# User privileges and permissions!



## teo (Nov 12, 2021)

Hello

Does anyone know how to proceed to give permissions and privileges to the user and his group ? As the image shows, some things are padlocked, and you can not give permissions graphically, because it is inactive and does not allow to run as a user.

The external device (usb memory) is displayed automatically mounted in that folder (nautilus) in the path of the /media/da0s1 file, and it is operating as owner which is equal to root.


----------



## SirDice (Nov 12, 2021)

What filesystem is on that stick? This is important because filesystems like FAT don't have a way to set permissions (filesystem doesn't support that). So you will need to mount it with the correct "top-level" permissions.


----------



## eternal_noob (Nov 12, 2021)

freebsd mount user permissions site:forums.freebsd.org - Google Search


----------



## Zvoni (Nov 12, 2021)

Don't you have to add your user(s) to group "operator" and adding a rule in /etc/devfs.rules
incl. an entry in rc.conf and sysctl.conf?









						Chapter 19. Storage
					

This chapter covers the use of disks and storage media in FreeBSD. This includes SCSI and IDE disks, CD and DVD media, memory-backed disks, and USB storage devices.




					docs.freebsd.org


----------



## teo (Nov 12, 2021)

SirDice said:


> What filesystem is on that stick? This is important because filesystems like FAT don't have a way to set permissions (filesystem doesn't support that). So you will need to mount it with the correct "top-level" permissions.


The USB memory stick is FAT 32



			
				Zvoni said:
			
		

> Don't you have to add your user(s) to group "operator" and adding a rule in /etc/devfs.rules
> incl. an entry in rc.conf and sysctl.conf?


I already did those procedures after adding the user account to wheel and operator groups in the creation, and give permissions in this way (if I am not wrong) to the user as operator, example:

Mounting devices or others:

# `pw groupmod wheel -m der`
# `pw groupmod operator -m der`

For the  /etc/devfs.rules  file, I did add this:

# `vi /etc/devfs.rules`

```
[system=10]
add path 'ugen*'  mode 0660 group operator
add path 'cuaU*'  mode 0660 group operator
add path 'uhid*'  mode 0660 group operator
add path 'usbctl*'  mode 0660 group operator
add path 'usb/*'  mode 0660 group operator
add path 'video*'  mode 0660 group operator
add path 'ng_ubt*'  mode 0660 group operator
add path 'cd*'  mode 0660 group operator
add path 'da*'  mode 0660 group operator
add path 'pass*'  mode 0660 group operator
add path 'xpt*'  mode 0660 group operator
add path 'unlpt*' mode 0660 group cups
add path 'ulpt*' mode 0660 group cups
add path 'lpt*' mode 0660 group cups
```

For the /etc/sysctl.conf  file:

#  `vi  /etc/sysctl.conf`

```
vfs.usermount=1
```

For the /etc/rc.conf file:

# `vi /etc/rc.conf`

```
devfs_system_ruleset="system"
```

Is there anything else I need to do ?


----------



## astyle (Nov 12, 2021)

There are some pretty hacky workarounds that I've been using from time to time:

```
# mkdir /mnt/usb
# chown  user:user /mnt/usb
# chmod 777 /mnt/usb
# mount -t msdosfs /dev/da0s1 /mnt/usb
```
Not the best way to do things, this is a really crude workaround, but worked reliably for me. After those 4 commands (done as root), the regular user can access the USB stick from Nautilus and Dolphin, and even delete files, if need be.


----------



## T-Daemon (Nov 12, 2021)

teo said:


> The external device (usb memory) is displayed automatically mounted in that folder (nautilus) in the path of the /media/da0s1 file, and *it is operating as owner*


In the image it says for "da0s1 Properties"  "You are not the owner, ..." (see bottom right). The owner is shown in the "Permissions" tab as "Charlie". Who is "Charlie" owning /media/da0s1?

Also, how is the USB stick mounted? Please show command or service.


----------



## astyle (Nov 12, 2021)

T-Daemon said:


> Who is "Charlie" owning /media/da0s1


  That's root!


----------



## T-Daemon (Nov 12, 2021)

Mystery solved!


----------



## teo (Nov 12, 2021)

astyle said:


> There are some pretty hacky workarounds that I've been using from time to time:
> 
> ```
> # mkdir /mnt/usb
> ...


With that method of yours, you are creating another path for the device that is automatically mounted by default from the /media/da0s1 file.



			
				T-Daemon said:
			
		

> In the image it says for "da0s1 Properties" "You are not the owner, ..." (see bottom right). The owner is shown in the "Permissions" tab as "Charlie". Who is "Charlie" owning /media/da0s1?
> 
> Also, how is the USB stick mounted? Please show command or service.



It is the name (Charlie & ) that is automatically generated by the standard system running as the root system, and displayed in the desktop environment  entering root mode.  But the user is not running on the root system, so the external device automatically mounts in that folder of the path mentioned above, and that the user has no privileges or permissions to run in the properties of that folder (nautilus) of the da0s1 file that visualized the  contents of the device.



The mount points of the da0s1  file are displayed as follows:

$`ls -l /dev/da*`

```
crw-rw----  1 root  operator  0x77 Nov 12 21:14 /dev/da0
crw-rw----  1 root  operator  0x78 Nov 12 21:14 /dev/da0s1
$
```

And to view the group properties, you will notice that the user has no privileges or permissions as operator in the properties of the system root  directories  such as /home, /media or /dev and /mnt...

$ `ls -l /`

```
total 65
-r--r--r--   1 root      wheel  6109 Apr  9  2021 COPYRIGHT
drwxr-xr-x   2 root      wheel  1024 Nov  8 22:34 bin
drwxr-xr-x  15 root      wheel  1536 Nov 12 19:30 boot
dr-xr-xr-x  17 root      wheel   512 Nov 12 21:13 dev
-rw-------   1 root      wheel  4096 Nov 12 21:13 entropy
drwxr-xr-x  27 root      wheel  2560 Nov 10 03:04 etc
lrwxr-xr-x   1 root      wheel     8 Nov  8 22:32 home -> usr/home
drwxr-xr-x   5 root      wheel  2048 Nov  8 22:34 lib
drwxr-xr-x   3 root      wheel   512 Apr  9  2021 libexec
drwxr-xr-x   4 root      wheel   512 Nov 12 13:49 media
drwxr-xr-x   2 root      wheel   512 Apr  9  2021 mnt
drwxr-xr-x   3 root      wheel   512 Nov 12 21:13 net
dr-xr-xr-x   1 root      wheel     0 Nov 12 21:33 proc
drwxr-xr-x   2 root      wheel  2560 Nov  8 22:34 rescue
drwxrwx---   6 operator  der     512 Nov 10 13:52 root
drwxr-xr-x   2 root      wheel  2560 Nov  9 19:09 sbin
lrwxr-xr-x   1 root      wheel    11 Apr  9  2021 sys -> usr/src/sys
drwxrwxrwt   7 root      wheel   512 Nov 12 21:33 tmp
drwxr-xr-x  15 root      wheel   512 Nov  8 22:32 usr
drwxr-xr-x  25 root      wheel   512 Nov 12 21:13 var
$
```

Correct me if I am wrong by looking at the output given by the command.


----------



## T-Daemon (Nov 13, 2021)

teo said:


> ... the device that is automatically mounted by default from the /media/da0s1 ...


We need to know which utility and eventually its service is used to automatically mount the external device. Please execute `mount | grep da1s1`.

As SirDice already mentioned in post #2, to mount a FAT file system with read or read/write permissions for other users than the user mounting, it needs to be mounted by the utility used with the correct (top-level) permissions.



teo said:


> The mount points of the da0s1 file are displayed as follows:
> 
> ```
> crw-rw---- 1 root operator 0x78 Nov 12 21:14 /dev/da0s1
> ```


What are the permissions, owner and group of directory /media/da1s1/: `ls -ld /media/da1s1` ?



teo said:


> And to view the group properties, you will notice that the user has no privileges or permissions as operator in the properties of the system root directories such as /home, /media or /dev and /mnt...


It doesn't have to. Decisive is what permissions the directory has on which the USB stick, more precisely, the partition is mounted to (/media/da1s1 in this case). Those permissions, and also owner and group, are determined by the utility and eventually user mounting.

The system has unusual configurations. Why are the owner and group of /root  changed to `operator  der`?


teo said:


> $ ls -l /
> drwxrwx--- 6 operator der 512 Nov 10 13:52 root


----------



## teo (Nov 13, 2021)

T-Daemon said:


> We need to know which utility and eventually its service is used to automatically mount the external device. Please execute `mount | grep da1s1`.


When executing this command:


:/media $ `mount | grep da1s1`
;/media $ `ls  -la`

```
total 44
drwxr-xr-x   4 root  wheel    512 Nov 12 13:49 .
drwxr-xr-x  19 root  wheel   1024 Nov 13 11:54 ..
drwxr-xr-x   2 der   wheel    512 Nov  9 00:53 TOSHIBA_TransMemory_001CC0C60DDAECC0C32601BB_s1
drwxrwxr-x   1 root  wheel  32768 Jan  1  1980 da0s1
$
```



			
				T-Daemon said:
			
		

> What are the permissions, owner and group of directory /media/da1s1/: ls -ld /media/da1s1 ?



In the image published at the beginning, you will see in the properties of the folder (nautilus) generated by the system  when mounting automatically the dispositive the permissions that the root system owner and its wheel group have to
execute/read/write, while the user does not have permissions as operator and this disabled in mode graphic for change manualy as user.




			
				T-Daemon said:
			
		

> The system has unusual configurations. Why are the owner and group of /root changed
> to operator  der?



I don't know, I'm not clear on that, with creating accounts for the user and group, and granting permissions for device mounting through those commands mentioned at the beginning, is the result of  the configuration.


----------



## grahamperrin@ (Nov 13, 2021)

teo said:


> … mounting automatically …



`service -e | sort`


----------



## teo (Nov 13, 2021)

grahamperrin said:


> `service -e | sort`


/media $ `service -e | sort`

```
/etc/rc.d/automount
/etc/rc.d/automountd
/etc/rc.d/autounmountd
/etc/rc.d/bgfsck
/etc/rc.d/cleanvar
/etc/rc.d/cron
/etc/rc.d/devd
/etc/rc.d/devmatch
/etc/rc.d/dmesg
/etc/rc.d/gptboot
/etc/rc.d/hostid
/etc/rc.d/hostid_save
/etc/rc.d/ip6addrctl
/etc/rc.d/kldxref
/etc/rc.d/mixer
/etc/rc.d/motd
/etc/rc.d/moused
/etc/rc.d/netif
/etc/rc.d/newsyslog
/etc/rc.d/ntpdate
/etc/rc.d/os-release
/etc/rc.d/rctl
/etc/rc.d/resolv
/etc/rc.d/savecore
/etc/rc.d/sendmail
/etc/rc.d/sshd
/etc/rc.d/syslogd
/etc/rc.d/virecover
/usr/local/etc/rc.d/dbus
```
:/media $


----------



## grahamperrin@ (Nov 14, 2021)

Thanks.

<https://www.freebsd.org/cgi/man.cgi?query=automount&sektion=8&manpath=FreeBSD>

The solution at <https://forums.freebsd.org/posts/476550> involved use of sysutils/automount (not to be confused with the automount in FreeBSD). There's also discussion of devfs.

If I'm not mistaken, *KDE Plasma* allows me to mount things without difficulty – with *suitable ownership* – on demand, for example this mount point automatically created a few minutes ago:


```
% ls -dhl /media/Freecom_Mobile_Drive_XXS_29251B141A00_p1
drwxr-xr-x  1 grahamperrin  wheel    16K  1 Jan  1980 /media/Freecom_Mobile_Drive_XXS_29251B141A00_p1
%
```

I could as easily set preferences in Plasma for things to mount automatically, but for a variety of reasons, I prefer to not automate mounts.

Other recent discussions of devfs(8) include page 2 of a topic about Intel graphics.


----------



## T-Daemon (Nov 14, 2021)

teo said:


> In the image published at the beginning, you will see in the properties of the folder (nautilus) generated by the system when mounting automatically the dispositive the permissions that the root system owner and its wheel group have to
> execute/read/write, while the user does not have permissions as operator and this disabled in mode graphic for change manualy as user.


Right, I lost track of information available.



teo said:


> /etc/rc.d/automount
> /etc/rc.d/automountd
> /etc/rc.d/autounmountd


Better use sysutils/automount based on devd(8). It works out of the box, without configuration, also grants users execution permission to umount(8) . If you decide to use this utility, to not interfere with automountd(8), disable all configurations made to work with automountd(8), in special in /boot/loader.conf (`autofs_load`) and /etc/rc.conf (`autofs_enable`).


If you insist on using automountd(8), set to /etc/auto_master read/write/execution permissions mode creation mask "070" (see chmod(1) for details) to the "wheel" group (or set mask for everybody: 777). The mode creation mask will be valid for FAT file system mounted with mount_msdosfs(8) only:

```
/media                  -media            -nosuid,noatime,autoro,-m=770
```

To have read/write access to a FAT file system mounted by automountd(8) all the user needs is to be in the wheel group (unless the mask is set to 777, then the user doesn't have to be in a specific group). No configuration necessary in
- /etc/devfs.rules
- /etc/sysctl.conf (`vfs.usermount=1`)
- /etc/rc.conf (`devfs_system_ruleset="system"`)


----------



## grahamperrin@ (Nov 15, 2021)

T-Daemon said:


> … to not interfere with …



FreeBSD bug 259844 – sysutils/automount expand package message with regard to conflicts


----------

