3

Is there anyway to grant the mount command permission to a user? I seems impossible and the user must be a sudoer. However I want to know is it possible to create a group which has admin permission (only for mount) and then add the user to this group?

Jorge Castro
  • 71,754
mahmood
  • 1,875
  • Install and run GParted, this allows you to change mount options. – Simon Jun 26 '13 at 18:23
  • Just press Alt + F2 and enter Gparted in the dialog or type gparted into Terminal – Simon Jun 26 '13 at 18:27
  • I just tried it and I realise that I have misunderstood your question. I'll look around and see if I can find the answer. – Simon Jun 26 '13 at 18:36
  • http://askubuntu.com/questions/47272/why-am-i-asked-for-my-password-when-i-want-to-mount-a-drive/47281#47281 might point you in the right direction. – Simon Jun 26 '13 at 18:37
  • Can you tell us why do you need this? I mean, there is udisks which doesn't require root privileges to mount/unmount volumes. – edwin Jun 26 '13 at 20:33

2 Answers2

1

I guess this first link is not strange for you :

http://www.cyberciti.biz/faq/ubuntu-add-user-to-group/

There is then this link for users added to groups with help of acl :

http://knackforge.com/blog/vannia/setup-default-group-permissions-new-files-created-under-specific-directory-debianubuntu

With acl you can adjust partitions too.

Install acl first - if not done already:

sudo apt-get install acl

Assumed your linux-partition for root(sudo) is at sda2 - so then you need to edit /etc/fstab for device resp. partition sda2 and this looks there like before editing :

/dev/sda2 / auto defaults,nobootwait 0 2

after editing :

/dev/sda2 / auto defaults,nobootwait,acl 0 2

Now re-mount this partition with :

sudo mount -o remount /

When you changed /etc/fstab - you normally need to reboot :

sudo reboot

Now you can add a group, and within this group you add some users - e.g. group for developers with :

sudo addgroup developer

sudo adduser lewinsky developer

(lewinsky as example for member of group for developers - you have to repeat latter command for each user of group for developers)

Now you need to set acl for the folder ( you as user resp. boss for the group and the developers ) :

Set ACL for the folder:

sudo setfacl -d -m "u:nobody:rwx,g:developer:rwx,o::r-x" -R /home/you/

(this means.. you don't have any preference for the "user" a new file will be owned by -- defaults to the actual user creating the file, but the user's permissions given - rwx will be applied; group will be forced to "developer" with all permissions for the group; other users will just have read & execute permissions).

In case you already have contents in the folder, you could use this to change existing file's permissions to make it sharable within the group:

sudo chgrp developer -R /home/you

sudo chmod g+rwsx -R /home/you

Now here comes this missing answer for a certain user allowed to use commands like mount:

sudo adduser lewinsky admin

This would mean too, that lewinsky is the boss within the group developer and may use else commands except mount.

If you want lewinsky only to be allowed to use the single command mount - it would look like this :

sudo -u username command

also

sudo -u lewinsky mount

Community
  • 1
dschinn1001
  • 3,829
0

You can edit sudo config. Just type sudo visudo in Terminal, and you are in it. read man visudo and edit config. If, however, you only want to give access to particular disk, edit the /etc/fstab. Add users option to mount options listed there. After that use chmod 755 /mnt/disk1 on its mount point.

Barafu Albino
  • 6,541
  • I tried visudo but see no change. I wrote mahmood ALL=(mahmood) NOPASSWD:/bin/mount,/bin/umount. Is that correct? – mahmood Jun 26 '13 at 18:43