I am trying to have all removable USB partitions (or at least those FAT formatted partitions) mounted by default with the options gid=torizon,uid=torizon (or the numerical user value).
So far I have tried:
add the defaults in /etc/udisks2/udisks2.conf and/or /etc/udsiks2/mount_options.conf
create a udev rule to set UDISKS_MOUNT_OPTIONS_DEFAULTS, I could verify that the value gets set, but it seems to be ignored or overwritten since the drives still are mounted as root in media
adding custom entries for /dev/sd* devices in fstab with the uid and gid options, this actually worked, but with the major caveat that it doesn’t work when hotplugging, the names wouldn’t be consistent and I would have to restrict things like number of partitions, if there has to be a partition at all and number of devices because I have to create an entry for every single mount
I’m guessing this has something to do with udisksctl telling me that mount option uid is not allowed but I don’t really know what else to try. So my question: Is this just not possible on TorizonCore 5.4.0 or am I missing something?
Just to make sure I understand your use-case, is the idea that any kind of FAT-formatted USB can be plugged and removed from your system at any time, and no matter the USB it must be mounted with permissions for the torizon user?
If that is the case this can be tricky with FAT formatted filesystems.
For context we have a systemd service usermount.service that auto mounts devices to /media. This service uses udisk2 to facilitate the mounting process. However, as you have noticed it doesn’t handle FAT very well due to the lack of unix permissions in this filesystem so it just defaults to root permissions.
As you can see it uses the line udisksctl mount -b $dev 2>/dev/null || true to finally mount the device. I tried instead replacing this command with the mount command directly, something like this mount -o nofail,uid=1000,gid=1000,umask=007 $dev /var/rootdirs/media 2>/dev/null || true, and this seems to work though I haven’t rigorously tested this.
You could probably make a similar script that loops and start it using another systemd service. You’ll probably need to disable our usermount.service to prevent conflicts. This is just a quick idea I had so there may be something I’m missing.
Yes that was the idea. I have an application running as the torizon user that would export some data to connected USB drives and would rather not have it run as root.
Thank you for that idea. Apparently setting umask does work with userdisksctl and FAT, so I might still be able to use that and just give write access to the torizon user.
Hi @josep.tx,
Yes you can consider it solved. Thank you for asking.
The solution I used, in case someone has a similar problem, was to write a udev rule matching an “add” action on the usb bus for partitions that after some delay (enough for the automount to finish mounting) remounts the partition with umask=000. This may fail if the automount takes to long and it’s not elegant but it is simple to implement and at least for now works in my use case.
