wwp wrote: > Hello, > > > On Fri, 19 May 2006 10:41:04 -0500 "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote: > >> Jacob (=Jouk) Jansen wrote: >>> Karsten wrote on 19-MAY-2006 16:20:35.24 >>>> On Fri, May 19, 2006 at 04:00:07PM +0200, Jacob (=Jouk) Jansen wrote: >>>> Hi all, >>>> >>>> I have a FC5 system with an internal disk and a external USB disk >>>> withanext3 partition on it. If a shell script (bash,csh etc..) is >>>> located on the internal drive it works fine. If I copy it to the USB >>>> disk I get problems: (why????) >>> [snip] >>>> Check the output of 'mount' for that device. I'm pretty sure that it has >>>> been mounted with the 'noexec' flag. >>> You are right. >>> How to change this? This USB disk is mounted automatically when pluged >>> in. I cannot edit fstab since than the machine fails to boot when the >>> disk is not present. >>> >>> Jouk >>> >> You can add a local HAL rule to override the default behavior when >> mounting USB drives. For security reasons, you may want to make the >> rule specific to that USB drive. You will want to replace the noexec >> option with the nosuid option so that someone can not plug in a USB >> drive with a suid root binary that they can use to hack the system. >> (Easy way to crack a system - suid root an editor, and modify >> /etc/passwd so you can log in as root.) > > If I've well-understood some recent (and less recent) posts here, HAL is no > longer able to change the mount options - what a pain! I could confirm it, it > fails at passing exec or any other mount option, lines like the following fail: > > (excerpts from /usr/share/hal/fdi/policy/95userpolicy/mydevice.fdi > [..] > <merge key="volume.policy.mount_option.noexec" type="bool">false</merge> > <merge key="volume.policy.mount_option.exec" type="bool">true</merge> > [..] > > Did this ever work? I thought that HAL used the first matching rule it found. So it would find the rules in 90defaultpolicy first, and use them. But I have explored the changes in FC5 yet. The impression I get is that programs running under the GUI desktop can override the default HAL mounting rules. This is something I need to look into when I get some spare time. I have a USB card reader that reads Compact Flash and Smart Media cards. The problem is that it does not report if there is a SM card in the reader or not, so I need a special rule so that the SM socket is not auto mounted. Otherwise it takes forever to mount the CF card if I do not have a SM card installed. (Read timeouts.) Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!