Rowland Penny
2024-Mar-28 11:33 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Wed, 27 Mar 2024 18:13:16 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> > Now thinking about apparmor, could this be stopping writing to the > drive ? >No, I removed apparmor and rebooted, no different. Tried to format the drive, but it seems to have gone read only, so used another drive and formatted that. When I insert the USB drive, it gets mounted on /media/rowland/usbdrive1 Checking the permissions on the path, shows this: rowland at devstation:~$ ls -ld /media/ drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/ Anyone can traverse /media rowland at devstation:~$ ls -ld /media/rowland/ drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/ There is an EA, so check that: rowland at devstation:~$ getfacl /media/rowland/ getfacl: Removing leading '/' from absolute path names # file: media/rowland/ # owner: root # group: root user::rwx user:rowland:r-x group::--- mask::r-x other::--- Only 'root', members of the 'root' group and 'rowland' can traverse /media/rowland rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/ drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/ So 'rowland' can traverse to the 'usbdrive1' directory, but only 'root' can write to it. WHY ?????????? It mounts the drive in a directory named after the user, it allows the user to get to the drive, but then denies the user the ability to write to the drive. Off to find out just what 'mounts' the drive and how. Rowland
Rowland Penny
2024-Mar-28 17:53 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Thu, 28 Mar 2024 11:33:16 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 27 Mar 2024 18:13:16 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > Now thinking about apparmor, could this be stopping writing to the > > drive ? > > > > No, I removed apparmor and rebooted, no different. > > Tried to format the drive, but it seems to have gone read only, so > used another drive and formatted that. > > When I insert the USB drive, it gets mounted on > /media/rowland/usbdrive1 > > Checking the permissions on the path, shows this: > > rowland at devstation:~$ ls -ld /media/ > drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/ > > Anyone can traverse /media > > rowland at devstation:~$ ls -ld /media/rowland/ > drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/ > > There is an EA, so check that: > > rowland at devstation:~$ getfacl /media/rowland/ > getfacl: Removing leading '/' from absolute path names > # file: media/rowland/ > # owner: root > # group: root > user::rwx > user:rowland:r-x > group::--- > mask::r-x > other::--- > > Only 'root', members of the 'root' group and 'rowland' can traverse > /media/rowland > > rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/ > drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/ > > So 'rowland' can traverse to the 'usbdrive1' directory, but only > 'root' can write to it. > > WHY ?????????? > > It mounts the drive in a directory named after the user, it allows the > user to get to the drive, but then denies the user the ability to > write to the drive. > > Off to find out just what 'mounts' the drive and how. > > Rowland >It seems that it is udev and udisks2 that automatically mount the USB drive after it is plugged into a USB port. The problem is I stated earlier, whilst it is mounted under a directory with the users name, it is mounted rwx for root and r-x for the user (others), which, if you think about it, is probably correct for a removable drive. Whilst the user may have one ID on a computer, they may have another ID on a different computer. The only cure I can find is to change the owner of the USB drives directory, e.g. chown rowland /media/rowland/usbdrive1 Rowland