Re: parted is ALMOST suitable

[Brian]

On Fri 11 Nov 2016 at 18:09:33 +0100, Pascal Hambourg wrote:

> Le 11/11/2016 à 17:24, Brian a écrit :
> >
> >As the manual says:
> >
> > CACHE_FILE=
> >   Overrides the standard location of the cache file. This setting
> >   can be overridden by the environment variable BLKID_FILE. Default
> >   is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a
> >   /run directory.
> 
> In Wheezy the man page does not mention /run, and there is no
> /run/blkid/blkid.tab.
> 
> >>However note that /dev/sdb* is owned by group "floppy" and my standard user
> >>account is a member of this group.
> >
> >If you are on Jessie (and have not altered any udev rules) you have a
> >broken system.
> 
> This computer runs Wheezy and I did not alter udev rules. Looks like things
> have changed with Jessie.

Wheezy has /etc/udev/rules.d/91-permissions.rules; Jessie doesn't.

This thread has a short discussion on gparted and bug #439409. The bug
report was submitted for Wheezy and the behaviour you observe formed
the basis of an argument. The bug report now has a different complexion
but has still not been updated to reflect the altered situation.

-- 
Brian.

Re: parted is ALMOST suitable

[Pascal Hambourg]

Le 11/11/2016 à 17:24, Brian a écrit :


As the manual says:

 CACHE_FILE=
   Overrides the standard location of the cache file. This setting
   can be overridden by the environment variable BLKID_FILE. Default
   is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a
   /run directory.


In Wheezy the man page does not mention /run, and there is no 
/run/blkid/blkid.tab.



However note that /dev/sdb* is owned by group "floppy" and my standard user
account is a member of this group.


If you are on Jessie (and have not altered any udev rules) you have a
broken system.


This computer runs Wheezy and I did not alter udev rules. Looks like 
things have changed with Jessie.

Re: parted is ALMOST suitable

[Brian]

On Fri 11 Nov 2016 at 15:38:07 +0100, Pascal Hambourg wrote:

> Le 08/11/2016 à 00:54, Brian a écrit :
> >
> >When blkid is run as root it creates the file
> >/run/blkid/blkid.tab. A user running blkid only gets to see the contents
> >of blkid.tab.
> 
> That does not appear to be completely correct.
> If I run blkid as a standard user after plugging a USB drive, it lists the
> USB drive partition, although blikd.tab was not modified.
> 
> $ /sbin/blkid | grep sdb
> /dev/sdb1: LABEL="USB DISK" UUID="48DB-E077" TYPE="vfat"
> 
> $ grep sdb /etc/blkid.tab || echo not found
> not found

As the manual says:

 CACHE_FILE=
   Overrides the standard location of the cache file. This setting
   can be overridden by the environment variable BLKID_FILE. Default
   is /run/blkid/blkid.tab, or /etc/blkid.tab on systems without a
   /run directory.
 
> However note that /dev/sdb* is owned by group "floppy" and my standard user
> account is a member of this group.

If you are on Jessie (and have not altered any udev rules) you have a
broken system. Please post the output of 'ls -l /etc/udev/rules.d'.

-- 
Brian.

Re: parted is ALMOST suitable

[Pascal Hambourg]

Le 08/11/2016 à 00:54, Brian a écrit :


When blkid is run as root it creates the file
/run/blkid/blkid.tab. A user running blkid only gets to see the contents
of blkid.tab.


That does not appear to be completely correct.
If I run blkid as a standard user after plugging a USB drive, it lists 
the USB drive partition, although blikd.tab was not modified.


$ /sbin/blkid | grep sdb
/dev/sdb1: LABEL="USB DISK" UUID="48DB-E077" TYPE="vfat"

$ grep sdb /etc/blkid.tab || echo not found
not found

However note that /dev/sdb* is owned by group "floppy" and my standard 
user account is a member of this group.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 04:56:36PM -0700, Joe Pfeiffer wrote:
> Brian  writes:

[...]

> >> Hopefully. But that's not because bash checks that (as parted is).
> >> It's because the permissions on the device file are set right!
> >
> > udev doesn't come into the picture for removable disks? It did on
> > pre-Jessie.
> 
> What is the relevance of udev here?  Yes, udev sets the permissions, but
> the issue is whether they're right not who sets them.

Exactly.

That was my take, too. It's udev's job to react to events generated by
the kernel and to set up things in user space (perms, symlinks, whatnot)
according to whatever policy the distro and the sysadmin have set up.

That's why the rules in /lib/udev (distribution) and /etc/udev (sysad,
override the distro's) exist. The kernel is no place to have those
rules, it's just the one enforcing them.

Layering, again :-)

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgkN10ACgkQBcgs9XrR2kbR+gCdEXRyxAM6+Wx/mcZ4FSxf4LMl
T1sAn0yMoDTouLMigQyXHLvUFpP+RCbe
=ijKP
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Joe Pfeiffer]

Brian  writes:

> On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote:
>
>> On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote:
>> > 
>> > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
>> > disk. It's the same for a removable disk. The system came like that.
>> 
>> Hopefully. But that's not because bash checks that (as parted is).
>> It's because the permissions on the device file are set right!
>
> udev doesn't come into the picture for removable disks? It did on
> pre-Jessie.

What is the relevance of udev here?  Yes, udev sets the permissions, but
the issue is whether they're right not who sets them.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 08:48:04PM +, Brian wrote:
> On Wed 09 Nov 2016 at 21:35:14 +0100, to...@tuxteam.de wrote:

[...]

> > Hm. Layering error.
> 
> Sorry. I'm unfamiliar with this term ("layering errors")

Sorry. Was meaning to say "layering violation": you design complex systems
in layers and try to take care of each aspect in the relevant layer. In
our case, the OS ("lower layer" of sorts) takes care of access control,
the application takes care of the user. This does away with subtle
irritations (in our case: "but the user *has* access permissions to
the block device, why...?) brought about by conflicting decisions
in different layers ("has explicitly to be UID 0" vs. "has to have
read or read/write access to the block device).

> and was just trying to point out that the basis on which the report was
> submitted is no longer valid and an additional report could make the
> point without relying on outdated ideas.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjkWgACgkQBcgs9XrR2kazcQCdFWjUKAkxdBKKnj8ONpNlJi1h
aRkAnievFzGn6TeACL0LcEC3Rlioc6LR
=Z5Jw
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 21:35:14 +0100, to...@tuxteam.de wrote:

> On Wed, Nov 09, 2016 at 05:38:01PM +, Brian wrote:
> > On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote:
> > 
> > > >> > Futzing with partitions is the admin's job.
> > > >> Could be, but it's not (g)parted's job to enforce these kinds of rules:
> 
> [...]
> 
> > > It costs extra code with at best no benefit.
> > 
> > A well-made couple of points. But a user being able to shoot himself
> > in his own foot with other tools as a way of bolstering the argument
> > doesn't bear close scrutiny nowadays.
> 
> But this should be taken care of by the device files having appropriate
> permissions. An /dev/sda having -rw-rw-rw- is asking for trouble, I
> think we all agree on this :-)

I hope so.

> >   Perhaps a reason for updating
> > the bug record to clarify what the issue is?
> 
> Hm. Layering error.

Sorry. I'm unfamiliar with this term ("layering errors") and was just
trying to point out that the basis on which the report was submitted is
no longer valid and an additional report could make the point without
relying on outdated ideas.

-- 
Brian.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 05:38:01PM +, Brian wrote:
> On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote:
> 
> > >> > Futzing with partitions is the admin's job.
> > >> Could be, but it's not (g)parted's job to enforce these kinds of rules:

[...]

> > It costs extra code with at best no benefit.
> 
> A well-made couple of points. But a user being able to shoot himself
> in his own foot with other tools as a way of bolstering the argument
> doesn't bear close scrutiny nowadays.

But this should be taken care of by the device files having appropriate
permissions. An /dev/sda having -rw-rw-rw- is asking for trouble, I
think we all agree on this :-)

>   Perhaps a reason for updating
> the bug record to clarify what the issue is?

Hm. Layering error.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjiIIACgkQBcgs9XrR2kbPQACeOgjjHNwDURiKeeI8id4iNn9i
eMsAn1rAkCgZXl3bL8MkzYwp0L27MeHA
=0fEr
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 06:29:32PM +, Brian wrote:

[...]

> Raw disk access to a device the user does not own *is* sacred.

YES! And the OS takes care of that part!

> Access to a device the user does own is up to the user.

Again: wholeheartedly, yes.

> Applications should not prevent that legitimate access taking
> place. Thank you for raising the disk image situation.

Seems we are in violent agreement :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjh70ACgkQBcgs9XrR2kYDbACfQXr6xzcSxZDyrEHuyB3hh5mv
kGAAnRFzgDDZkfTQowy+XN4hNhHNsiQF
=O5aX
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote:

> On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote:
> > On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:
> > 
> > > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > > > 
> > > > > >>> *HOWEVER* parted requires root privileges. That is not 
> > > > > >>> acceptable.
> > > > > >>> Suggestions?
> > > > > >>> TIA
> > > > > > Futzing with partitions is the admin's job.
> > > > > 
> > > > > Could be, but it's not (g)parted's job to enforce these kinds of 
> > > > > rules:
> > > > > that's what Unix permissions (and Linux's capabilities) are for.
> > > > > 
> > > > > It's OK to add a warning and prompt the user to make sure he really
> > > > > means to do that, but there's no point *preventing* the user from
> > > > > shooting his own foot with this tool if he can do it with other
> > > > > tools anyway.
> > > > 
> > > > Users here get no opportunity to shoot themselves or anyone else in the
> > > > foot. Access to raw disks is over my dead body. So I do not understand
> > > > your point.
> > > 
> > > C'mon. Cut the drama. Dead bodies and that.
> > 
> > It's a turn of phrase. Sometimes used with a touch of humour.
> > 
> > > As if "raw disk" were some kind of sacred stuff. In my case they are
> > > simple files on disk (disk images). Shall I have to become root every
> > > time I have to write a partition table to that? No. I just use fdisk.
> > > 
> > > It's the job of file (device) permissions to ensure that. Or are you
> > > going to patch around bash's redirection operator too, to keep "users"
> > > from shooting themselves in the foot by issuing
> > > 
> > >   echo "mumble" > /dev/sda2
> > > 
> > > Not really.
> > 
> > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
> > disk. It's the same for a removable disk. The system came like that.
> 
> Hopefully. But that's not because bash checks that (as parted is).
> It's because the permissions on the device file are set right!

udev doesn't come into the picture for removable disks? It did on
pre-Jessie.

> IOW, it's not the application's job (bash or parted), it's the OS's
> job (with the sysadmin's help) to check access permissions.
> 
> BTW it's very easy to fool the application itself (and this migh be
> a perverse "solution" to Richard's problem). Just run gparted under
> fakeroot. It won't convey you read/write permissions you don't have,
> but it will fool gparted to think it's running as root:

Would you please give an example of when it is possible to fool the
application and obtain somthing you otherwise wouldn't obtain as a
user.

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 08:10:37 -0600, Richard Owlett wrote:

> On 11/9/2016 4:27 AM, to...@tuxteam.de wrote:
> >[*SNIP*]
> >
> >BTW it's very easy to fool the application itself (and this might be
> >a perverse "solution" to Richard's problem). Just run gparted under
> >fakeroot. It won't convey you read/write permissions you don't have,
> >but it will fool gparted to think it's running as root:
> 
> That may do the trick. Especially as what I wanted was descriptive
> information concerning the physical partition and wanted it displayed in a
> convenient format. I was explicitly avoiding operations requiring root
> privileges to avoid "shooting self in foot".

'fakeroot gparted' will not do the trick for you. It is a dead end
solution for what you want.

-- 
Brian.

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:

> On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > 
> > > >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> > > >>> Suggestions?
> > > >>> TIA
> > > > Futzing with partitions is the admin's job.
> > > 
> > > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > > that's what Unix permissions (and Linux's capabilities) are for.
> > > 
> > > It's OK to add a warning and prompt the user to make sure he really
> > > means to do that, but there's no point *preventing* the user from
> > > shooting his own foot with this tool if he can do it with other
> > > tools anyway.
> > 
> > Users here get no opportunity to shoot themselves or anyone else in the
> > foot. Access to raw disks is over my dead body. So I do not understand
> > your point.
> 
> C'mon. Cut the drama. Dead bodies and that.

When I wrote that I had in mind the advice to put a user in the disk
group to get 'lsblk -f' to give a wanted output. It will work. It also
gives the user the opportunity to completely destroy the system with dd.
 
> As if "raw disk" were some kind of sacred stuff. In my case they are
> simple files on disk (disk images). Shall I have to become root every
> time I have to write a partition table to that? No. I just use fdisk.
> 
> It's the job of file (device) permissions to ensure that. Or are you
> going to patch around bash's redirection operator too, to keep "users"
> from shooting themselves in the foot by issuing
> 
>   echo "mumble" > /dev/sda2
> 
> Not really.

Raw disk access to a device the user does not own *is* sacred. Access
to a device the user does own is up to the user. Applications should not
prevent that legitimate access taking place. Thank you for raising the
disk image situation.

-- 
Brian.

Re: parted is ALMOST suitable

[Brian]

On Tue 08 Nov 2016 at 17:54:41 -0500, Stefan Monnier wrote:

> >> > Futzing with partitions is the admin's job.
> >> Could be, but it's not (g)parted's job to enforce these kinds of rules:
> >> that's what Unix permissions (and Linux's capabilities) are for.
> >> It's OK to add a warning and prompt the user to make sure he really
> >> means to do that, but there's no point *preventing* the user from
> >> shooting his own foot with this tool if he can do it with other
> >> tools anyway.
> 
> > Users here get no opportunity to shoot themselves or anyone else in the
> > foot.  Access to raw disks is over my dead body.
> 
> So your users don't have access rights to the raw disks?
> Great! then (g)parted doesn't need to check anything since the kernel
> will do that already.
> 
> > So I do not understand your point.
> 
> The fact that it checks if the user is UID 0 is either useless (because
> the user doesn't have write access to the device anyway, as should
> usually be the case for the real physical devices connected to the
> machine) or annoying (because it doesn't give any extra security since
> the user can shoot himself in the foot with any number of other tools
> anyway).
> 
> It costs extra code with at best no benefit.

A well-made couple of points. But a user being able to shoot himself
in his own foot with other tools as a way of bolstering the argument
doesn't bear close scrutiny nowadays. Perhaps a reason for updating
the bug record to clarify what the issue is?

-- 
Brian.

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 12:01:10 +0100, to...@tuxteam.de wrote:

> On Wed, Nov 09, 2016 at 10:45:52AM +, Brian wrote:
> 
> [...]
> 
> > I hope cfdisk is an acceptable alternative to gparted, which is not on
> > my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
> > Permission denied".
> 
> We are talking past each other, I think.
> 
> The above result is to be expected. I'm perfectly OK with that.
> You'd get that wih or without fakeroot (it doesn't convey powers
> to you you don't have. That feat would imply a gaping security
> hole in Linux. There are some, but the most obvious have been
> covered -- hopefully! long ago.
> 
> The point Stefan (and me) are trying to make is that *the application
> has no business in checking user permissions*, and parted is doing
> exactly that ("am I root?"). It's something to be left to the OS
> (try to open the device and catch an EACCESS error; translate that
> for the user. That's what cfdisk above *is* doing, and I'm fine
> with that!
> 
> *If* you happen to have read/write access to a device/file [1], then
> cfdisk would let you just go ahead (right behaviour), while gparted
> would stop you ("nyah nyah you aren' root" -- *wrong*).
> 
> [1] Stefan and me have given examples where that would make sense.

#439409 was filed in 2007 and in the context of repartiting an external
device. In 2011 the question was asked:

 > Are you sure that you can simply "cat /dev/sdg" on
 > your GNU/Linux distribution?

To which the answer was:

 > Huh?  Of course, I"m sure.

If the question had been asked after April 2014 and the release of udev
204-9 the answer would (or should) have been "no". The command can be
tried on Jessie. "Permission denied" is the result. This makes it
impossible for a user to cat a Debian ISO to a USB stick. That's also
the subject of a bug report. But nothing to do with gparted.

Granted that gparted should not be checking user permissions and there
is a case for having it stop doing so. However, ceasing to check if the
user is UID 0 doesn't get him anywhere (with an external device) unless
he or gparted can sneak past udev. A disk image as a file is a different
matter.

-- 
Brian.

Re: parted is ALMOST suitable

[Lisi Reisz]

On Tuesday 08 November 2016 20:49:08 Stefan Monnier wrote:
> > Feel free to weight in ;-)
>
>^^^
> No idea where this `t` came from,
>
>
> Stefan

There's a gremlin in your keyboard too, is there? ;-)

Lisi

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 10:45:52AM +, Brian wrote:

[...]

> I hope cfdisk is an acceptable alternative to gparted, which is not on
> my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
> Permission denied".

We are talking past each other, I think.

The above result is to be expected. I'm perfectly OK with that.
You'd get that wih or without fakeroot (it doesn't convey powers
to you you don't have. That feat would imply a gaping security
hole in Linux. There are some, but the most obvious have been
covered -- hopefully! long ago.

The point Stefan (and me) are trying to make is that *the application
has no business in checking user permissions*, and parted is doing
exactly that ("am I root?"). It's something to be left to the OS
(try to open the device and catch an EACCESS error; translate that
for the user. That's what cfdisk above *is* doing, and I'm fine
with that!

*If* you happen to have read/write access to a device/file [1], then
cfdisk would let you just go ahead (right behaviour), while gparted
would stop you ("nyah nyah you aren' root" -- *wrong*).

[1] Stefan and me have given examples where that would make sense.

- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgjAfYACgkQBcgs9XrR2kaPIwCeNf0Fb9cP5e4efUT3KoPrnK+V
87kAn0pivYKxpFwnQb0wa7i1rrpZdtsF
=FBNW
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 11:27:11 +0100, to...@tuxteam.de wrote:

> On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote:
> > On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:
> > 
> > > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > > > 
> > > > > >>> *HOWEVER* parted requires root privileges. That is not 
> > > > > >>> acceptable.
> > > > > >>> Suggestions?
> > > > > >>> TIA
> > > > > > Futzing with partitions is the admin's job.
> > > > > 
> > > > > Could be, but it's not (g)parted's job to enforce these kinds of 
> > > > > rules:
> > > > > that's what Unix permissions (and Linux's capabilities) are for.
> > > > > 
> > > > > It's OK to add a warning and prompt the user to make sure he really
> > > > > means to do that, but there's no point *preventing* the user from
> > > > > shooting his own foot with this tool if he can do it with other
> > > > > tools anyway.
> > > > 
> > > > Users here get no opportunity to shoot themselves or anyone else in the
> > > > foot. Access to raw disks is over my dead body. So I do not understand
> > > > your point.
> > > 
> > > C'mon. Cut the drama. Dead bodies and that.
> > 
> > It's a turn of phrase. Sometimes used with a touch of humour.
> > 
> > > As if "raw disk" were some kind of sacred stuff. In my case they are
> > > simple files on disk (disk images). Shall I have to become root every
> > > time I have to write a partition table to that? No. I just use fdisk.
> > > 
> > > It's the job of file (device) permissions to ensure that. Or are you
> > > going to patch around bash's redirection operator too, to keep "users"
> > > from shooting themselves in the foot by issuing
> > > 
> > >   echo "mumble" > /dev/sda2
> > > 
> > > Not really.
> > 
> > That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
> > disk. It's the same for a removable disk. The system came like that.
> 
> Hopefully. But that's not because bash checks that (as parted is).
> It's because the permissions on the device file are set right!
> 
> IOW, it's not the application's job (bash or parted), it's the OS's
> job (with the sysadmin's help) to check access permissions.
> 
> BTW it's very easy to fool the application itself (and this migh be
> a perverse "solution" to Richard's problem). Just run gparted under
> fakeroot. It won't convey you read/write permissions you don't have,
> but it will fool gparted to think it's running as root:

'fakeroot lsblk -f' gives the same output on Jessie as 'lsblk -f".
 
>   tomas@rasputin:~$ whoami
>   tomas
>   tomas@rasputin:~$ fakeroot whoami
>   root
>   tomas@rasputin:~$ 
> 
> So try running "fakeroot gparted" -- that might help. No need for
> elevated permissions :-)
> 
> Fakeroot is in the like-named package.

I hope cfdisk is an acceptable alternative to gparted, which is not on
my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
Permission denied".

-- 
Brian.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Nov 09, 2016 at 10:12:13AM +, Brian wrote:
> On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:
> 
> > On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > > 
> > > > >>> *HOWEVER* parted requires root privileges. That is not 
> > > > >>> acceptable.
> > > > >>> Suggestions?
> > > > >>> TIA
> > > > > Futzing with partitions is the admin's job.
> > > > 
> > > > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > > > that's what Unix permissions (and Linux's capabilities) are for.
> > > > 
> > > > It's OK to add a warning and prompt the user to make sure he really
> > > > means to do that, but there's no point *preventing* the user from
> > > > shooting his own foot with this tool if he can do it with other
> > > > tools anyway.
> > > 
> > > Users here get no opportunity to shoot themselves or anyone else in the
> > > foot. Access to raw disks is over my dead body. So I do not understand
> > > your point.
> > 
> > C'mon. Cut the drama. Dead bodies and that.
> 
> It's a turn of phrase. Sometimes used with a touch of humour.
> 
> > As if "raw disk" were some kind of sacred stuff. In my case they are
> > simple files on disk (disk images). Shall I have to become root every
> > time I have to write a partition table to that? No. I just use fdisk.
> > 
> > It's the job of file (device) permissions to ensure that. Or are you
> > going to patch around bash's redirection operator too, to keep "users"
> > from shooting themselves in the foot by issuing
> > 
> >   echo "mumble" > /dev/sda2
> > 
> > Not really.
> 
> That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
> disk. It's the same for a removable disk. The system came like that.

Hopefully. But that's not because bash checks that (as parted is).
It's because the permissions on the device file are set right!

IOW, it's not the application's job (bash or parted), it's the OS's
job (with the sysadmin's help) to check access permissions.

BTW it's very easy to fool the application itself (and this migh be
a perverse "solution" to Richard's problem). Just run gparted under
fakeroot. It won't convey you read/write permissions you don't have,
but it will fool gparted to think it's running as root:

  tomas@rasputin:~$ whoami
  tomas
  tomas@rasputin:~$ fakeroot whoami
  root
  tomas@rasputin:~$ 

So try running "fakeroot gparted" -- that might help. No need for
elevated permissions :-)

Fakeroot is in the like-named package.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi+f8ACgkQBcgs9XrR2kbsNgCggZ+IxtEt3EomY0RhA+erYApz
f2UAn3Big3UUWWJ7ZWhAG184NCu7EPvm
=YNug
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Brian]

On Wed 09 Nov 2016 at 09:48:01 +0100, to...@tuxteam.de wrote:

> On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> > On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> > 
> > > >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> > > >>> Suggestions?
> > > >>> TIA
> > > > Futzing with partitions is the admin's job.
> > > 
> > > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > > that's what Unix permissions (and Linux's capabilities) are for.
> > > 
> > > It's OK to add a warning and prompt the user to make sure he really
> > > means to do that, but there's no point *preventing* the user from
> > > shooting his own foot with this tool if he can do it with other
> > > tools anyway.
> > 
> > Users here get no opportunity to shoot themselves or anyone else in the
> > foot. Access to raw disks is over my dead body. So I do not understand
> > your point.
> 
> C'mon. Cut the drama. Dead bodies and that.

It's a turn of phrase. Sometimes used with a touch of humour.

> As if "raw disk" were some kind of sacred stuff. In my case they are
> simple files on disk (disk images). Shall I have to become root every
> time I have to write a partition table to that? No. I just use fdisk.
> 
> It's the job of file (device) permissions to ensure that. Or are you
> going to patch around bash's redirection operator too, to keep "users"
> from shooting themselves in the foot by issuing
> 
>   echo "mumble" > /dev/sda2
> 
> Not really.

That gives "-bash: /dev/sda2: Permission denied" for me with a fixed
disk. It's the same for a removable disk. The system came like that.

-- 
Brian.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 08, 2016 at 08:39:51PM +, Brian wrote:
> On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:
> 
> > >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> > >>> Suggestions?
> > >>> TIA
> > > Futzing with partitions is the admin's job.
> > 
> > Could be, but it's not (g)parted's job to enforce these kinds of rules:
> > that's what Unix permissions (and Linux's capabilities) are for.
> > 
> > It's OK to add a warning and prompt the user to make sure he really
> > means to do that, but there's no point *preventing* the user from
> > shooting his own foot with this tool if he can do it with other
> > tools anyway.
> 
> Users here get no opportunity to shoot themselves or anyone else in the
> foot. Access to raw disks is over my dead body. So I do not understand
> your point.

C'mon. Cut the drama. Dead bodies and that.

As if "raw disk" were some kind of sacred stuff. In my case they are
simple files on disk (disk images). Shall I have to become root every
time I have to write a partition table to that? No. I just use fdisk.

It's the job of file (device) permissions to ensure that. Or are you
going to patch around bash's redirection operator too, to keep "users"
from shooting themselves in the foot by issuing

  echo "mumble" > /dev/sda2

Not really.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi4sEACgkQBcgs9XrR2kZqqACfdO/MbOeWhqyJHco4uOlI9l35
2FkAn2FsqBIT+AYMWlqrS52IydW5dgU1
=fTKB
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Nov 08, 2016 at 02:41:45PM -0500, Stefan Monnier wrote:
> >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> >>> Suggestions?
> >>> TIA
> > Futzing with partitions is the admin's job.
> 
> Could be, but it's not (g)parted's job to enforce these kinds of rules:
> that's what Unix permissions (and Linux's capabilities) are for.
> 
> It's OK to add a warning and prompt the user to make sure he really
> means to do that, but there's no point *preventing* the user from
> shooting his own foot with this tool if he can do it with other
> tools anyway.
> 
> > fdisk also want's root (or
> > sudo). You want some user poking around in the disk(s)?
> 
> BTW, I have a pending bug report around this very same issue:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439409
> 
> Feel free to weight in ;-)

Done. For me "this is the way gparted is designed" sounds so
wrong on many levels that it took me a while to articulate
myself :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgi4EUACgkQBcgs9XrR2kZQIgCcDwa+lVLv8fFUrJhMq8URV4Xq
kzcAnRX6iNYN/fSKCe84iC/xWHkpJ5ZY
=xRqQ
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Stefan Monnier]

>> > Futzing with partitions is the admin's job.
>> Could be, but it's not (g)parted's job to enforce these kinds of rules:
>> that's what Unix permissions (and Linux's capabilities) are for.
>> It's OK to add a warning and prompt the user to make sure he really
>> means to do that, but there's no point *preventing* the user from
>> shooting his own foot with this tool if he can do it with other
>> tools anyway.

> Users here get no opportunity to shoot themselves or anyone else in the
> foot.  Access to raw disks is over my dead body.

So your users don't have access rights to the raw disks?
Great! then (g)parted doesn't need to check anything since the kernel
will do that already.

> So I do not understand your point.

The fact that it checks if the user is UID 0 is either useless (because
the user doesn't have write access to the device anyway, as should
usually be the case for the real physical devices connected to the
machine) or annoying (because it doesn't give any extra security since
the user can shoot himself in the foot with any number of other tools
anyway).

It costs extra code with at best no benefit.


Stefan

Re: parted is ALMOST suitable

[Stefan Monnier]

> Feel free to weight in ;-)
   ^^^
No idea where this `t` came from,


Stefan

Re: parted is ALMOST suitable

[Brian]

On Tue 08 Nov 2016 at 14:41:45 -0500, Stefan Monnier wrote:

> >>> *HOWEVER* parted requires root privileges. That is not acceptable.
> >>> Suggestions?
> >>> TIA
> > Futzing with partitions is the admin's job.
> 
> Could be, but it's not (g)parted's job to enforce these kinds of rules:
> that's what Unix permissions (and Linux's capabilities) are for.
> 
> It's OK to add a warning and prompt the user to make sure he really
> means to do that, but there's no point *preventing* the user from
> shooting his own foot with this tool if he can do it with other
> tools anyway.

Users here get no opportunity to shoot themselves or anyone else in the
foot. Access to raw disks is over my dead body. So I do not understand
your point.

-- 
Brian.

Re: Correction - Re: parted is ALMOST suitable

[Brian]

On Tue 08 Nov 2016 at 05:19:15 -0600, Richard Owlett wrote:

> On 11/8/2016 4:58 AM, Richard Owlett wrote:
> >[snip]
> >
> >Actually I now have two options, "udevadm info" and "/sbin/blkid".
> >>From Brian's comment on bug #776905, in future releases "blkid"
> >may be an option.
> 
> I'll have to modify that. Brian has stated in another sub-thread:
> >...  When blkid is run as root it creates the file
> >/run/blkid/blkid.tab. A user running blkid only gets to see the contents
> >of blkid.tab. There is no change to blkid.tab unless the command is run
> >by root again. This makes /sbin/blkid useless as a user command for the
> >purposes discussed in this thread.

I probably gave the impression somewhere in this narrative that blkid as
non-root was ok. It isn't; apologies. On Jessie you basically have only
the single choice of udevadm. But it is still a win. :)

-- 
Brian.

Re: parted is ALMOST suitable

[Brian]

On Tue 08 Nov 2016 at 06:40:26 -0600, David Wright wrote:

> On Tue 08 Nov 2016 at 04:58:05 (-0600), Richard Owlett wrote:
> > On 11/7/2016 8:36 PM, Michael Lange wrote:
> [...]
> > >I think that the command Brian suggested:
> > >
> > >  udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE
> > >
> > >used with every partition that is returned by
> > >
> > >   cat /proc/partitions
> > >
> > >might be a good option for the OP.
> > 
> > Actually I now have two options, "udevadm info" and "/sbin/blkid".
> > >From Brian's comment on bug #776905, in future releases "blkid"
> > may be an option.
> 
> You may find useful information in /run/udev/data/b8:0 etc
> without having to run any commands yourself. These files stay
> up to date as devices are plugged/unplugged.

I thought so too, but went off the idea when trying to figure out which
device was which and script it. udevadm (and lsblk) gets it information
from /run/udev/data/ anyway.

-- 
Brian.

Re: parted is ALMOST suitable

[Glenn English]

> On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
>> *HOWEVER* parted requires root privileges. That is not acceptable.
>> Suggestions?
>> TIA

Futzing with partitions is the admin's job. fdisk also want's root (or sudo). 
You want some user poking around in the disk(s)?

-- 
Glenn English

Re: parted is ALMOST suitable

[David Wright]

On Tue 08 Nov 2016 at 04:58:05 (-0600), Richard Owlett wrote:
> On 11/7/2016 8:36 PM, Michael Lange wrote:
[...]
> >I think that the command Brian suggested:
> >
> >  udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE
> >
> >used with every partition that is returned by
> >
> >   cat /proc/partitions
> >
> >might be a good option for the OP.
> 
> Actually I now have two options, "udevadm info" and "/sbin/blkid".
> >From Brian's comment on bug #776905, in future releases "blkid"
> may be an option.

You may find useful information in /run/udev/data/b8:0 etc
without having to run any commands yourself. These files stay
up to date as devices are plugged/unplugged.

Cheers,
David.

Correction - Re: parted is ALMOST suitable

[Richard Owlett]

On 11/8/2016 4:58 AM, Richard Owlett wrote:

[snip]

Actually I now have two options, "udevadm info" and "/sbin/blkid".

From Brian's comment on bug #776905, in future releases "blkid"

may be an option.


I'll have to modify that. Brian has stated in another sub-thread:

...  When blkid is run as root it creates the file
/run/blkid/blkid.tab. A user running blkid only gets to see the contents
of blkid.tab. There is no change to blkid.tab unless the command is run
by root again. This makes /sbin/blkid useless as a user command for the
purposes discussed in this thread.

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 5:54 PM, Brian wrote:

On Mon 07 Nov 2016 at 21:07:45 +0100, Pascal Hambourg wrote:


Le 07/11/2016 à 15:18, Richard Owlett a écrit :


   tomas@rasputin:~$ ls -al /dev/sd*
   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.


Evidently not a solution. Added myself to both "disk" and "root" groups.
Had no effect when attempting to run either lsblk or parted.


Did you start a new session after adding yourself to the group ?
New groups are only taken into account when opening a session.
FWIW, adding myself to the "disk" group and starting a new session worked
with lsblk -f. Didn't try parted.


Is the suggestion to give a user raw access to disks a serious one?


Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man
page has a caution when not used as root, it seems to currently work on
my immediately available Debian machine.


Indeed blkid uses a cache file which is readable by everyone and is updated
by udev.


A very useful observation. When blkid is run as root it creates the file
/run/blkid/blkid.tab. A user running blkid only gets to see the contents
of blkid.tab. There is no change to blkid.tab unless the command is run
by root again. This makes /sbin/blkid useless as a user command for the
purposes discussed in this thread.



I can confirm that on a fresh install /sbin/blkid does NOT return 
the desired information. However I do not recall running it as 
root before running it as user on the machine I had been using, 
so the may be other programs which create blkid.tab .

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 8:36 PM, Michael Lange wrote:

On Mon, 7 Nov 2016 23:48:53 +
Lisi Reisz  wrote:




Speaking as a Jessie user, changing to root and using lsblk -f is
quicker and easier!


Sure, but the OP said that's not an option.
I think that the command Brian suggested:

  udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE

used with every partition that is returned by

   cat /proc/partitions

might be a good option for the OP.

Regards

Michael



Actually I now have two options, "udevadm info" and "/sbin/blkid".
From Brian's comment on bug #776905, in future releases "blkid" 

may be an option.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:54:23PM +0300, Reco wrote:
>   Hi.
> 
> On Mon, Nov 07, 2016 at 04:05:17PM +0100, to...@tuxteam.de wrote:
> > On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote:
> > > I started writing that in my previous message, but then I actually
> > > tested it on my own system.  Good thing I did, because I got the
> > > same result as Richard: being in group disk, which has read/write
> > > access on /dev/sda*, does NOT give you output in the FSTYPE and other
> > > fields of lsblk -f.  It certainly surprised me.
> > 
> > Indeed. I suspect lsblk is checking the user ID itself instead of
> > letting the OS do its thing. For whatever reasons I can't fathom.

[...]

> The definition of this function contains this little gem (getuid call):

[...]

> /* try libblkid (fallback) */
> if (getuid() != 0)
> return; /* no permissions to read from the device */

[...]

> I.e. insufficient device permissions will return NULL anyway, so there's
> little point of checking whenever the calling user is root or not.

Hey, thanks for actually following through. My dirty imagination was
right, for one time :-)

Actually this is an anti-pattern: trying to do a job in advance before
the "right" architecture layer has a chance at doing a better job.
More complexity, less functionality.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlghmDQACgkQBcgs9XrR2kaAoACfTYpAbwbTnMVeqP6Dldyyo/M1
96sAn1VIzOsjtUpCFhQzuG/rvO2Ja/yA
=LN4U
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Michael Lange]

On Mon, 7 Nov 2016 23:48:53 +
Lisi Reisz  wrote:


> 
> Speaking as a Jessie user, changing to root and using lsblk -f is
> quicker and easier!

Sure, but the OP said that's not an option.
I think that the command Brian suggested:

 udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE

used with every partition that is returned by

  cat /proc/partitions

might be a good option for the OP.

Regards

Michael



.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Uncontrolled power will turn even saints into savages.  And we can all
be counted on to live down to our lowest impulses.
-- Parmen, "Plato's Stepchildren", stardate 5784.3

Re: parted is ALMOST suitable

[Brian]

On Mon 07 Nov 2016 at 23:48:53 +, Lisi Reisz wrote:

> On Monday 07 November 2016 19:15:50 Brian wrote:
> > On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote:
> > > On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote:
> > > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f'
> > > > shows all the fields populated. I wonder what Felipe Salvador is using?
> > >
> > > ~$ apt-show-versions util-linux
> > > util-linux:amd64/testing 2.28.2-1 uptodate
> > >
> > > ~$ cat /etc/debian_version
> > > stretch/sid
> >
> > This is my situation too. 'lsblk -f' works. If not working on Jessie is
> > thought to be a bug it is hardly worth reporting to the BTS except as a
> > wishlist bug. It is unlikely to be fixed for Jessie.
> >
> > Richard Owlett and others are fortunately left with two methods to
> > identify a file system on a mounted or unmounted partition as a user.
> > Certain operations on a Linux system may require root privileges;
> > getting this information is not one of them. In fact, the information
> > is also available in /run/udev and /run/blkid; so there is another two
> > sources.
> 
> Speaking as a Jessie user, changing to root and using lsblk -f is quicker and 
> easier!
> 
> It is a remarkably useful command that I had not come across before.  
> (The -f).  Thanks to those in this thread who have introduced it.  I must 
> explore lsblk more fully.

Yes, it is a useful command and a shame that FSTYPE, UUID, and LABEL are
the only fields which need root to be displayed. It's likely #776905,
which is fixed on testing/unstable.

-- 
Brian.

Re: parted is ALMOST suitable

[Brian]

On Mon 07 Nov 2016 at 21:07:45 +0100, Pascal Hambourg wrote:

> Le 07/11/2016 à 15:18, Richard Owlett a écrit :
> >>>
> >>>   tomas@rasputin:~$ ls -al /dev/sd*
> >>>   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
> >>>   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
> >>>   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
> >>>   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> >>>
> >>>So you'd have to be associated to the "disk" group to read those
> >>>things and you'd have to *be* root to write.
> >
> >Evidently not a solution. Added myself to both "disk" and "root" groups.
> >Had no effect when attempting to run either lsblk or parted.
> 
> Did you start a new session after adding yourself to the group ?
> New groups are only taken into account when opening a session.
> FWIW, adding myself to the "disk" group and starting a new session worked
> with lsblk -f. Didn't try parted.

Is the suggestion to give a user raw access to disks a serious one?

> >Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man
> >page has a caution when not used as root, it seems to currently work on
> >my immediately available Debian machine.
> 
> Indeed blkid uses a cache file which is readable by everyone and is updated
> by udev.

A very useful observation. When blkid is run as root it creates the file
/run/blkid/blkid.tab. A user running blkid only gets to see the contents
of blkid.tab. There is no change to blkid.tab unless the command is run
by root again. This makes /sbin/blkid useless as a user command for the
purposes discussed in this thread.

-- 
Brian. 

Re: parted is ALMOST suitable

[Lisi Reisz]

On Monday 07 November 2016 19:15:50 Brian wrote:
> On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote:
> > On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote:
> > > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f'
> > > shows all the fields populated. I wonder what Felipe Salvador is using?
> >
> > ~$ apt-show-versions util-linux
> > util-linux:amd64/testing 2.28.2-1 uptodate
> >
> > ~$ cat /etc/debian_version
> > stretch/sid
>
> This is my situation too. 'lsblk -f' works. If not working on Jessie is
> thought to be a bug it is hardly worth reporting to the BTS except as a
> wishlist bug. It is unlikely to be fixed for Jessie.
>
> Richard Owlett and others are fortunately left with two methods to
> identify a file system on a mounted or unmounted partition as a user.
> Certain operations on a Linux system may require root privileges;
> getting this information is not one of them. In fact, the information
> is also available in /run/udev and /run/blkid; so there is another two
> sources.

Speaking as a Jessie user, changing to root and using lsblk -f is quicker and 
easier!

It is a remarkably useful command that I had not come across before.  
(The -f).  Thanks to those in this thread who have introduced it.  I must 
explore lsblk more fully.

Lisi

Re: parted is ALMOST suitable

[Pascal Hambourg]

Le 07/11/2016 à 15:18, Richard Owlett a écrit :


   tomas@rasputin:~$ ls -al /dev/sd*
   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.


Evidently not a solution. Added myself to both "disk" and "root" groups.
Had no effect when attempting to run either lsblk or parted.


Did you start a new session after adding yourself to the group ?
New groups are only taken into account when opening a session.
FWIW, adding myself to the "disk" group and starting a new session 
worked with lsblk -f. Didn't try parted.



Off-list it was suggested I try /sbin/blkid /dev/sda. Although the man
page has a caution when not used as root, it seems to currently work on
my immediately available Debian machine.


Indeed blkid uses a cache file which is readable by everyone and is 
updated by udev.

Re: parted is ALMOST suitable

[Brian]

On Mon 07 Nov 2016 at 18:42:37 +0100, Felipe Salvador wrote:

> On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote:
> > 
> > I get the same as you on Debian 8.6. On unstable the command 'lsblk -f'
> > shows all the fields populated. I wonder what Felipe Salvador is using?
> 
> ~$ apt-show-versions util-linux
> util-linux:amd64/testing 2.28.2-1 uptodate
> 
> ~$ cat /etc/debian_version
> stretch/sid

This is my situation too. 'lsblk -f' works. If not working on Jessie is
thought to be a bug it is hardly worth reporting to the BTS except as a
wishlist bug. It is unlikely to be fixed for Jessie.

Richard Owlett and others are fortunately left with two methods to
identify a file system on a mounted or unmounted partition as a user.
Certain operations on a Linux system may require root privileges;
getting this information is not one of them. In fact, the information
is also available in /run/udev and /run/blkid; so there is another two
sources.

-- 
Brian.

Re: parted is ALMOST suitable

[Felipe Salvador]

On Mon, Nov 07, 2016 at 07:59:56AM -0700, Joe Pfeiffer wrote:
> Felipe Salvador  writes:
> 
> > On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:
> >> On 11/7/2016 6:20 AM, Felipe Salvador wrote:
> >> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> >> > > *HOWEVER* parted requires root privileges. That is not acceptable.
> >> > > Suggestions?
> >> > > TIA
> >> > 
> >> > lsblk -fr ?
> >> > 
> >> 
> >> Debian is perverse ;{
> >> man page suggested good things.
> >> However when run as other than root, there is a column heading "FSTYPE".
> >
> >> It is blank for all partitions.
> >> They are present when run as root.
> >> Thanks for trying.
> >
> > I don't see this behaviour
> >
> > ~$ lsblk -fr
> > NAME FSTYPE LABEL UUID MOUNTPOINT
> > sda
> > sda1 ext2  ... /boot
> > sda2 ext4  ... /
> > sda3 ext2  ... /tmp
> > etc etc etc
> >
> > or
> >
> > file -s /dev/sda{1..5} | awk '{print $5}'
> 
> I was just about to post a very similar followup when I discovered a
> gaping security hole (really, about as big as it gets) on my machine:
> 
> snowball:404$ ls -l /dev/sda2
> brw-rw-rw- 1 root root 8, 2 Nov  7 07:54 /dev/sda2
> 
> You might want to check your permissions as well

brw-rw 1 root disk 8, 0 nov  7 11:00 /dev/sda

I'm in the disk group

-- 
Felipe Salvador

Re: parted is ALMOST suitable

[Felipe Salvador]

On Mon, Nov 07, 2016 at 04:09:24PM +, Brian wrote:
> On Mon 07 Nov 2016 at 09:27:47 -0600, Richard Owlett wrote:
> 
> > On 11/7/2016 8:19 AM, Felipe Salvador wrote:
> > >
> > >I don't see this behaviour
> > >
> > >~$ lsblk -fr
> > >NAME FSTYPE LABEL UUID MOUNTPOINT
> > >sda
> > >sda1 ext2  ... /boot
> > >sda2 ext4  ... /
> > >sda3 ext2  ... /tmp
> > >etc etc etc
> > >
> > >or
> > >
> > >file -s /dev/sda{1..5} | awk '{print $5}'
> > 
> > richard@full-jessier:~$ lsblk -fr
> > NAME FSTYPE LABEL UUID MOUNTPOINT
> > sda
> > sda1
> > sda2
> > sda5
> > sda6
> > sda7
> > sda8[SWAP]
> > sda9/
> > sda10
> > sda11
> > sda12
> > sdb
> > sdb1
> > sr0
> 
> I get the same as you on Debian 8.6. On unstable the command 'lsblk -f'
> shows all the fields populated. I wonder what Felipe Salvador is using?

~$ apt-show-versions util-linux
util-linux:amd64/testing 2.28.2-1 uptodate

~$ cat /etc/debian_version
stretch/sid


-- 
Felipe Salvador

Re: parted is ALMOST suitable

[Aldo Maggi]

[snip]


file -s /dev/sda{1..5} | awk '{print $5}'


I was just about to post a very similar followup when I discovered a
gaping security hole (really, about as big as it gets) on my machine:

snowball:404$ ls -l /dev/sda2
brw-rw-rw- 1 root root 8, 2 Nov  7 07:54 /dev/sda2


I use stretch, but I have:

$ ls -l /dev/sda2
brw-rw 1 root disk 8, 2 nov  7 07:37 /dev/sda2


You might want to check your permissions as well

Re: parted is ALMOST suitable

[Reco]

Hi.

On Mon, Nov 07, 2016 at 04:05:17PM +0100, to...@tuxteam.de wrote:
> On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote:
> > I started writing that in my previous message, but then I actually
> > tested it on my own system.  Good thing I did, because I got the
> > same result as Richard: being in group disk, which has read/write
> > access on /dev/sda*, does NOT give you output in the FSTYPE and other
> > fields of lsblk -f.  It certainly surprised me.
> 
> Indeed. I suspect lsblk is checking the user ID itself instead of
> letting the OS do its thing. For whatever reasons I can't fathom.

According to the source (util-linux-2.25.2), '-f' flag should add these
to the output:

add_column(columns, ncolumns++, COL_NAME);
add_column(columns, ncolumns++, COL_FSTYPE);
add_column(columns, ncolumns++, COL_LABEL);
add_column(columns, ncolumns++, COL_UUID);
add_column(columns, ncolumns++, COL_TARGET);


To determine COL_FSTYPE, probe_device function is used.
The definition of this function contains this little gem (getuid call):

static void probe_device(struct blkdev_cxt *cxt)
{
...

/* try udev DB */
if (get_udev_properties(cxt) == 0)
return; /* success */

cxt->probed = 1;

/* try libblkid (fallback) */
if (getuid() != 0)
return; /* no permissions to read from the device */

pr = blkid_new_probe_from_filename(cxt->filename);
if (!pr)
return;

So whoever wrote this was either lazy or too smart or both, as
blkid_new_probe_from_filename does this:

blkid_probe blkid_new_probe_from_filename(const char *filename)
{
...

fd = open(filename, O_RDONLY|O_CLOEXEC);
if (fd < 0)
return NULL;

I.e. insufficient device permissions will return NULL anyway, so there's
little point of checking whenever the calling user is root or not.

Reco

Re: parted is ALMOST suitable

[Lisi Reisz]

On Monday 07 November 2016 14:48:29 Richard Owlett wrote:
> On 11/7/2016 7:57 AM, to...@tuxteam.de wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:
> >
> > [...]
> >
> >>> Debian is trying to protect you from someone taking over your...
> >>> say Apache [...]
> >>
> >> My Debian machines do not physically have networking capability.
> >> See my email hearder. Mr. Gates can handle some things ;/
> >
> > No physical networking capability is needed for surprising things
> > to happen. Spiritual network access may be enough (say playing a
> > video file which carries a stack smashing exploit for your video
> > player).
> >
> > I seem to discern in you the old DOS attitude which brought about
> > a Golden Era of Virus (which is returning via the "The Browser is
> > The Machine", mind you ;-)
> >
> > (please, don't take the above really seriously: but yes, many
> > decisions behind all that permissions circus in Unix and children
> > can be traced back to an effort to separate different things.
> > If you let that concept sink in, you won't be surprised as often).
>
> I doubt that were are that far apart in goals. I'm so old
> fashioned that I remember when the "cores" of core memory were
> visible to the naked eye.

My husband is so old fashioned that he insists on using cheques.  The problem 
is that workmen et al don't like cheques.  So I have taken to suggesting that 
he should pay me by cheque and I will pay the workmen electronically.  I want 
them to work for us again!!

Sometimes Richard, you have to accept that they have invented the quartz watch 
and not insist on using a wind up, then complaining when the local watch 
cleaner has closed down because everyone else has switched to quartz.

Lisi

Re: parted is ALMOST suitable

[Nicolas George]

Le septidi 17 brumaire, an CCXXV, Greg Wooledge a écrit :
>   There is a minuscule decrease
> in efficiency when another directory in PATH has to be searched, but
> it's probably not going to be noticeable.

What will be noticeable, though, it the namespace pollution. For people
using autocompletion extensively, adding hundreds of commands in the
PATH has a very visible consequence, often requiring re-learning a few
common keystrokes.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: parted is ALMOST suitable

[Brian]

On Mon 07 Nov 2016 at 09:27:47 -0600, Richard Owlett wrote:

> On 11/7/2016 8:19 AM, Felipe Salvador wrote:
> >
> >I don't see this behaviour
> >
> >~$ lsblk -fr
> >NAME FSTYPE LABEL UUID MOUNTPOINT
> >sda
> >sda1 ext2  ... /boot
> >sda2 ext4  ... /
> >sda3 ext2  ... /tmp
> >etc etc etc
> >
> >or
> >
> >file -s /dev/sda{1..5} | awk '{print $5}'
> 
> richard@full-jessier:~$ lsblk -fr
> NAME FSTYPE LABEL UUID MOUNTPOINT
> sda
> sda1
> sda2
> sda5
> sda6
> sda7
> sda8[SWAP]
> sda9/
> sda10
> sda11
> sda12
> sdb
> sdb1
> sr0

I get the same as you on Debian 8.6. On unstable the command 'lsblk -f'
shows all the fields populated. I wonder what Felipe Salvador is using?

At the least there is a little mystery. At the most it could be you have
run across buggy behaviour.

It appears to me that permissions, security, root privileges etc, etc
have nothing to do with it. None of the information is security
sensitive or requires root access and is available from elsewhere. For
example:

 udevadm info --query=property --name=/dev/sda1 | grep ID_FS_TYPE

This command is probably more useful than lsblk for use in scripts.

-- 
Brian.

Re: parted is ALMOST suitable

[Greg Wooledge]

On Mon, Nov 07, 2016 at 09:57:14AM -0600, Richard Owlett wrote:
> In any case, off-list someone suggested using
>/sbin/blkid /dev/sda*
> That works. *BUT* I wonder about unknown implications of "/sbin" 
> being required if not explicitly running as root.

It's simply because /sbin is not in your default PATH as a regular user.
Most of the commands in /sbin require root privileges to do their jobs,
but there are a few that don't, at least for certain limited parts of
their jobs.  (/sbin/ifconfig is probably the most famous.)

If you want to run this command without root privileges, you can add
/sbin to your PATH.  This is not a security problem.  It's just that most
regular users don't need these commands.  There is a minuscule decrease
in efficiency when another directory in PATH has to be searched, but
it's probably not going to be noticeable.

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 8:27 AM, Greg Wooledge wrote:

On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:

Evidently not a solution. Added myself to both "disk" and "root"
groups.
Had no effect when attempting to run either lsblk or parted.


Is there a reason you can't use sudo?


Not a matter of "need" but of "desire".



Sample output on my system at work:
[*SNIP*
You can even configure sudo not to prompt you for a password.
Certain operations on a Linux system simply require root privileges,
and your insistence on "not having to be root" is not rational.



Over the last three score years rationality not questioned, but
   Prof. A.  "This young man can be persistent."
   Prof. B.  "Yes", looong pause "about what he wants to be."
I was a youngster of 50 at the time.

This group has drummed into me that root privileges are not to be 
taken lightly.
My innate sense of "how things SHOULD work" shouts there should 
be finer control.

In any case, off-list someone suggested using
   /sbin/blkid /dev/sda*
That works. *BUT* I wonder about unknown implications of "/sbin" 
being required if not explicitly running as root.

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 8:19 AM, Felipe Salvador wrote:

On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:

On 11/7/2016 6:20 AM, Felipe Salvador wrote:

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:

*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?
TIA


lsblk -fr ?



Debian is perverse ;{
man page suggested good things.
However when run as other than root, there is a column heading "FSTYPE".



It is blank for all partitions.
They are present when run as root.
Thanks for trying.


I don't see this behaviour

~$ lsblk -fr
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
sda1 ext2  ... /boot
sda2 ext4  ... /
sda3 ext2  ... /tmp
etc etc etc

or

file -s /dev/sda{1..5} | awk '{print $5}'


richard@full-jessier:~$ lsblk -fr
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
sda1
sda2
sda5
sda6
sda7
sda8[SWAP]
sda9/
sda10
sda11
sda12
sdb
sdb1
sr0
richard@full-jessier:~$ su
Password:
root@full-jessier:/home/richard# lsblk -fr
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
sda1 ntfs Main ...
sda2
sda5 ntfs Projects ...
sda6 ntfs F_drive ...
sda7 ntfs OldMachine ...
sda8 swap  ...
sda9 ext4 full-jessie ...
sda10 ext2 jessie-dvds ...
sda11 ext2 myrepo ...
sda12 ext2 poolbak ...

I am using Debian 8.6.0 with MATE DE installed from purchased set 
of DVD's.
For another project I had reason to verify the MD5SUMS of DVD1 
and DVD2.

Re: parted is ALMOST suitable

[Joe Pfeiffer]

Felipe Salvador  writes:

> On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:
>> On 11/7/2016 6:20 AM, Felipe Salvador wrote:
>> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
>> > > *HOWEVER* parted requires root privileges. That is not acceptable.
>> > > Suggestions?
>> > > TIA
>> > 
>> > lsblk -fr ?
>> > 
>> 
>> Debian is perverse ;{
>> man page suggested good things.
>> However when run as other than root, there is a column heading "FSTYPE".
>
>> It is blank for all partitions.
>> They are present when run as root.
>> Thanks for trying.
>
> I don't see this behaviour
>
> ~$ lsblk -fr
> NAME FSTYPE LABEL UUID MOUNTPOINT
> sda
> sda1 ext2  ... /boot
> sda2 ext4  ... /
> sda3 ext2  ... /tmp
> etc etc etc
>
> or
>
> file -s /dev/sda{1..5} | awk '{print $5}'

I was just about to post a very similar followup when I discovered a
gaping security hole (really, about as big as it gets) on my machine:

snowball:404$ ls -l /dev/sda2
brw-rw-rw- 1 root root 8, 2 Nov  7 07:54 /dev/sda2

You might want to check your permissions as well

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:48:29AM -0600, Richard Owlett wrote:
> On 11/7/2016 7:57 AM, to...@tuxteam.de wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:

[...]

> I doubt that were are that far apart in goals. I'm so old fashioned
> that I remember when the "cores" of core memory were visible to the
> naked eye.

I missed that by a couple of years; my first programs were holes
in paper, though :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggmJgACgkQBcgs9XrR2kafwQCeKHrUn8oJeBRCbM5fOMDrrtZG
J5cAn2XcQk6FwyFI3icrgMGDMT4oVI15
=Wn88
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 09:35:32AM -0500, Greg Wooledge wrote:
> On Mon, Nov 07, 2016 at 03:27:12PM +0100, to...@tuxteam.de wrote:
> > Two things:

[...]

> I started writing that in my previous message, but then I actually
> tested it on my own system.  Good thing I did, because I got the
> same result as Richard: being in group disk, which has read/write
> access on /dev/sda*, does NOT give you output in the FSTYPE and other
> fields of lsblk -f.  It certainly surprised me.

Indeed. I suspect lsblk is checking the user ID itself instead of
letting the OS do its thing. For whatever reasons I can't fathom.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggmC0ACgkQBcgs9XrR2kaXdgCfTQQDo3j7HF2GlTi5G9oxUhF2
BxsAnA2NxwiZjyEPDAREUeObLuVnwa7l
=MReN
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 7:57 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:

[...]


Debian is trying to protect you from someone taking over your...
say Apache [...]


My Debian machines do not physically have networking capability.
See my email hearder. Mr. Gates can handle some things ;/


No physical networking capability is needed for surprising things
to happen. Spiritual network access may be enough (say playing a
video file which carries a stack smashing exploit for your video
player).

I seem to discern in you the old DOS attitude which brought about
a Golden Era of Virus (which is returning via the "The Browser is
The Machine", mind you ;-)

(please, don't take the above really seriously: but yes, many
decisions behind all that permissions circus in Unix and children
can be traced back to an effort to separate different things.
If you let that concept sink in, you won't be surprised as often).



I doubt that were are that far apart in goals. I'm so old 
fashioned that I remember when the "cores" of core memory were 
visible to the naked eye.

Re: parted is ALMOST suitable

[Greg Wooledge]

On Mon, Nov 07, 2016 at 03:27:12PM +0100, to...@tuxteam.de wrote:
> Two things:
>  - check that your disk devices are actually readable (and probably
>writable, I botched that, cf. David's mail) by group disk
>  - your being added to disk is effective *after* logging in after
>you'd made the change; if you want to bypass it, there is the
>command 'newgrp'; you can check which groups you are "in" by
>issuing the command 'groups': 'disk' should be in there.

I started writing that in my previous message, but then I actually
tested it on my own system.  Good thing I did, because I got the
same result as Richard: being in group disk, which has read/write
access on /dev/sda*, does NOT give you output in the FSTYPE and other
fields of lsblk -f.  It certainly surprised me.

$ sudo adduser wooledg disk
Adding user `wooledg' to group `disk' ...
Adding user wooledg to group disk
Done.

$ su - wooledg -c 'LANG=C; id; lsblk -f'
Password: 
uid=563(wooledg) gid=563(wooledg) 
groups=563(wooledg),6(disk),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev)
NAME   FSTYPE LABEL UUID MOUNTPOINT
sda  
|-sda1   
|-sda2   /
`-sda3   [SWAP]
sr0  

Whatever lsblk wants in order to read the FSTYPE, I don't know, but
group disk membership is not sufficient.  (On jessie.)

I still suggest just sucking it up and using sudo like a normal person.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 09:27:11AM -0500, Greg Wooledge wrote:
> On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:
> > Evidently not a solution. Added myself to both "disk" and "root" 
> > groups.
> > Had no effect when attempting to run either lsblk or parted.
> 
> Is there a reason you can't use sudo?

This is of course another option. Security-wise it's better than
adding oneself to the relevant group(s), unless...

> You can even configure sudo not to prompt you for a password.

(rationale: if a rogue application tries to get to the disk with
your user ID, you'd notice).

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggkH4ACgkQBcgs9XrR2kbcLQCfZ5um3dyGOwKFiMK0dDv77bqC
3UcAniQ02EBBjB06gRsf8g0AfHbHGWqy
=pdTG
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:
> On 11/7/2016 7:25 AM, Richard Owlett wrote:
> >On 11/7/2016 6:47 AM, to...@tuxteam.de wrote:
> >>-BEGIN PGP SIGNED MESSAGE-
> >>Hash: SHA1
> >>
> >>On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> >>>I need to identify file system on all partitions of my hard drive
> >>>whether mounted or not.
> >>> parted /dev/sda print | grep ext | grep -v exte
> >>>reports the desired information [partitions formatted ext?] in a
> >>>convenient format.
> >>>*HOWEVER* parted requires root privileges. That is not
> >>>acceptable.
> >>>Suggestions?
> >>
> >>It's not parted. It's the partitions themselves (or more
> >>accurately,
> >>the devices via which your operating system makes the partitions
> >>available to user space). By default (and there are some reasons
> >>for it) they're not readable by everyone. They are writable by
> >>even less. On my box, for example:
> >>
> >>   tomas@rasputin:~$ ls -al /dev/sd*
> >>   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
> >>   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
> >>   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
> >>   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> >>
> >>So you'd have to be associated to the "disk" group to read those
> >>things and you'd have to *be* root to write.
> >
> >*THAT* sentence may be key to solving multiple problems. All of
> >my installs have implicitly accepted default groups for user(s).
> 
> Evidently not a solution. Added myself to both "disk" and "root"
> groups.

Two things:
 - check that your disk devices are actually readable (and probably
   writable, I botched that, cf. David's mail) by group disk
 - your being added to disk is effective *after* logging in after
   you'd made the change; if you want to bypass it, there is the
   command 'newgrp'; you can check which groups you are "in" by
   issuing the command 'groups': 'disk' should be in there.

> Had no effect when attempting to run either lsblk or parted.

How does "no effect" look like?

Regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggj0AACgkQBcgs9XrR2kbk/QCaAkM8EhnABt49GQ1g4Kwj7Lbg
4NgAniIeHOs+yyk2L5G8Au3Le+prZM7J
=pUD3
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Greg Wooledge]

On Mon, Nov 07, 2016 at 08:18:28AM -0600, Richard Owlett wrote:
> Evidently not a solution. Added myself to both "disk" and "root" 
> groups.
> Had no effect when attempting to run either lsblk or parted.

Is there a reason you can't use sudo?

Sample output on my system at work:

$ lsblk -f
NAME   FSTYPE LABEL UUID MOUNTPOINT
sda  
|-sda1   
|-sda2   /
`-sda3   [SWAP]
sr0  

$ sudo lsblk -f
[sudo] password for wooledg: 
NAME   FSTYPE LABEL   UUID MOUNTPOINT
sda
|-sda1 ntfs   Windows FE0EDCF30EDCA5C5 
|-sda2 ext4   1a20ffb7-897c-4373-84c1-14089a6deab8 /
`-sda3 swap   b8d67062-8262-476d-9370-8166f7572fd3 [SWAP]
sr0

You can even configure sudo not to prompt you for a password.
Certain operations on a Linux system simply require root privileges,
and your insistence on "not having to be root" is not rational.

Re: parted is ALMOST suitable

[Felipe Salvador]

On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:
> On 11/7/2016 6:20 AM, Felipe Salvador wrote:
> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> > > *HOWEVER* parted requires root privileges. That is not acceptable.
> > > Suggestions?
> > > TIA
> > 
> > lsblk -fr ?
> > 
> 
> Debian is perverse ;{
> man page suggested good things.
> However when run as other than root, there is a column heading "FSTYPE".

> It is blank for all partitions.
> They are present when run as root.
> Thanks for trying.

I don't see this behaviour

~$ lsblk -fr
NAME FSTYPE LABEL UUID MOUNTPOINT
sda
sda1 ext2  ... /boot
sda2 ext4  ... /
sda3 ext2  ... /tmp
etc etc etc

or

file -s /dev/sda{1..5} | awk '{print $5}'



-- 
Felipe Salvador

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 7:25 AM, Richard Owlett wrote:

On 11/7/2016 6:47 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:

I need to identify file system on all partitions of my hard drive
whether mounted or not.
 parted /dev/sda print | grep ext | grep -v exte
reports the desired information [partitions formatted ext?] in a
convenient format.
*HOWEVER* parted requires root privileges. That is not
acceptable.
Suggestions?


It's not parted. It's the partitions themselves (or more
accurately,
the devices via which your operating system makes the partitions
available to user space). By default (and there are some reasons
for it) they're not readable by everyone. They are writable by
even less. On my box, for example:

   tomas@rasputin:~$ ls -al /dev/sd*
   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.


*THAT* sentence may be key to solving multiple problems. All of
my installs have implicitly accepted default groups for user(s).


Evidently not a solution. Added myself to both "disk" and "root" 
groups.

Had no effect when attempting to run either lsblk or parted.

Off-list it was suggested I try /sbin/blkid /dev/sda. Although 
the man page has a caution when not used as root, it seems to 
currently work on my immediately available Debian machine.






Same goes for lsblk (as has been recommended in this thread) or
any other tool you might consider. That said, lsblk seems to be
a better fit for your needs anyway.

Parted has no problems running as a regular user if the (device)
file under question is (readable/writable) by said user. It only
tries to be helpful with some messages when it isn't running under
root *and* encounters permission/owner conflicts. *That* might
cause some confusion.

Regards
- -- tomás

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2
zgCfex3jBX/eggibGeXPZNm+YR7WzP8=
=MMiF
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 08:02:30AM -0600, David Wright wrote:
> On Mon 07 Nov 2016 at 13:47:27 (+0100), to...@tuxteam.de wrote:
> > On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> > > I need to identify file system on all partitions of my hard drive
> > > whether mounted or not.
> > > parted /dev/sda print | grep ext | grep -v exte
> > > reports the desired information [partitions formatted ext?] in a
> > > convenient format.
> > > *HOWEVER* parted requires root privileges. That is not acceptable.
> > > Suggestions?
> > 
> > It's not parted. It's the partitions themselves (or more accurately,
> > the devices via which your operating system makes the partitions
> > available to user space). By default (and there are some reasons
> > for it) they're not readable by everyone. They are writable by
> > even less. On my box, for example:
> > 
> >   tomas@rasputin:~$ ls -al /dev/sd*
> >   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
> >   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
> >   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
> >   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> > 
> > So you'd have to be associated to the "disk" group to read those
> > things and you'd have to *be* root to write.
> 
> Are you sure? I read that as group disk having read *and* write access.

Uh -- yes, you are right, of course.

> Obviously the OP seems unworried about read-access by himself or
> anyone else, so world-readable on pretty much everything might
> be appropriate.
> 
> Reading anything about a filesystem without going through the
> normal access methods would appear to circumvent any file
> protection scheme within it, so it's no surprise to me that
> all the suggestions with lsblk etc have failed.

Exactly.

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggif0ACgkQBcgs9XrR2kbJcgCdHYCJJion+5jcdZuULe0HQ/B6
myIAn099gufCMVEbXGrP7ko0ffX9OM8/
=I0Ki
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[David Wright]

On Mon 07 Nov 2016 at 13:47:27 (+0100), to...@tuxteam.de wrote:
> On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> > I need to identify file system on all partitions of my hard drive
> > whether mounted or not.
> > parted /dev/sda print | grep ext | grep -v exte
> > reports the desired information [partitions formatted ext?] in a
> > convenient format.
> > *HOWEVER* parted requires root privileges. That is not acceptable.
> > Suggestions?
> 
> It's not parted. It's the partitions themselves (or more accurately,
> the devices via which your operating system makes the partitions
> available to user space). By default (and there are some reasons
> for it) they're not readable by everyone. They are writable by
> even less. On my box, for example:
> 
>   tomas@rasputin:~$ ls -al /dev/sd*
>   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
>   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
>   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
>   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5
> 
> So you'd have to be associated to the "disk" group to read those
> things and you'd have to *be* root to write.

Are you sure? I read that as group disk having read *and* write access.

Obviously the OP seems unworried about read-access by himself or
anyone else, so world-readable on pretty much everything might
be appropriate.

Reading anything about a filesystem without going through the
normal access methods would appear to circumvent any file
protection scheme within it, so it's no surprise to me that
all the suggestions with lsblk etc have failed.

Cheers,
David.

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:25:33AM -0600, Richard Owlett wrote:

[...]

> >>*HOWEVER* parted requires root privileges. That is not acceptable.
> >>Suggestions?

[...]

> >So you'd have to be associated to the "disk" group to read those
> >things and you'd have to *be* root to write.
> 
> *THAT* sentence may be key to solving multiple problems. All of my
> installs have implicitly accepted default groups for user(s).

sudo adduser myself disk

might do that.

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggiPoACgkQBcgs9XrR2kbTsgCfV9uzYMV/rMqZAISqyzDB+3Zw
OOEAnjhrRNsRRK94E9+5KZalYhA9p3cN
=iUIM
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[rhkramer]

On Monday, November 07, 2016 07:11:50 AM Richard Owlett wrote:
> I need to identify file system on all partitions of my hard drive
> whether mounted or not.
>  parted /dev/sda print | grep ext | grep -v exte
> reports the desired information [partitions formatted ext?] in a
> convenient format.
> *HOWEVER* parted requires root privileges. That is not acceptable.
> Suggestions?
> TIA

This is probably irrelevant because parted doesn't seem to meet your needs 
anyway, but your parted command does not find encrypted partitions on my disk.  
(That could be bad or good ;-)  (It also did not find an unmounted partition 
containing no filesystem, but that may be the behavior you desire.)

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 07:12:00AM -0600, Richard Owlett wrote:

[...]

> >Debian is trying to protect you from someone taking over your...
> >say Apache [...]
> 
> My Debian machines do not physically have networking capability.
> See my email hearder. Mr. Gates can handle some things ;/

No physical networking capability is needed for surprising things
to happen. Spiritual network access may be enough (say playing a
video file which carries a stack smashing exploit for your video
player).

I seem to discern in you the old DOS attitude which brought about
a Golden Era of Virus (which is returning via the "The Browser is
The Machine", mind you ;-)

(please, don't take the above really seriously: but yes, many
decisions behind all that permissions circus in Unix and children
can be traced back to an effort to separate different things.
If you let that concept sink in, you won't be surprised as often).

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggiFoACgkQBcgs9XrR2kZy7wCfRZaATrhbYIuH7TR0+LpFnPuO
XYAAnivpYOSb36gdDW5LcArlKsW6p1vW
=0lLZ
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 6:47 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:

I need to identify file system on all partitions of my hard drive
whether mounted or not.
 parted /dev/sda print | grep ext | grep -v exte
reports the desired information [partitions formatted ext?] in a
convenient format.
*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?


It's not parted. It's the partitions themselves (or more accurately,
the devices via which your operating system makes the partitions
available to user space). By default (and there are some reasons
for it) they're not readable by everyone. They are writable by
even less. On my box, for example:

   tomas@rasputin:~$ ls -al /dev/sd*
   brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
   brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
   brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
   brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.


*THAT* sentence may be key to solving multiple problems. All of 
my installs have implicitly accepted default groups for user(s).




Same goes for lsblk (as has been recommended in this thread) or
any other tool you might consider. That said, lsblk seems to be
a better fit for your needs anyway.

Parted has no problems running as a regular user if the (device)
file under question is (readable/writable) by said user. It only
tries to be helpful with some messages when it isn't running under
root *and* encounters permission/owner conflicts. *That* might
cause some confusion.

Regards
- -- tomás

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2
zgCfex3jBX/eggibGeXPZNm+YR7WzP8=
=MMiF
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 6:51 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:

On 11/7/2016 6:20 AM, Felipe Salvador wrote:

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:

*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?
TIA


lsblk -fr ?



Debian is perverse ;{


Uh... aren't we all?


Who? Me? You should have met a supervisor I had ~40 years ago.




man page suggested good things.
However when run as other than root, there is a column heading
"FSTYPE".
It is blank for all partitions.
They are present when run as root.


Perhaps it needs read access to the partition's content, which it
only gets as root? (Or as group disk, as the case may be).

Debian is trying to protect you from someone taking over your...
say Apache and exfiltrating your most carefully kept secrets on
your harddisk. Just imagine how embarrassing that will be when
Wikileaks publishes that all!

;-D



My Debian machines do not physically have networking capability.
See my email hearder. Mr. Gates can handle some things ;/

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:37:53AM -0600, Richard Owlett wrote:
> On 11/7/2016 6:20 AM, Felipe Salvador wrote:
> >On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> >>*HOWEVER* parted requires root privileges. That is not acceptable.
> >>Suggestions?
> >>TIA
> >
> >lsblk -fr ?
> >
> 
> Debian is perverse ;{

Uh... aren't we all?

> man page suggested good things.
> However when run as other than root, there is a column heading
> "FSTYPE".
> It is blank for all partitions.
> They are present when run as root.

Perhaps it needs read access to the partition's content, which it
only gets as root? (Or as group disk, as the case may be).

Debian is trying to protect you from someone taking over your...
say Apache and exfiltrating your most carefully kept secrets on
your harddisk. Just imagine how embarrassing that will be when
Wikileaks publishes that all!

;-D

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlggeOgACgkQBcgs9XrR2kYfuACdHtFYRmuLtAPQ7ShPD8ZIJwB5
+hwAnj0J/pTjTpopjNck+DJ8Xb22K7m6
=qNZ4
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> I need to identify file system on all partitions of my hard drive
> whether mounted or not.
> parted /dev/sda print | grep ext | grep -v exte
> reports the desired information [partitions formatted ext?] in a
> convenient format.
> *HOWEVER* parted requires root privileges. That is not acceptable.
> Suggestions?

It's not parted. It's the partitions themselves (or more accurately,
the devices via which your operating system makes the partitions
available to user space). By default (and there are some reasons
for it) they're not readable by everyone. They are writable by
even less. On my box, for example:

  tomas@rasputin:~$ ls -al /dev/sd*
  brw-rw 1 root disk 8, 0 Nov  7 09:06 /dev/sda
  brw-rw 1 root disk 8, 1 Nov  7 09:06 /dev/sda1
  brw-rw 1 root disk 8, 2 Nov  7 09:06 /dev/sda2
  brw-rw 1 root disk 8, 5 Nov  7 09:06 /dev/sda5

So you'd have to be associated to the "disk" group to read those
things and you'd have to *be* root to write.

Same goes for lsblk (as has been recommended in this thread) or
any other tool you might consider. That said, lsblk seems to be
a better fit for your needs anyway.

Parted has no problems running as a regular user if the (device)
file under question is (readable/writable) by said user. It only
tries to be helpful with some messages when it isn't running under
root *and* encounters permission/owner conflicts. *That* might
cause some confusion.

Regards
- -- tomás

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlggd98ACgkQBcgs9XrR2kaDxgCY1ArE0224tHxE6XyHBtpNXNv2
zgCfex3jBX/eggibGeXPZNm+YR7WzP8=
=MMiF
-END PGP SIGNATURE-

Re: parted is ALMOST suitable

[Richard Owlett]

On 11/7/2016 6:20 AM, Felipe Salvador wrote:

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:

*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?
TIA


lsblk -fr ?



Debian is perverse ;{
man page suggested good things.
However when run as other than root, there is a column heading 
"FSTYPE".

It is blank for all partitions.
They are present when run as root.
Thanks for trying.

Re: parted is ALMOST suitable

[Darac Marjal]

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
I need to identify file system on all partitions of my hard drive 
whether mounted or not.

   parted /dev/sda print | grep ext | grep -v exte
reports the desired information [partitions formatted ext?] in a 
convenient format.

*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?


parted probably wants root privileges because it is, by nature a 
PARTition EDitor.


Try, instead, "lsblk" (in package util-linux), which will LiSt BLocK 
devices. I'm not immediately sure how to get it to show ONLY partitions, 
but the following seems to work:


$ lsblk -l|awk 'NR==1||/part/'

(or just "|grep part" if you don't care about seeing the header :)



TIA





--
For more information, please reread.


signature.asc
Description: PGP signature

Re: parted is ALMOST suitable

[Frank]

Op 07-11-16 om 13:11 schreef Richard Owlett:

I need to identify file system on all partitions of my hard drive
whether mounted or not.
parted /dev/sda print | grep ext | grep -v exte
reports the desired information [partitions formatted ext?] in a
convenient format.
*HOWEVER* parted requires root privileges. That is not acceptable.
Suggestions?


Have a look at lsblk. It has many possible output format settings (lsblk 
--help shows a list) and most of them are available without root 
privileges (a few aren't - don't remember which ones, though).


Regards,
Frank

Re: parted is ALMOST suitable

[Felipe Salvador]

On Mon, Nov 07, 2016 at 06:11:50AM -0600, Richard Owlett wrote:
> *HOWEVER* parted requires root privileges. That is not acceptable.
> Suggestions?
> TIA

lsblk -fr ?

-- 
Felipe Salvador