> --------- Received message begins Here ---------
> Scott Lenser <slenser@cs.cmu.edu>:
> > > From: "Chris Swiedler" <chris.swiedler@rememberit.com>
> > > Richard Stallman <rms@gnu.org> wrote in message
> > > > Is there any possibility of making Linux handle file systems on
> > > > floppies like MSDOS, so that there is no need to explicitly mount and
> > > > unmount a floppy drive in order to access floppies through the file
> > > > system?
> > >
> > > In discussing this problem, several people had possible solutions which were
> > > all shot down with a similar counterargument: the kernel can't assume that
> > > the user who is using the floppy drive is at the console. Apparently,
> > > Windows can automount floppies in part because it makes the assumption that
> > > there is only one user on the machine--an assumption which Unices by design
> > > can't make.
> > >
> > I don't see why we need to assume a single user to make floppies automount/
> > unmount. We do need an assumption, but I think we can get by with a weaker
> > one: a user can expect to lose data if the floppy is ejected while in use.
> > For this to work, the user at the console needs to be able to tell whether the
> > floppy drive is in use. I see several possible ways to do this:
> >
> > 1) some kind of device in use command
> > 2) auto unmount when no files on the floppy drive are in use (can be confusing
> > to user if 'ls /floppy' gives no files when floppy is in drive and unmounted
> > 3) make sure that the floppy drive busy light is on when their are dirty
> > buffers for the floppy (may not be possible on all/any hardware)
> > 4) make sure that all dirty data is written back whenever the device would
> > otherwise become not busy (this should keep the floppy drive light on, may not
> > be appropriate for other kinds of removable media)
> >
> > I would prefer option 3 if possible, option 4 if not since the floppy drive
> > light is the most intuitive way to found out if the floppy is busy.
> >
> > I think it would be most intuitive for users if we can manage to have the
> > floppy automounted when it is inserted and autounmounted when removed. Dirty
> > data needs to be flushed expediently for this to work well.
>
> And what user owns the floppy ? Everybody who is logged in?
> Can anybody write to it? Can everybody write to it.
>
Ok. Excellent points, I guess I didn't think this through enough. What if
the automounter is configured to mount the floppy as a particular user and
group with particular permissions. For instance, maybe it would be configured
to always mount it as 'drwxrwx--- root floppy'. Then access to the floppy
can be controlled by which users are in group floppy. Access to files on the
floppy is controlled by the file system and file permissions on the floppy.
> It the user who put the floppy in the drive stores some sensitive
> data (X.509 certificates come to mind) who can read it?.
>
Whoever has read permission to the floppy and read permission on the file.
> Must not forget security --- a blind automount has none. Something that
> will mount on request using uid= and gid= with access mode 0700 is necessary.
> And don't dismount until the original user requests it.
>
My suggestion wouldn't dismount until the physical media is removed at which
point someone who was using it is SOL. Of course, for media devices that
support locking eject, we would want to lock the eject when the device in use.
Maybe the eject button could signal a request to unmount the file system
which would fail if the file system is in use?
> Even this isn't fully secure, but is needed for removable media. The user
> needs to be able to allocate device for exclusive use as well.
>
I can't think of any way of doing this compatible with my suggestion except
turning off the auto-mounter. Maybe some command to disable/enable the
automounter? Or just kill/restart the daemon?
For more special needs and for different removable media, just turn off the
automounter and do it the old fashioned way.
- Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:17 EST