# Need some advice on how to automount DVD/CD

## cwc

I've read a few post about mounting and aumounting cd/dvd's  automount-gnome  ConsoleKit and PolicyKit ?

https://forums.gentoo.org/viewtopic-t-858965.html

I would really appreciate some tips on how to do thing and along the way I will learn more about adding groups to users.  Thanks!

Here are my groups now (not good):

azzerare ~ # groups

root bin daemon sys adm disk wheel floppy dialout tape video

cwc@azzerare ~ $ groups

wheel audio users cwc

azzerare ~ # more /etc/shadow

root:$6$jbTj/ru6$9tpDu3uSjySTJSAim4NVJZGkark.GD2SuVg3yPh8pvkiq8ZsVbq2IsaBo/6puVpaFv6I6yshRvIAsRdcMEDWz0:14896:0:::::

halt:*:9797:0:::::

operator:*:9797:0:::::

shutdown:*:9797:0:::::

sync:*:9797:0:::::

bin:*:9797:0:::::

daemon:*:9797:0:::::

adm:*:9797:0:::::

lp:*:9797:0:::::

mail:*:9797:0:::::

postmaster:*:9797:0:::::

news:*:9797:0:::::

uucp:*:9797:0:::::

games:!:14903::::::

guest:*:9797:0:::::

nobody:*:9797:0:::::

sshd:!:14889::::::

cron:!:14897::::::

ldap:!:14898::::::

messagebus:!:14898::::::

polkituser:!:14902::::::

haldaemon:!:14902::::::

sabayon-admin:!:14903::::::

gdm:!:14903::::::

cwc:$6$JiLRtxHe$SNr9vExNRElF8CMICVhzHte5txgcziPmFGpf4XHJ5TXdV0HzqKUxIfSYSy8vjBaTCbPeuXL/AlmW2Htsyhmbs/:14905:0:99999:7:::

mysql:!:14924::::::

apache:!:14924::::::

ftp:!:14941::::::

named:!:14945::::::

hsqldb:!:14989::::::

----------

## NeddySeagoon

cwc,

No user should be in the disk group -ever. That bypasses all of your filesystem security as it grants low level access to your HDDs.

e.g. such users can use  to do whatever they want with a sector editor. 

Users should not be in the root group either, thats even more dangerous than being in the disk group.

DO NOT TEST THIS

Suppose a normal user does 

```
rm -rf /
```

what happens?

Said user will get a lot of permission denied errors and the content of /home/<user> will be removed along with anything owned by <user> in /tmp.

Damage is limited to the users account.

Now suppose a user in the root group does the same thing. Anything that has is group set to root will be removed and thats a lot more ugly.

There are other system trashing commands too.

Remove yourself from the root group and install sudo. Its easy to get root but you will be aware that you are root.

You need to be in the cdrom group to play audioCDs and Video DVDs. Neither are mounted for playing, you have to have write access to /dev/cdrom, so you can send it low level block read commands.

To use audio devices, like sound cards, you need to be in the audio group

If you want to do packet writing to optical media, you need cdrw.

My groups returns wheel uucp audio cdrom dialout video games cdrw roy plugdev vmware scanner polkituser vboxusers

----------

## cwc

thanks Neddy!

I removed disk group from root.  Add added cwc to the cdrom and cdrw groups.

eg:

azzerare ~ # id -nG cwc

cwc wheel audio cdrom cdrw users

azzerare ~ # 

I still can not mount the cdrw eg: mount /dev/dvdrw /mnt/dvd  does not work.

?

```
cwc@azzerare ~ $ mount /dev/cdrw /mnt/dvd/

mount: only root can do that

```

>>Remove yourself from the root group and install sudo. Its easy to get root but you will be aware that you are root.

How do I remove myself (cwc) from root?

I also need to figure out how to "sudo" I've always used "su -"

----------

## smileyguy

To let non-root users mount media, root must edit /etc/fstab to add the "users" option for the device in question.  For example, 

```
/dev/dvdrw  /mnt/dvd  auto  noauto,ro,noexec,users 0 0
```

man fstab and man mount for more information about mount options.

From your first post, it looks like your root account is in the root group, and your regular user account (cwc) is not; that's the correct setup.

----------

## cwc

 *smileyguy wrote:*   

> To let non-root users mount media, root must edit /etc/fstab to add the "users" option for the device in question.  For example, 
> 
> ```
> /dev/dvdrw  /mnt/dvd  auto  noauto,ro,noexec,users 0 0
> ```
> ...

 

No luck:  Here's my fstab

/dev/sda1   /boot	ext2    defaults,noatime     1 2

/dev/sda2   none       	swap    sw                   0 0

/dev/sda3   /          	ext3    noatime              0 1

/dev/sdb1   /space   ext3   defaults   1   2

#/dev/sdb1   /space    	ext3    defaults,errors=remount-rw 01

#/dev/cdrom  /mnt/cdrom   auto    noauto,user          0 0

proc        /proc        proc    defaults             0 0

shm         /dev/shm     tmpfs   nodev,nosuid,noexec  0 0

/dev/dvdrw  /mnt/dvd  auto  noauto,ro,noexec,users 0 0

I also re-compiled my kernel with flags I thought would help.  No luck. 

I did recently move to a new kernel.  So I probably have a missing flag somewhere.

Here are my mount commands:

azzerare ~ # mount /dev/cdrw /mnt/dvd/

mount: block device /dev/sr0 is write-protected, mounting read-only

mount: /dev/sr0: can't read superblock

azzerare ~ # mount /dev/cdr /mnt/dvd/

cdrom  cdrw   

azzerare ~ # mount /dev/cdr /mnt/dvd/

cdrom  cdrw   

azzerare ~ # mount /dev/cdrom /mnt/dvd/

mount: block device /dev/sr0 is write-protected, mounting read-only

mount: /dev/sr0: can't read superblock

azzerare ~ # exit

logout

cwc@azzerare ~ $ mount /dev/cdrw /mnt/dvd/

mount: only root can do that

cwc@azzerare ~ $

----------

## smileyguy

I think the device node and mount point in /etc/fstab have to match what you're using in the mount command, even if they're different symlinks to the same device.  So, try changing "/dev/dvdrw" to "/dev/cdrw".  That should fix the "only root can do that" message.

```
/dev/cdrw  /mnt/dvd  auto  noauto,ro,noexec,users 0 0
```

As far as your kernel configuration, under Filesystems-> CD-ROM/DVD Filesystems-> select at least "ISO 9660 CDROM file system support" and "UDF file system support".  If the filesystems are built as modules, check the output of lsmod to make sure the modules are loaded.

For the "can't read superblock", that could mean a few things.

Does dmesg contain anything useful?  Try the mount operation, and then

```
dmesg | tail
```

There's a chance it's a media problem.  Does the same error occur with different data CDs?

----------

## cwc

 *smileyguy wrote:*   

> I think the device node and mount point in /etc/fstab have to match what you're using in the mount command, even if they're different symlinks to the same device.  So, try changing "/dev/dvdrw" to "/dev/cdrw".  That should fix the "only root can do that" message.
> 
> ```
> /dev/cdrw  /mnt/dvd  auto  noauto,ro,noexec,users 0 0
> ```
> ...

 

Thanks for the line .  I updated the kernel with UDF.  ISO 9660 CDROM flag is turned on.

I can mount the cdrw with root but not a non-root user.

I'm not sure what I'm looking at here with respect to drives:

azzerare ~ # dmesg | tail

[   10.234894] kjournald starting.  Commit interval 5 seconds

[   10.235238] EXT3-fs (sdb1): using internal journal

[   10.235242] EXT3-fs (sdb1): mounted filesystem with writeback data mode

[   11.927147] dumpkeys used greatest stack depth: 3232 bytes left

[   12.432402] Adding 626528k swap on /dev/sda2.  Priority:-1 extents:1 across:626528k 

[   14.667524] eth0: link up, 100Mbps, full-duplex, lpa 0x4DE1

[   25.394012] eth0: no IPv6 routers present

[ 2029.337936] ioremap error for 0xbffb0000-0xbffb1000, requested 0x10, got 0x0

[ 2036.141645] uhci_hcd 0000:00:10.1: reserve dev 2 ep81-INT, period 8, phase 4, 93 us

[ 2079.286144] hda-intel: IRQ timing workaround is activated for card #0. Suggest a bigger bdl_pos_adj.

azzerare ~ # 

thanks again

----------

## smileyguy

 *cwc wrote:*   

> 
> 
> Thanks for the line .  I updated the kernel with UDF.  ISO 9660 CDROM flag is turned on.
> 
> I can mount the cdrw with root but not a non-root user.
> ...

 

Okay, I don't see anything to worry about in the dmesg output.  If root can mount the device, but regular users can't, even with the users option in fstab, that leads me to suspect a permissions issue.  I'm going to guess that /dev/cdrw is a symlink to the actual device node.  We need to make sure you have rw access to the device.  For example, on my system:

```
sg@sela /home $ ls -l /dev/cdrw

lrwxrwxrwx 1 root root 3 Jun 10 18:14 /dev/cdrw -> sr0
```

tells me that /dev/cdrw is a link to /dev/sr0.  (You might find it points to something else, like hdb, scd0, sg0, or sdb.  Substitute that for sr0 for the rest of the examples here.)  The permissions on /dev/sr0 are:

```
sg@sela /home $ ls -l /dev/sr0

brw-rw---- 1 root cdrom 11, 0 Jun 10 18:14 /dev/sr0
```

The parts we're interested in are the fifth and sixth characters in the first field (the group read and write permissions, r & w above), and the group (cdrom in my example).  You want to make sure that the group is set to either cdrom or cdrw, since your regular user is in both of those groups, and the group read and write permissions are set.  If not, you can change the group by typing (as root):

```
chown root:cdrom /dev/sr0
```

and you can set the permissions by typing (also as root):

```
chmod g+rw /dev/sr0
```

But making those changes as root will probably get undone when you reboot.  If the ownership and permissions are not what you want, it's probably something going wrong in a udev script, and we can look at /etc/udev/rules.d/70-persistent-cd.rules

----------

## cwc

Thank again for the help!

I am following this thread: 

Tips, and tricks for ConsoleKit/PolicyKit/udev, without hal

https://forums.gentoo.org/viewtopic-t-858965.html

then I'll work on permissions.  This error message concerns me:

 *   CONFIG_USB_SUSPEND:	 is not set when it should be.

 * Please check to make sure these options are set correctly.

 * Failure to do so may cause unexpected problems.

This was after I # emerge -av gnome-base/gvfs sys-fs/udisks sys-power/upower sys-auth/polkit 

I could not find  CONFIG_USB_SUSPEND in my .conf file.

This could be a bug.

https://bugs.gentoo.org/show_bug.cgi?id=351969

----------

## cwc

But making those changes as root will probably get undone when you reboot.  If the ownership and permissions are not what you want, it's probably something going wrong in a udev script, and we can look at /etc/udev/rules.d/70-persistent-cd.rules[/quote]

I've gone though https://forums.gentoo.org/viewtopic-t-858965-highlight-.html

Here is my udev:

azzerare rules.d # more 70-persistent-cd.rules 

# This file was automatically generated by the /lib64/udev/write_cd_rules

# program, run by the cd-aliases-generator.rules rules file.

#

# You can modify it, as long as you keep each rule on a single

# line, and set the $GENERATED variable.

# DVD_Writer_1260t (pci-0000:00:0f.0-scsi-3:0:0:0)

SUBSYSTEM=="block", ENV{ID_CDROM}=="?*", ENV{ID_PATH}=="pci-0000:00:0f.0-scsi-3:0:0:0", SYMLINK+="cdrom", ENV{GENERATED}="1"

SUBSYSTEM=="block", ENV{ID_CDROM}=="?*", ENV{ID_PATH}=="pci-0000:00:0f.0-scsi-3:0:0:0", SYMLINK+="cdrw", ENV{GENERATED}="1"

SUBSYSTEM=="block", ENV{ID_CDROM}=="?*", ENV{ID_PATH}=="pci-0000:00:0f.0-scsi-3:0:0:0", SYMLINK+="dvd", ENV{GENERATED}="1"

SUBSYSTEM=="block", ENV{ID_CDROM}=="?*", ENV{ID_PATH}=="pci-0000:00:0f.0-scsi-3:0:0:0", SYMLINK+="dvdrw", ENV{GENERATED}="1"

And 

cwc@azzerare ~ $  ck-list-sessions 

Session3:

	unix-user = '1001'

	realname = '(null)'

	seat = 'Seat1'

	session-type = ''

	active = FALSE

	x11-display = ':0.0'

	x11-display-device = '/dev/tty7'

	display-device = '/dev/pts/0'

	remote-host-name = ''

	is-local = TRUE

	on-since = '2011-06-15T20:23:49.451047Z'

	login-session-id = '1'

Session1:

	unix-user = '1001'

	realname = '(null)'

	seat = 'Seat1'

	session-type = ''

	active = FALSE

	x11-display = ''

	x11-display-device = ''

	display-device = '/dev/tty1'

	remote-host-name = ''

	is-local = TRUE

	on-since = '2011-06-15T19:55:37.749011Z'

	login-session-id = '1'

	idle-since-hint = '2011-06-15T19:56:17.258572Z'

Session2:

	unix-user = '1001'

	realname = '(null)'

	seat = 'Seat1'

	session-type = ''

	active = TRUE

	x11-display = ':0'

	x11-display-device = '/dev/tty7'

	display-device = '/dev/tty1'

	remote-host-name = ''

	is-local = TRUE

	on-since = '2011-06-15T19:55:51.381811Z'

	login-session-id = '1'

cwc@azzerare ~ $ 

Hmmm.  I'm not sure why Ihave 3 sessions after staring gnome?

I still can not mount a usb stick or a cd/dvd  from a non root user.

----------

## curmudgeon

 *NeddySeagoon wrote:*   

> 
> 
> Suppose a normal user does 
> 
> ```
> ...

 

That's not correct at all. There are very few files on a (normal) system that are root group AND group writable.

In fact, a search on one of my systems yields:

```

# find / -group root -perm -020 ! -type l

/var/tmp

/var/run/xdmctl/dmctl-:0/socket

/var/run/xdmctl/dmctl/socket

/var/run/dbus/system_bus_socket

/sys/devices/pci0000:00/0000:00:00.0/remove

/sys/devices/pci0000:00/0000:00:00.0/rescan

/sys/devices/pci0000:00/0000:00:01.0/remove

/sys/devices/pci0000:00/0000:00:01.0/rescan

/sys/devices/pci0000:00/0000:00:02.0/remove

/sys/devices/pci0000:00/0000:00:02.0/rescan

/sys/devices/pci0000:00/0000:00:02.1/remove

/sys/devices/pci0000:00/0000:00:02.1/rescan

/sys/devices/pci0000:00/0000:00:1a.0/remove

/sys/devices/pci0000:00/0000:00:1a.0/rescan

/sys/devices/pci0000:00/0000:00:1a.1/remove

/sys/devices/pci0000:00/0000:00:1a.1/rescan

/sys/devices/pci0000:00/0000:00:1a.7/remove

/sys/devices/pci0000:00/0000:00:1a.7/rescan

/sys/devices/pci0000:00/0000:00:1b.0/remove

/sys/devices/pci0000:00/0000:00:1b.0/rescan

/sys/devices/pci0000:00/0000:00:1c.0/remove

/sys/devices/pci0000:00/0000:00:1c.0/rescan

/sys/devices/pci0000:00/0000:00:1c.4/remove

/sys/devices/pci0000:00/0000:00:1c.4/rescan

/sys/devices/pci0000:00/0000:00:1c.4/0000:03:00.0/remove

/sys/devices/pci0000:00/0000:00:1c.4/0000:03:00.0/rescan

/sys/devices/pci0000:00/0000:00:1d.0/remove

/sys/devices/pci0000:00/0000:00:1d.0/rescan

/sys/devices/pci0000:00/0000:00:1d.1/remove

/sys/devices/pci0000:00/0000:00:1d.1/rescan

/sys/devices/pci0000:00/0000:00:1d.2/remove

/sys/devices/pci0000:00/0000:00:1d.2/rescan

/sys/devices/pci0000:00/0000:00:1d.7/remove

/sys/devices/pci0000:00/0000:00:1d.7/rescan

/sys/devices/pci0000:00/0000:00:1e.0/remove

/sys/devices/pci0000:00/0000:00:1e.0/rescan

/sys/devices/pci0000:00/0000:00:1f.0/remove

/sys/devices/pci0000:00/0000:00:1f.0/rescan

/sys/devices/pci0000:00/0000:00:1f.2/remove

/sys/devices/pci0000:00/0000:00:1f.2/rescan

/sys/devices/pci0000:00/0000:00:1f.3/remove

/sys/devices/pci0000:00/0000:00:1f.3/rescan

/sys/devices/pci0000:00/0000:00:1f.5/remove

/sys/devices/pci0000:00/0000:00:1f.5/rescan

/sys/bus/pci/rescan

/dev/log

/dev/tty8

/dev/tty0

/dev/zero

/dev/urandom

/dev/random

/dev/full

/dev/shm

/dev/null

/usr/lib/libreoffice/share/extensions/pdfimport/xpdfimport

/tmp

/tmp/.ICE-unix

/tmp/.X11-unix

/tmp/.X11-unix/X0

```

Some of those are definitely bugs (ie. installed with incorrect permissions), and may of the remainder are world writable (the temporary directories). I have no idea what the (non-readable) remove and rescan files do, but simply attempting to remove these files seems unlikely to do much damage that can't be readily repaired.

I am in the root group on all of my machines, since it provides (with the proper setup) a way of viewing log files WITHOUT becoming root. In my opinion, being root is far more dangerous than being in the root group.

----------

## cwc

 *curmudgeon wrote:*   

>  *NeddySeagoon wrote:*   
> 
> Suppose a normal user does 
> 
> ```
> ...

 

thanks for the post!

here are my current groups:

cwc@azzerare ~ $ groups

wheel audio cdrom cdrw users plugdev polkituser cwc

What I'm reading is if I add "root" I should be fine, considering my gentoo system is a mixed client/server system that I use 99.9% of the time.

I could do the following:

usermod -G cwc,wheel,audio,users,cdrom,cdrw,polkituser, plugdev,root cwc

----------

## curmudgeon

 *cwc wrote:*   

> What I'm reading is if I add "root" I should be fine, considering my gentoo system is a mixed client/server system that I use 99.9% of the time.

 

I believe so. The biggest practical difference is that you will be able to read root:root 640 files (which you can set up your logging daemon to write your log files as). You will still get a lot of "permission denied" errors, which is fine - some things you really should become root for (but reading log files is not one of them).

----------

## ppurka

 *cwc wrote:*   

> But making those changes as root will probably get undone when you reboot.  If the ownership and permissions are not what you want, it's probably something going wrong in a udev script, and we can look at /etc/udev/rules.d/70-persistent-cd.rules
> 
> I've gone though https://forums.gentoo.org/viewtopic-t-858965-highlight-.html
> 
> ...
> ...

 Did you try this?

https://forums.gentoo.org/viewtopic-p-6551751.html#6551751

----------

