Blog

03/06/2019

FreeBSD Allow Normal Users To Mount CDROMs/DVDs/USB Devices



How do I allow any ordinary users (such as my son or wife) to mount CD-ROMs, DVDs, USB drives, and other removable media on our home server powered by FreeBSD operating systems?

Introduction: You need to use the sysctl command to set or get FreeBSD kernel state to allow FreeBSD users to mount CDROMs / DVDs / USB devices. Under FreeBSD unprivileged users may mount and unmount file systems based on CDROMs or DVDs or USB devices by setting a special kernel variable called vfs.usermount.

Syntax for FreeBSD to allow normal users to mount devices

You need to run the following command as root user:
sysctl vfs.usermount
sysctl vfs.usermount=1

The value 1 indicates that you need to setup permission so that FreeBSD allow normal users to mount CDROMs, DVDs, USB pen drive and so on. Next, you need to add and set a device permissions in /etc/devfs.conf file for users.

Example: FreeBSD Allow Normal Users To Mount CDROMs / DVDs / USB Devices

Edit /etc/sysctl.conf using a text editor such as ee command or vim command, enter:
# vi /etc/sysctl.conf
Append the following variable so that it can load persist across reboots:
vfs.usermount=1
Save and close the file in vim text editor. Type the following command for current session:
# sysctl vfs.usermount=1
Sample outputs:

vfs.usermount: 0 -> 1

Find device names

Use camcontrol devlist or egrep 'ad[0-9]|cd[0-9]' /var/run/dmesg.boot commands to find out CD/DVD/USB device names under FreeBSD:
# camcontrol devlist
OR
# egrep 'ad[0-9]|cd[0-9]' /var/run/dmesg.boot

Update /etc/devfs.conf

The device owner and permissions will be reset the next time the system is restarted, in order to make this change permanent you need to edit /etc/devfs.conf. In this example, I need to allow user vivek to mount my cdrom called /dev/cd0. Edit /etc/devfs.conf, enter:
# vi /etc/devfs.conf
Add the following two line so that all users can mount a USB drive if they are in operator group:

own       /dev/da0       root:operator
perm      /dev/da00      0666

Also, add the following two line so that all users can mount a /dev/cd0 drive if they are in operator group:

## allow member of operator to mount cdrom
own	   /dev/cd0	   root:operator
perm      /dev/cd0	   0660

Save and close the file. Feel free to replace /dev/cd0 and /dev/da0 as per your system configuration. You need to add user to a group called operator using the pw command, run:
# pw groupmod operator -m vivek
Verify new group membership, run:
# id vivek
Sample outputs:

uid=1001(vivek) gid=1001(vivek) groups=1001(vivek),0(wheel),5(operator)

User command to mount devices

Normal users can now mount devices they could read onto a directory that they own such as $HOME using the mount_cd9600 command:
% mkdir ~/cdrom
% mount_cd9660 /dev/cd0 ~/cdrom
% mount

Sample outputs:

/dev/ada0p2 on / (ufs, local, journaled soft-updates)
devfs on /dev (devfs, local, multilabel)
/dev/cd0 on /usr/home/vivek/cdrom (cd9660, local, nosuid, read-only, mounted by vivek)

User command to unmount devices

Unmounting the device is simple:
% umount ~/cdrom
For more info see FreeBSD devfs.conf(5) and sysctl man pages.

Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14/08/2019

How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...
14/08/2019

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....
12/08/2019

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...