# Root or User to mount USB



## FreeBSD user (May 29, 2017)

I have a question about mounting USB in FreeBSD. I have read all the relevant man pages and handbook topic about the procedure how to do it, but my question is what is secure way of mounting a USB is it by root or allow a user to mount usb by following command:

mount_msdosfs /dev/da0s1 /media/usb


I asked this because rom 6.0 OpenBSD stopped user to mount USB leaves only to root. But what I sometimes think is it not dangerous to mount any USB through root?

I am the only user for my home system.


----------



## SirDice (May 29, 2017)

FreeBSD user said:


> But what I sometimes think is it not dangerous to mount any USB through root?


It's assumed being root means you know what you are doing. Root has enough power to shoot yourself in the foot anyway. The question is really do you want a user to have the power to shoot themselves in the foot?


----------



## FreeBSD user (May 29, 2017)

I completely understand what you said but I asked this ( As I told before I am the only user for my home system) because as when I start my desktop environment say xfce as user with startx and not as root and then startx to avoid any malicious code inject into the system, for the same reason I thought it would be better to not use root for daily desktop usage to avoid any potential code through any USB ( music borrowed from a friend in USB) enter into my system that is all I meant and asked the question.


----------



## SirDice (May 29, 2017)

I understand what you're asking. But you'd only be mounting the (USB) disk as root (`sudo mount .....`). This doesn't execute anything on the stick itself so it can be "safely" done as root. Of course editing (or reading/running/whatever) the actual files on the stick should be done as a regular user.


----------



## FreeBSD user (May 29, 2017)

Thank you very much.l You clear my doubts now.


----------



## ekingston (May 29, 2017)

Further on the security considerations....

You could run the mount command as root but have some filesystems mounted with restrictions of a normal user (to some extent) by overriding the user and group with the mount command. For non-UNIX operating systems, this will happen anyway since they may not have compatible user/group/permissions. You can also do so for filesystems intended for UNIX like operating systems.

Some extra mount flags to consider:

-o nosuid,noexec

For msdosfs and smbfs you could also consider assiging user and group for file ownership of the media?

-u user -g group

Note -u has a completely different meaning for ufs

I, personally, also set -o sync on usb media. It slows down writes dramatically but significantly reduces the chance of data loss if you pull out the thumb drive before unmounting it.


----------

