Allow normal user to mount linux partitions, usb stick / pen device

Posted on in Categories CentOS, Debian Linux, File system, Hardware, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Security, Ubuntu Linux, User Management last updated July 15, 2005

You need to use autofs. It is use to mount file system on demand. Usually autofs is invoked at system boot time with the start parameter and at shutdown time with the stop parameter. The autofs script can also manually be invoked by the system administrator to shut down, restart or reload the automounters.

autofs will consult a configuration file /etc/auto.master to find mount points on the system.

i) Install autofs if not installed. if you are using Debian / Ubuntu Linux, enter:
# apt-get install autofs
ii) Create dekstop group and add user jimmy to this group:
# groupadd desktop
# usermod -G video,desktop jimmy
# chmod -R a+rx /var/autofs/misc

iii) Configure autofs so that usb stick can be accessed:
# vi /etc/auto.misc

iv) Append following text to auto.misc:
usb -fstype=auto, user, sync, nodev, nosuid, gid=desktop, umask=002 :/dev/sda1
d -fstype=vfat, user, sync, nodev, nosuid,gid=desktop, umask=002 :/dev/hda2

Where,

  • usb : Is directory name, which can be accessed via /var/autofs/misc/usb directory. User in desktop group just need to type cd command (cd /var/autofs/misc/usb) to change the directory.
  • -fstype- auto, user, sync, nodev, nosuid, gid-desktop, umask-002 :- All these are options used to mount the file system by automounter.
  • auto: File system is automatically determined by kernel.
  • user: Normal user are allowed to mount devices
  • nodev: Do not interpret character or block special devices on the file system.
  • nosuid: Do not allow set-user-identifier or set-group-identifier bits to take effect. This is security feature.
  • gid=desktop: This allows file system mounted as as group dekstop. As we have added user jimmy to this group already.
  • umask=002: Setup umask so that users in group desktop can write data to device.

Please note that without gid and umask option normal user cannot write data to device.

v)Restart the autofs:
#/etc/init.d/autofs restart
vi) Test it as user jimmy (make sure usb stick/pen is inserted into usb port):
$ ls /var/autofs/misc/usb
$ cd /var/autofs/misc/usb
$ mkdir testdir
$ ls -l

FreeBSD: How to write protect important file ( even root can NOT modify / delete file )

Posted on in Categories File system, FreeBSD, Security last updated June 29, 2005

The chflags utility modifies the file flags of the listed files as specified by the flags operand.

FreeBSD offers write protection, you need to to set special bit call immutable. Once this bit is setup no one can delete or modify file including root. And only root can clear the File immutable bit.

You must be a root user to setup or clear the immutable bit.

Setup file immutable bit

Use chflags command as follows:
# chflags schg /tmp/test.doc
Try to remove or moify file file with rm or vi:
# rm -f /tmp/test.doc
Output:

rm: /tmp/test.doc: Operation not permitted

Now root user is not allowed to remove or modify file. This is useful to protect important file such as /etc/passwd, /etc/master.passwd etc.

Display if file immutable bit is on or off

ls -lo /tmp/test.doc
Output:

-rw-r--r--  1 root  wheel  schg 19 Jun 29 22:22 /tmp/test.doc

Clear or remove file immutable bit

#chflags noschg /tmp/test.doc
Now you can remove or modify file. Please note that immutable flag can be set by root user only. chflags also supports few other interesting flags.

  • arch: set the archived flag
  • nodump: set the nodump flag
  • sappnd: set the system append-only flag
  • schg: set the system immutable flag
  • sunlnk: set the system undeletable flag
  • uappnd: set the user append-only flag
  • uchg: set the user immutable flag
  • uunlnk: set the user undeletable flag

Putting the letters no before an option causes the flag to be turned off.

Please note Linux also supports immutable flag to write protect files using chattr command.

See man page chflags and ls commands for more information.

Linux : How to delete file securely

Posted on in Categories File system, Gentoo Linux, Linux, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated June 22, 2005

Recently we had lot of discussion regarding this issue. How to remove files securely so that it cannot be undeleted. Peter Gutmann paper “Secure Deletion of Data from Magnetic and Solid-State Memory” has very good information. Here are some commands/tools available under Debian GNU/Linux (it should work with other Linux distributions) to delete file securely.

srm: Securely remove files or directories

This command is a replacement for rm command. It works under Linux/BSD/UNIX-like OSes. It removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undelete or recovering any information about the file from the command line. Because it does lots of operation on file/directory for secure deletion, it also takes lot of time to remove it. Download srm from http://sourceforge.net/projects/srm (RPM file is also available for RPM based Linux distributions)

i) Untar and install the srm:

# ./configure
# make
# make install 

ii) How to use srm?
srm syntax is like rm command. Read man srm. Here is simple example:

$ srm privateinfo.doc

wipe: It is a secure file wiping utility

Download wipe from http://wipe.sourceforge.net/
i) Untar and install the wipe

# ./configure
# make
# make install

ii) How to use wipe?

$ wipe filename

Read man page of wipe for information.

shred: Delete a file securely, first overwriting it to hide its contents.

It is available on most of Linux distributions including Debian GNU/Linux. To remove file called personalinfo.tar.gz :

$ shred -n 200 -z -u  personalinfo.tar.gz

Where,

  • -n: Overwrite N (200) times instead of the default (25)
  • -z: Add a final overwrite with zeros to hide shreddin
  • -u: Truncate and remove file after overwriting

Read the man page of shred(1) for more information. Most of these utilities are not effective (read as useless) only if :

  • File system is log-structured or journaled filesystems, such as JFS, ReiserFS, XFS, Ext3 etc
  • Your filesystems is RAID-based, compressed filesystem etc
  • In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed by these utilities.

See also:

Linux: How to use USB pen / flash stick

Posted on in Categories Debian Linux, File system, Gentoo Linux, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux last updated May 10, 2005

More and more people these days using the USB pen and flash memories instead of floppies and CDs. They come is different sizes from 128MB upto 2 GB. Moreover, may new Linux user find it difficult to use usb devices, the main problem is people don’t understand how it works…

USB devices use SCSI devices names

SCSI devices such as /dev/sda use to represent your first USB pen/stick and equivalent partitions are as follows:

Sample 256 MB USB PEN (E: is 100 MB, F: is rest of the free space)
Linux Partition => Windows XP/NT
/dev/sda1 => E: (assuming that C: is hard-disk; D: is VD/CD/RW)
/dev/sda2 => F: (assuming that C: is hard-disk; D: is DVD/CD/RW; E: is first drive USB pen 100 MB drive)

Linux Kernel must have support for USB

Linux kernel must compiled with support for
i) SCSI disk
ii) USB Support
iii) USB Mass support

Most of the modern Linux distribution comes with all sort of support. If it is not included, get latest kernel from http://kernel.org/ and make sure you compile it with above features + file system support such as ext2/3, vfat and so on…

Commends to mount USB Pen / Flash memory stick under Linux

a) Log in as the root user (or use sudo command)

b) Create a mount point
# mkdir –p /mnt/pen
# mkdir –p /mnt/pen

c) To mount the disk run mount command:
# mount /dev/sda1 /mnt/pen

This command will mount MS-Windows XP/Vista E: into /mnt/pen

d) To use it or to see your files:
# cd /mnt/pen
# ls –l

e) To copy files from /home/rdl/*.c to directory to pen drive us cp command:
# cp –v /home/rdl/*.c /mnt/pen

f) You can use rest of the all command such as rm, rmdir, mv etc to copy, move or delete files.

g) To format the /dev/sda2 as Linux ext3 partitions use the following command:
# mkfs.ext3 /dev/sda2

h) To delete all partition and to create new partition use run fdisk program:
# fdisk /dev/sda

Refer to fdisk man page for more information on how to delete and create partitions.

g) To list all partition on all devices use the following command:
# fdisk –l

h) Use dmesg command to get more info on your USB devices:
# dmesg | grep –i "usb"

i) Run scandisk (window like stuff) on /dev/sda1:
# umount /dev/sda1
# fsck /dev/sda1

Further readings:

=> See the detailed guide USB Flash Memory HOWTO

Linux: Burn multi session CDs on Linux

Posted on in Categories CentOS, Debian Linux, File system, Gentoo Linux, Hardware, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux last updated July 8, 2004

Under Linux you can use tool called cdrecored (use to record audio or data Compact Discs) with mkisofs (use to create an hybrid SO9660/JOLIET/HFS filesystem with optional Rock Ridge attributes ) for this purpose.

Step #1: Create first session as follows

1) Create an iso image first:

# mkisofs -R -o /tmp/cd.iso /backup/06-07-2004/

Where,

  • -R : Uses Rock Ridge naming convention/attributes
  • -o : Name of new iso file (cd.iso)
  • /backup/06-07-2004/ : Everything in /backup/06-07-2004/ will be put into cd.iso file

2) Burning the disk (or an ISO image) for first session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/cd.iso

Where,

  • -dev=0,0,0 : device number (tip you can use cdrecord -scanbus command to get this number)
  • -multi : Start multi session disk
  • -data : This option required for HP and Sony CD Writer only.
  • -v : Verbose i.e show info while burning the disk
  • -eject : Ejects the CD when done
  • -speed=4 : Write speed (4x)
  • cd.iso : Name of image being burned

3) Mount cdrom and see the contains:

# mount /mnt/cdrom
# ls /mnt/cdrom
# rm -f /tmp/cd.iso

OR< pre># mount /dev/hda /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/cd.iso
4) You can also verify that how many sessions written so far:

# umount /mnt/cdrom
# cdrecord -dev=0,0,0 -toc

Where,

  • -dev=0,0,0 : Device number
  • -toc : Retrieve and print out the table of content

Step #2: Burning the disk (or ISO image) for next session

Next session is bit tricky. You need to specify last sessions starting and ending sector numbers this information can be obtained from the following command:

# cdrecord -dev=0,0,0 -msinfo

Output:

0,11063

1) Create next session ISO file:

# mkisofs -o /tmp/ses2.iso -R -V session2 -C $(cdrecord -dev=0,0,0 =msinfo)
-M 0,0,0 /backup/07-07-2004

Where,

  • -C $(cdrecord -dev=0,0,0 –msinfo) : This option is needed when mkisofs is used to create the image of a second session or a higher level session for a multi session disk
  • -M 0,0,0 : Specifies path to existing iso9660 image to be merged.

2) Burning the disk (or an ISO image) for second session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/ses2.iso

3) Mount cdrom and see the contains:

# mount /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

OR

# mount /dev/hda  /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

Note: When you wish to close disk (multi session cd), omit the -multi option for last session.

Online references:

How to: Extract files from ISO CD images in Linux

Posted on in Categories Debian Linux, File system, Gentoo Linux, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated April 27, 2004

Under many situations you may need to get a single file/many files from Linux ISO image.

You can mount ISO images via the loop device. You need to use mount command. First login as a root user:

Extract File(s) Under Linux OS

Let us assume that your ISO image name is disk1.iso.

Step # 1: First you need to create a directory /mnt/iso

# mkdir /mnt/iso
# mount -o loop disk1.iso /mnt/iso

Step # 3: Extract file

Now you can easily copy file called file.txt from iso disk image to /tmp directory :

# cd /mnt/iso
# cp file.txt /tmp

Step # 4: Copy foo.rpm from ISO disk image:

# cd /mnt/iso/RedHat/RPMS
# cp foo.rpm /tmp 

Extract File(s) Under Windows XP or Vista Os

Windows do not have in built capability as provided by Linux to extract file. Luckly many third party software exist my favorite is Winimage http://www.winimage.com/. Download trial version (I’m sure you will love to registered this tiny utility later):

1) Install Winimage software

2) Just double click on Linux ISO file

3) Select the desired file and hit CTRL + X (or from Image menu select extract)

For more information read man pages:

man cp
man mv
man rpm
man mount
man mkdir

How to mount remote windows partition (windows share) under Linux

Posted on in Categories CentOS, File system, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tip of the day, Ubuntu Linux, UNIX, Windows, Windows server last updated April 26, 2004

All files accessible in a Linux (and UNIX) system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree.

Use the mount command to mount remote windows partition or windows share under Linux as follows:

Procedure to mount remote windows partition (NAS share)

1) Make sure you have following information:
==> Windows username and password to access share name
==> Sharename (such as //server/share) or IP address
==> root level access on Linux

2) Login to Linux as a root user (or use su command)

3) Create the required mount point:
# mkdir -p /mnt/ntserver
4) Use the mount command as follows:
# mount -t cifs //ntserver/download -o username=vivek,password=myPassword /mnt/ntserver

Use following command if you are using Old version such as RHEL <=4 or Debian <= 3: # mount -t smbfs -o username=vivek,password=D1W4x9sw //ntserver/download /mnt/ntserver

5) Access Windows 2003/2000/NT share using cd and ls command:
# cd /mnt/ntserver; ls -l
Where,

  • -t smbfs : File system type to be mount (outdated, use cifs)
  • -t cifs : File system type to be mount
  • -o : are options passed to mount command, in this example I had passed two options. First argument is password (vivek) and second argument is password to connect remote windows box
  • //ntserver/download : Windows 2000/NT share name
  • /mnt/ntserver Linux mount point (to access share after mounting)

See also:

Updated for accuracy on Aug-8-2007, 8:19PM.

How to: Mount an ISO image under Linux

Posted on in Categories Debian Linux, File system, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated March 29, 2004

An ISO image is an archive file (disk image) of an optical disc using a conventional ISO (International Organization for Standardization) format. ISO image files typically have a file extension of .ISO. The name “ISO” is taken from the ISO 9660 file system used with CD-ROM media, but an ISO image can also contain UDF file system because UDF is backward-compatible to ISO 9660.

You can mount an ISO images via the loop device under Linux. It is possible to specify transfer functions (for encryption/decryption or other purposes) using loop device.

But, how do you mount an ISO image under Linux? You need to use mount command as follows: