salvadorwrites: > On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: >> On 11/7/2016 6:20 AM, Felipe Salvador wrote: >> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: >> > > *HOWEVER* parted requires root privileges. That is not acceptable. >> > > Suggestions? >> > > TIA >> > >> > lsblk -fr ? >> > >> >> Debian is perverse ;{ >> man page suggested good things. >> However when run as other than root, there is a column heading "FSTYPE". > >> It is blank for all partitions. >> They are present when run as root. >> Thanks for trying. > > I don't see this behaviour > > ~$ lsblk -fr > NAME FSTYPE LABEL UUID MOUNTPOINT > sda > sda1 ext2 ... /boot > sda2 ext4 ... / > sda3 ext2 ... /tmp > etc etc etc > > or > > file -s /dev/sda{1..5} | awk '{print $5}' I was just about to post a very similar followup when I discovered a gaping security hole (really, about as big as it gets) on my machine: snowball:404$ ls -l /dev/sda2 brw-rw-rw- 1 root root 8, 2 Nov 7 07:54 /dev/sda2 You might want to check your permissions as well
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 08:48:29AM -0600, Richard Owlett wrote: > On 11/7/2016 7:57 AM, to...@tuxteam.de wrote: > >-BEGIN PGP SIGNED MESSAGE- > >Hash: SHA1 > > > >On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote: [...] > I doubt that were are that far apart in goals. I'm so old fashioned > that I remember when the "cores" of core memory were visible to the > naked eye. I missed that by a couple of years; my first programs were holes in paper, though :-) regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggmJgACgkQBcgs9XrR2kafwQCeKHrUn8oJeBRCbM5fOMDrrtZG J5cAn2XcQk6FwyFI3icrgMGDMT4oVI15 =Wn88 -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote: > On Mon, Nov 07, 2016 at 03:27:12PM +0100, to...@tuxteam.de wrote: > > Two things: [...] > I started writing that in my previous message, but then I actually > tested it on my own system. Good thing I did, because I got the > same result as Richard: being in group disk, which has read/write > access on /dev/sda*, does NOT give you output in the FSTYPE and other > fields of lsblk -f. It certainly surprised me. Indeed. I suspect lsblk is checking the user ID itself instead of letting the OS do its thing. For whatever reasons I can't fathom. regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggmC0ACgkQBcgs9XrR2kaXdgCfTQQDo3j7HF2GlTi5G9oxUhF2 BxsAnA2NxwiZjyEPDAREUeObLuVnwa7l =MReN -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On 11/7/2016 7:57 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote: [...] Debian is trying to protect you from someone taking over your... say Apache [...] My Debian machines do not physically have networking capability. See my email hearder. Mr. Gates can handle some things ;/ No physical networking capability is needed for surprising things to happen. Spiritual network access may be enough (say playing a video file which carries a stack smashing exploit for your video player). I seem to discern in you the old DOS attitude which brought about a Golden Era of Virus (which is returning via the "The Browser is The Machine", mind you ;-) (please, don't take the above really seriously: but yes, many decisions behind all that permissions circus in Unix and children can be traced back to an effort to separate different things. If you let that concept sink in, you won't be surprised as often). I doubt that were are that far apart in goals. I'm so old fashioned that I remember when the "cores" of core memory were visible to the naked eye.
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 03:27:12PM +0100, to...@tuxteam.de wrote: > Two things: > - check that your disk devices are actually readable (and probably >writable, I botched that, cf. David's mail) by group disk > - your being added to disk is effective *after* logging in after >you'd made the change; if you want to bypass it, there is the >command 'newgrp'; you can check which groups you are "in" by >issuing the command 'groups': 'disk' should be in there. I started writing that in my previous message, but then I actually tested it on my own system. Good thing I did, because I got the same result as Richard: being in group disk, which has read/write access on /dev/sda*, does NOT give you output in the FSTYPE and other fields of lsblk -f. It certainly surprised me. $ sudo adduser wooledg disk Adding user `wooledg' to group `disk' ... Adding user wooledg to group disk Done. $ su - wooledg -c 'LANG=C; id; lsblk -f' Password: uid=563(wooledg) gid=563(wooledg) groups=563(wooledg),6(disk),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev) NAME FSTYPE LABEL UUID MOUNTPOINT sda |-sda1 |-sda2 / `-sda3 [SWAP] sr0 Whatever lsblk wants in order to read the FSTYPE, I don't know, but group disk membership is not sufficient. (On jessie.) I still suggest just sucking it up and using sudo like a normal person.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 09:27:11AM -0500, Greg Wooledge wrote: > On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote: > > Evidently not a solution. Added myself to both "disk" and "root" > > groups. > > Had no effect when attempting to run either lsblk or parted. > > Is there a reason you can't use sudo? This is of course another option. Security-wise it's better than adding oneself to the relevant group(s), unless... > You can even configure sudo not to prompt you for a password. (rationale: if a rogue application tries to get to the disk with your user ID, you'd notice). regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggkH4ACgkQBcgs9XrR2kbcLQCfZ5um3dyGOwKFiMK0dDv77bqC 3UcAniQ02EBBjB06gRsf8g0AfHbHGWqy =pdTG -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote: > On 11/7/2016 7:25 AM, Richard Owlett wrote: > >On 11/7/2016 6:47 AM, to...@tuxteam.de wrote: > >>-BEGIN PGP SIGNED MESSAGE- > >>Hash: SHA1 > >> > >>On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > >>>I need to identify file system on all partitions of my hard drive > >>>whether mounted or not. > >>> parted /dev/sda print | grep ext | grep -v exte > >>>reports the desired information [partitions formatted ext?] in a > >>>convenient format. > >>>*HOWEVER* parted requires root privileges. That is not > >>>acceptable. > >>>Suggestions? > >> > >>It's not parted. It's the partitions themselves (or more > >>accurately, > >>the devices via which your operating system makes the partitions > >>available to user space). By default (and there are some reasons > >>for it) they're not readable by everyone. They are writable by > >>even less. On my box, for example: > >> > >> tomas@rasputin:~$ ls -al /dev/sd* > >> brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda > >> brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 > >> brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 > >> brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 > >> > >>So you'd have to be associated to the "disk" group to read those > >>things and you'd have to *be* root to write. > > > >*THAT* sentence may be key to solving multiple problems. All of > >my installs have implicitly accepted default groups for user(s). > > Evidently not a solution. Added myself to both "disk" and "root" > groups. Two things: - check that your disk devices are actually readable (and probably writable, I botched that, cf. David's mail) by group disk - your being added to disk is effective *after* logging in after you'd made the change; if you want to bypass it, there is the command 'newgrp'; you can check which groups you are "in" by issuing the command 'groups': 'disk' should be in there. > Had no effect when attempting to run either lsblk or parted. How does "no effect" look like? Regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggj0AACgkQBcgs9XrR2kbk/QCaAkM8EhnABt49GQ1g4Kwj7Lbg 4NgAniIeHOs+yyk2L5G8Au3Le+prZM7J =pUD3 -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote: > Evidently not a solution. Added myself to both "disk" and "root" > groups. > Had no effect when attempting to run either lsblk or parted. Is there a reason you can't use sudo? Sample output on my system at work: $ lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT sda |-sda1 |-sda2 / `-sda3 [SWAP] sr0 $ sudo lsblk -f [sudo] password for wooledg: NAME FSTYPE LABEL UUID MOUNTPOINT sda |-sda1 ntfs Windows FE0EDCF30EDCA5C5 |-sda2 ext4 1a20ffb7-897c-4373-84c1-14089a6deab8 / `-sda3 swap b8d67062-8262-476d-9370-8166f7572fd3 [SWAP] sr0 You can even configure sudo not to prompt you for a password. Certain operations on a Linux system simply require root privileges, and your insistence on "not having to be root" is not rational.
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: > On 11/7/2016 6:20 AM, Felipe Salvador wrote: > > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > > > *HOWEVER* parted requires root privileges. That is not acceptable. > > > Suggestions? > > > TIA > > > > lsblk -fr ? > > > > Debian is perverse ;{ > man page suggested good things. > However when run as other than root, there is a column heading "FSTYPE". > It is blank for all partitions. > They are present when run as root. > Thanks for trying. I don't see this behaviour ~$ lsblk -fr NAME FSTYPE LABEL UUID MOUNTPOINT sda sda1 ext2 ... /boot sda2 ext4 ... / sda3 ext2 ... /tmp etc etc etc or file -s /dev/sda{1..5} | awk '{print $5}' -- Felipe Salvador
Re: parted is ALMOST suitable
On 11/7/2016 7:25 AM, Richard Owlett wrote: On 11/7/2016 6:47 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: I need to identify file system on all partitions of my hard drive whether mounted or not. parted /dev/sda print | grep ext | grep -v exte reports the desired information [partitions formatted ext?] in a convenient format. *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? It's not parted. It's the partitions themselves (or more accurately, the devices via which your operating system makes the partitions available to user space). By default (and there are some reasons for it) they're not readable by everyone. They are writable by even less. On my box, for example: tomas@rasputin:~$ ls -al /dev/sd* brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 So you'd have to be associated to the "disk" group to read those things and you'd have to *be* root to write. *THAT* sentence may be key to solving multiple problems. All of my installs have implicitly accepted default groups for user(s). Evidently not a solution. Added myself to both "disk" and "root" groups. Had no effect when attempting to run either lsblk or parted. Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man page has a caution when not used as root, it seems to currently work on my immediately available Debian machine. Same goes for lsblk (as has been recommended in this thread) or any other tool you might consider. That said, lsblk seems to be a better fit for your needs anyway. Parted has no problems running as a regular user if the (device) file under question is (readable/writable) by said user. It only tries to be helpful with some messages when it isn't running under root *and* encounters permission/owner conflicts. *That* might cause some confusion. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2 zgCfex3jBX/eggibGeXPZNm+YR7WzP8= =MMiF -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 08:02:30AM -0600, David Wright wrote: > On Mon 07 Nov 2016 at 13:47:27 (+0100), to...@tuxteam.de wrote: > > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > > > I need to identify file system on all partitions of my hard drive > > > whether mounted or not. > > > parted /dev/sda print | grep ext | grep -v exte > > > reports the desired information [partitions formatted ext?] in a > > > convenient format. > > > *HOWEVER* parted requires root privileges. That is not acceptable. > > > Suggestions? > > > > It's not parted. It's the partitions themselves (or more accurately, > > the devices via which your operating system makes the partitions > > available to user space). By default (and there are some reasons > > for it) they're not readable by everyone. They are writable by > > even less. On my box, for example: > > > > tomas@rasputin:~$ ls -al /dev/sd* > > brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda > > brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 > > brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 > > brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 > > > > So you'd have to be associated to the "disk" group to read those > > things and you'd have to *be* root to write. > > Are you sure? I read that as group disk having read *and* write access. Uh -- yes, you are right, of course. > Obviously the OP seems unworried about read-access by himself or > anyone else, so world-readable on pretty much everything might > be appropriate. > > Reading anything about a filesystem without going through the > normal access methods would appear to circumvent any file > protection scheme within it, so it's no surprise to me that > all the suggestions with lsblk etc have failed. Exactly. regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggif0ACgkQBcgs9XrR2kbJcgCdHYCJJion+5jcdZuULe0HQ/B6 myIAn099gufCMVEbXGrP7ko0ffX9OM8/ =I0Ki -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Mon 07 Nov 2016 at 13:47:27 (+0100), to...@tuxteam.de wrote: > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > > I need to identify file system on all partitions of my hard drive > > whether mounted or not. > > parted /dev/sda print | grep ext | grep -v exte > > reports the desired information [partitions formatted ext?] in a > > convenient format. > > *HOWEVER* parted requires root privileges. That is not acceptable. > > Suggestions? > > It's not parted. It's the partitions themselves (or more accurately, > the devices via which your operating system makes the partitions > available to user space). By default (and there are some reasons > for it) they're not readable by everyone. They are writable by > even less. On my box, for example: > > tomas@rasputin:~$ ls -al /dev/sd* > brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda > brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 > brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 > brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 > > So you'd have to be associated to the "disk" group to read those > things and you'd have to *be* root to write. Are you sure? I read that as group disk having read *and* write access. Obviously the OP seems unworried about read-access by himself or anyone else, so world-readable on pretty much everything might be appropriate. Reading anything about a filesystem without going through the normal access methods would appear to circumvent any file protection scheme within it, so it's no surprise to me that all the suggestions with lsblk etc have failed. Cheers, David.
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 07:25:33AM -0600, Richard Owlett wrote: [...] > >>*HOWEVER* parted requires root privileges. That is not acceptable. > >>Suggestions? [...] > >So you'd have to be associated to the "disk" group to read those > >things and you'd have to *be* root to write. > > *THAT* sentence may be key to solving multiple problems. All of my > installs have implicitly accepted default groups for user(s). sudo adduser myself disk might do that. regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggiPoACgkQBcgs9XrR2kbTsgCfV9uzYMV/rMqZAISqyzDB+3Zw OOEAnjhrRNsRRK94E9+5KZalYhA9p3cN =iUIM -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On Monday, November 07, 2016 07:11:50 AM Richard Owlett wrote: > I need to identify file system on all partitions of my hard drive > whether mounted or not. > parted /dev/sda print | grep ext | grep -v exte > reports the desired information [partitions formatted ext?] in a > convenient format. > *HOWEVER* parted requires root privileges. That is not acceptable. > Suggestions? > TIA This is probably irrelevant because parted doesn't seem to meet your needs anyway, but your parted command does not find encrypted partitions on my disk. (That could be bad or good ;-) (It also did not find an unmounted partition containing no filesystem, but that may be the behavior you desire.)
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote: [...] > >Debian is trying to protect you from someone taking over your... > >say Apache [...] > > My Debian machines do not physically have networking capability. > See my email hearder. Mr. Gates can handle some things ;/ No physical networking capability is needed for surprising things to happen. Spiritual network access may be enough (say playing a video file which carries a stack smashing exploit for your video player). I seem to discern in you the old DOS attitude which brought about a Golden Era of Virus (which is returning via the "The Browser is The Machine", mind you ;-) (please, don't take the above really seriously: but yes, many decisions behind all that permissions circus in Unix and children can be traced back to an effort to separate different things. If you let that concept sink in, you won't be surprised as often). regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggiFoACgkQBcgs9XrR2kZy7wCfRZaATrhbYIuH7TR0+LpFnPuO XYAAnivpYOSb36gdDW5LcArlKsW6p1vW =0lLZ -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On 11/7/2016 6:47 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: I need to identify file system on all partitions of my hard drive whether mounted or not. parted /dev/sda print | grep ext | grep -v exte reports the desired information [partitions formatted ext?] in a convenient format. *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? It's not parted. It's the partitions themselves (or more accurately, the devices via which your operating system makes the partitions available to user space). By default (and there are some reasons for it) they're not readable by everyone. They are writable by even less. On my box, for example: tomas@rasputin:~$ ls -al /dev/sd* brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 So you'd have to be associated to the "disk" group to read those things and you'd have to *be* root to write. *THAT* sentence may be key to solving multiple problems. All of my installs have implicitly accepted default groups for user(s). Same goes for lsblk (as has been recommended in this thread) or any other tool you might consider. That said, lsblk seems to be a better fit for your needs anyway. Parted has no problems running as a regular user if the (device) file under question is (readable/writable) by said user. It only tries to be helpful with some messages when it isn't running under root *and* encounters permission/owner conflicts. *That* might cause some confusion. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2 zgCfex3jBX/eggibGeXPZNm+YR7WzP8= =MMiF -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On 11/7/2016 6:51 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: On 11/7/2016 6:20 AM, Felipe Salvador wrote: On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? TIA lsblk -fr ? Debian is perverse ;{ Uh... aren't we all? Who? Me? You should have met a supervisor I had ~40 years ago. man page suggested good things. However when run as other than root, there is a column heading "FSTYPE". It is blank for all partitions. They are present when run as root. Perhaps it needs read access to the partition's content, which it only gets as root? (Or as group disk, as the case may be). Debian is trying to protect you from someone taking over your... say Apache and exfiltrating your most carefully kept secrets on your harddisk. Just imagine how embarrassing that will be when Wikileaks publishes that all! ;-D My Debian machines do not physically have networking capability. See my email hearder. Mr. Gates can handle some things ;/
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote: > On 11/7/2016 6:20 AM, Felipe Salvador wrote: > >On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > >>*HOWEVER* parted requires root privileges. That is not acceptable. > >>Suggestions? > >>TIA > > > >lsblk -fr ? > > > > Debian is perverse ;{ Uh... aren't we all? > man page suggested good things. > However when run as other than root, there is a column heading > "FSTYPE". > It is blank for all partitions. > They are present when run as root. Perhaps it needs read access to the partition's content, which it only gets as root? (Or as group disk, as the case may be). Debian is trying to protect you from someone taking over your... say Apache and exfiltrating your most carefully kept secrets on your harddisk. Just imagine how embarrassing that will be when Wikileaks publishes that all! ;-D regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlggeOgACgkQBcgs9XrR2kYfuACdHtFYRmuLtAPQ7ShPD8ZIJwB5 +hwAnj0J/pTjTpopjNck+DJ8Xb22K7m6 =qNZ4 -END PGP SIGNATURE-
Re: parted is ALMOST suitable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > I need to identify file system on all partitions of my hard drive > whether mounted or not. > parted /dev/sda print | grep ext | grep -v exte > reports the desired information [partitions formatted ext?] in a > convenient format. > *HOWEVER* parted requires root privileges. That is not acceptable. > Suggestions? It's not parted. It's the partitions themselves (or more accurately, the devices via which your operating system makes the partitions available to user space). By default (and there are some reasons for it) they're not readable by everyone. They are writable by even less. On my box, for example: tomas@rasputin:~$ ls -al /dev/sd* brw-rw 1 root disk 8, 0 Nov 7 09:06 /dev/sda brw-rw 1 root disk 8, 1 Nov 7 09:06 /dev/sda1 brw-rw 1 root disk 8, 2 Nov 7 09:06 /dev/sda2 brw-rw 1 root disk 8, 5 Nov 7 09:06 /dev/sda5 So you'd have to be associated to the "disk" group to read those things and you'd have to *be* root to write. Same goes for lsblk (as has been recommended in this thread) or any other tool you might consider. That said, lsblk seems to be a better fit for your needs anyway. Parted has no problems running as a regular user if the (device) file under question is (readable/writable) by said user. It only tries to be helpful with some messages when it isn't running under root *and* encounters permission/owner conflicts. *That* might cause some confusion. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2 zgCfex3jBX/eggibGeXPZNm+YR7WzP8= =MMiF -END PGP SIGNATURE-
Re: parted is ALMOST suitable
On 11/7/2016 6:20 AM, Felipe Salvador wrote: On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? TIA lsblk -fr ? Debian is perverse ;{ man page suggested good things. However when run as other than root, there is a column heading "FSTYPE". It is blank for all partitions. They are present when run as root. Thanks for trying.
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: I need to identify file system on all partitions of my hard drive whether mounted or not. parted /dev/sda print | grep ext | grep -v exte reports the desired information [partitions formatted ext?] in a convenient format. *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? parted probably wants root privileges because it is, by nature a PARTition EDitor. Try, instead, "lsblk" (in package util-linux), which will LiSt BLocK devices. I'm not immediately sure how to get it to show ONLY partitions, but the following seems to work: $ lsblk -l|awk 'NR==1||/part/' (or just "|grep part" if you don't care about seeing the header :) TIA -- For more information, please reread. signature.asc Description: PGP signature
Re: parted is ALMOST suitable
Op 07-11-16 om 13:11 schreef Richard Owlett: I need to identify file system on all partitions of my hard drive whether mounted or not. parted /dev/sda print | grep ext | grep -v exte reports the desired information [partitions formatted ext?] in a convenient format. *HOWEVER* parted requires root privileges. That is not acceptable. Suggestions? Have a look at lsblk. It has many possible output format settings (lsblk --help shows a list) and most of them are available without root privileges (a few aren't - don't remember which ones, though). Regards, Frank
Re: parted is ALMOST suitable
On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote: > *HOWEVER* parted requires root privileges. That is not acceptable. > Suggestions? > TIA lsblk -fr ? -- Felipe Salvador