Configure file permission

[mb720]

Hi!

I'm running udiskie 2.4.0 on a Raspberry Pi 4 with Arch Linux as the OS. And it works great! 👍

What I'm trying to do is have user transmission's home directory on an attached USB drive, since the SD card inside the Raspberry Pi's is not that big.

I've created a symbolic link inside /home to point to the USB drive, running ls -l:

drwxr-x--- 15 me   me   4096 Jan  8 15:29 me
lrwxrwxrwx  1 root root   40 Jan  7 21:33 transmission -> /run/media/me/my_usb/transmission/

I can see with getfacl /run/media/me that user me can read and enter that directory, but currently not user transmission:

getfacl: Removing leading '/' from absolute path names
# file: run/media/me
# owner: root
# group: root
user::rwx
user:me:r-x
group::---
mask::r-x
other::---

In order to allow user transmission to access their home directory in /run/media/me/my_usb/transmission/, I'd like to configure udiskie to mount /run/media/me so that transmission can access it. getfacl would probably produce another line like this after configuring it that way:

user:transmission:r-x

Is it possible to achieve this?

Thanks in advance.

[coldfix]

Hi, if I understand you correctly, I don't think that's a matter of mount options, but rather a matter of setting up the correct permissions on the filesystem of the target device, e.g. something like:

sudo chown me:transmission /run/media/me/my_usb/transmission -R
sudo chmod g=u             /run/media/me/my_usb/transmission -R

Note that you also need execute permission for that user on all parent directories, e.g.:

sudo chown me:transmission /run/media/me/my_usb
sudo chmod g+x             /run/media/me/my_usb

If the transmission group doesn't exist, you have to create it first, e.g.:

sudo groupadd      transmission
sudo usermod -a -G transmission transmission

Since you mention getfacl: I don't have any experience with ACLs, so I wouldn't recommend it, but it's probably also possible to achieve similar effect with setfacl.

[coldfix]

(@mb720 Note that I somewhat updated the instructions of the last message, so be sure to read it from github, not only email)

[mb720]

Thanks coldfix for the reply!

Note that you also need execute permission for that user on all parent directories, e.g.:

I completely agree. I think though, that the issue has to do with mount permissions.

After restarting the Raspberry Pi, permissions look like this, as displayed with namei -l /run/media/me/my_usb/transmission/:

drwxr-xr-x root         root         /
drwxr-xr-x root         root         run
drwxr-xr-x root         root         media
drwxr-x--- root         root         me
drwxrwxrwx me           me           my_usb
drwxrwxr-x transmission transmission transmission

I'm confident that one way to solve this issue is changing the default permissions of directory /run/media/me, since doing chmod o+x /run/media/me/ lets user transmission read from and write to /run/media/me/my_usb/transmission/, achieving what I wanted.

But after restarting, the permissions of /run/media/me get changed from drwxr-x--x back to drwxr-x---.

[coldfix]

@mb720

In that case, it may be helpful for you to create a file at /etc/udev/rules.d/99-udisks2.rules containing something like this:

ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1"

And execute:

sudo mkdir -m 755 /media

This will cause udisks to mount your devices under /media/<DEVICE> - thus eliminating the parent directory /var/run/media/me that may get recreated lose your permissions when booting.

What filesystem is your USB device?

[mb720]

Adding the file /etc/udev/rules.d/99-udisks2.rules with that exact content worked great, thanks!

The USB device is formatted with ext4.