Mounting and Allocating USB memory sticks
I'm trying to setup my TSOL 8 12/02 workstation so that all users can access a memory stick.
Through the command line I can mount the memory stick using the command :
mount -F pcfs /dev/dsk/c1t0d0s0 /dev/usb/usb0
however i have to do this in a privelaged shell otherwise I get the error
Could not open file /etc/security/tsol/vfstab_adjunct
is there a way to do this outside of the privelaged shell?
Also is there a preferred way of doing this outside of the command line? Perhaps setting up the Allocate Device similar to a floppy? If so what should the settings be for Device type, clean program, Authorizations etc.
thanks
[684 byte] By [
AAE] at [2007-11-25 23:04:13]
# 1
From what i understand only the role "admin" can mount. You should be able to give users this ability by giving them the mount right. This is done using SMC as secadmin and editing the user.Hope this helps.
# 2
You can set up the device using the device allocation manager - this is the preferred method, as giving the users the ability to run 'mount' will let them mount any device. Using device allocation, you limit their abilities to only mount this particular device.
The configuration for this in the device allocation manager should be similar to that as a floppy disk.
# 3
In the root role. using the Device Allocation Manager, I've created an entry with the following settings:
Device Name: memorystick_0
Device Type: usb
Min Label: ADMIN_LOW
Max Label: ADMIN_HIGH
Clean Program: /etc/security/lib/disk_clean
Device Map: /dev/dsk/c2t0d0s0
For Allocations From: Trusted Path
Allocatable by: All Users
When I allocate the device, the directory /memorystick is created, inside is the directory root-memorystick_0 and unnamed_memorystick which is a symobolic link to ./root-memorystick_0/unnamed_memorystick.
I'm still unable to view the contents of the memory stick. If I use
mount -F pcfs /dev/dsk/c2t0d0s0 /memorystick
the memory stick successfully mounts and I can veiw the contents.
Any suggestions?
# 4
I understnad the gui fields:
Device Name: memorystick_0
Device Type: usb
Min Label: ADMIN_LOW
Max Label: ADMIN_HIGH
Clean Program: /etc/security/lib/disk_clean
Device Map: /dev/dsk/c2t0d0s0
For Allocations From: Trusted Path
Allocatable by: All Users
in the device allocation manager.
Problem is that it does not work. Should the "Device Name" be something specific for my environment? If so, how do I ID the proper name?
The mount with priv shell doesn't work for me either.
The directory doesn't appear or at least I can't see it.
I used secadmin role from an admin user for the device allocation manager.
Please help.
# 5
For anyone who is having issues mounting a USB disk or really any removable disk, and runs across this post, here are links to a doc i wrote for someone, and a clean script to get everything going.
<a href="http://www.xinu.com/~err0r/tsol/usb_clean.tar" target="_blank">http://www.xinu.com/~err0r/tsol/usb_clean.tar</a>
<a href="http://www.xinu.com/~err0r/tsol/Trusted-Solaris-USB-Disk-Mounting-Guide.d oc" target="_blank"> http://www.xinu.com/~err0r/tsol/Trusted-Solaris-USB-Disk-Mou nting-Guide.doc</a>
Hope someone finds this helpful, i would have loved to have had it.
i also attached the files.
# 6
Actually, the Device Type is 'sd' (SCSI DISK)
also be aware that the stock 'disk_clean' script does not work for usb stick and usb hard drive type media, it uses rmmount, which has no concept of UFS.
once you have a proper clean script in place, you should not need to be in an elevated role to mount the disk,.
also take not that solaris is really picky about which memory sticks and removable hard drives it uses.
take a look at my previous post, i have a clean script and a doc on how to setup things.
