Permissions
允許普通使用者寫入間歇性塊設備
我目前做了很多從硬碟複製磁碟映像的工作。它們通常通過 USB 連接。
通常普通使用者無法寫入塊設備,所以我以 root 身份執行所有操作。我擔心有一天我可能會
/dev/sda在我真正想說的時候誤寫信/dev/sds。有沒有辦法告訴 GNU/Linux “防寫”
/dev/sda?或者可能是一種允許組中的使用者寫入所有 USB 塊設備的方法usbwriters?我可以輕鬆列出我想要防寫的塊設備。但是,我無法列出我想要寫入的設備,因為它們通常是使用 USB 臨時連接的。
這是其中一台設備的 udev 輸出:
# /sbin/udevadm info -a -p $(/sbin/udevadm info -q path -n /dev/sdn) Udevadm info starts with the device specified by the devpath and then walks up the chain of parent devices. It prints for every device found, all possible attributes in the udev rules key format. A rule to match, can be composed by the attributes of the device and the attributes from one single parent device. looking at device '/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/host16/target16:0:0/16:0:0:1/block/sdn': KERNEL=="sdn" SUBSYSTEM=="block" DRIVER=="" ATTR{alignment_offset}=="0" ATTR{capability}=="d1" ATTR{discard_alignment}=="0" ATTR{events}=="media_change" ATTR{events_async}=="" ATTR{events_poll_msecs}=="-1" ATTR{ext_range}=="256" ATTR{hidden}=="0" ATTR{inflight}==" 0 0" ATTR{range}=="16" ATTR{removable}=="1" ATTR{ro}=="0" ATTR{size}=="13563904" ATTR{stat}==" 77 0 4168 224 0 0 0 0 0 140 224" looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/host16/target16:0:0/16:0:0:1': KERNELS=="16:0:0:1" SUBSYSTEMS=="scsi" DRIVERS=="sd" ATTRS{blacklist}=="FORCELUN" ATTRS{device_blocked}=="0" ATTRS{device_busy}=="0" ATTRS{dh_state}=="detached" ATTRS{eh_timeout}=="10" ATTRS{evt_capacity_change_reported}=="0" ATTRS{evt_inquiry_change_reported}=="0" ATTRS{evt_lun_change_reported}=="0" ATTRS{evt_media_change}=="0" ATTRS{evt_mode_parameter_change_reported}=="0" ATTRS{evt_soft_threshold_reached}=="0" ATTRS{inquiry}=="" ATTRS{iocounterbits}=="32" ATTRS{iodone_cnt}=="0x81" ATTRS{ioerr_cnt}=="0x1" ATTRS{iorequest_cnt}=="0x81" ATTRS{max_sectors}=="240" ATTRS{model}=="USB Flash Disk " ATTRS{queue_depth}=="1" ATTRS{queue_type}=="none" ATTRS{rev}=="1100" ATTRS{scsi_level}=="5" ATTRS{state}=="running" ATTRS{timeout}=="30" ATTRS{type}=="0" ATTRS{vendor}=="General " looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/host16/target16:0:0': KERNELS=="target16:0:0" SUBSYSTEMS=="scsi" DRIVERS=="" looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/host16': KERNELS=="host16" SUBSYSTEMS=="scsi" DRIVERS=="" looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0': KERNELS=="3-1:1.0" SUBSYSTEMS=="usb" DRIVERS=="usb-storage" ATTRS{authorized}=="1" ATTRS{bAlternateSetting}==" 0" ATTRS{bInterfaceClass}=="08" ATTRS{bInterfaceNumber}=="00" ATTRS{bInterfaceProtocol}=="50" ATTRS{bInterfaceSubClass}=="06" ATTRS{bNumEndpoints}=="02" ATTRS{supports_autosuspend}=="1" looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3/3-1': KERNELS=="3-1" SUBSYSTEMS=="usb" DRIVERS=="usb" ATTRS{authorized}=="1" ATTRS{avoid_reset_quirk}=="0" ATTRS{bConfigurationValue}=="1" ATTRS{bDeviceClass}=="00" ATTRS{bDeviceProtocol}=="00" ATTRS{bDeviceSubClass}=="00" ATTRS{bMaxPacketSize0}=="64" ATTRS{bMaxPower}=="300mA" ATTRS{bNumConfigurations}=="1" ATTRS{bNumInterfaces}==" 1" ATTRS{bcdDevice}=="1100" ATTRS{bmAttributes}=="80" ATTRS{busnum}=="3" ATTRS{configuration}=="" ATTRS{devnum}=="29" ATTRS{devpath}=="1" ATTRS{idProduct}=="1000" ATTRS{idVendor}=="090c" ATTRS{ltm_capable}=="no" ATTRS{manufacturer}=="General" ATTRS{maxchild}=="0" ATTRS{product}=="USB Flash Disk" ATTRS{quirks}=="0x0" ATTRS{removable}=="removable" ATTRS{serial}=="FBK1611110100145" ATTRS{speed}=="480" ATTRS{urbnum}=="981" ATTRS{version}==" 2.00" looking at parent device '/devices/pci0000:00/0000:00:14.0/usb3': KERNELS=="usb3" SUBSYSTEMS=="usb" DRIVERS=="usb" ATTRS{authorized}=="1" ATTRS{authorized_default}=="1" ATTRS{avoid_reset_quirk}=="0" ATTRS{bConfigurationValue}=="1" ATTRS{bDeviceClass}=="09" ATTRS{bDeviceProtocol}=="01" ATTRS{bDeviceSubClass}=="00" ATTRS{bMaxPacketSize0}=="64" ATTRS{bMaxPower}=="0mA" ATTRS{bNumConfigurations}=="1" ATTRS{bNumInterfaces}==" 1" ATTRS{bcdDevice}=="0415" ATTRS{bmAttributes}=="e0" ATTRS{busnum}=="3" ATTRS{configuration}=="" ATTRS{devnum}=="1" ATTRS{devpath}=="0" ATTRS{idProduct}=="0002" ATTRS{idVendor}=="1d6b" ATTRS{interface_authorized_default}=="1" ATTRS{ltm_capable}=="no" ATTRS{manufacturer}=="Linux 4.15.0-96-generic xhci-hcd" ATTRS{maxchild}=="4" ATTRS{product}=="xHCI Host Controller" ATTRS{quirks}=="0x0" ATTRS{removable}=="unknown" ATTRS{serial}=="0000:00:14.0" ATTRS{speed}=="480" ATTRS{urbnum}=="918" ATTRS{version}==" 2.00" looking at parent device '/devices/pci0000:00/0000:00:14.0': KERNELS=="0000:00:14.0" SUBSYSTEMS=="pci" DRIVERS=="xhci_hcd" ATTRS{broken_parity_status}=="0" ATTRS{class}=="0x0c0330" ATTRS{consistent_dma_mask_bits}=="64" ATTRS{d3cold_allowed}=="1" ATTRS{device}=="0x1e31" ATTRS{dma_mask_bits}=="64" ATTRS{driver_override}=="(null)" ATTRS{enable}=="1" ATTRS{irq}=="24" ATTRS{local_cpulist}=="0-7" ATTRS{local_cpus}=="ff" ATTRS{msi_bus}=="1" ATTRS{numa_node}=="-1" ATTRS{revision}=="0x04" ATTRS{subsystem_device}=="0x0686" ATTRS{subsystem_vendor}=="0x1025" ATTRS{vendor}=="0x8086" looking at parent device '/devices/pci0000:00': KERNELS=="pci0000:00" SUBSYSTEMS=="" DRIVERS==""
解決方案是將此行添加到“/etc/udev/rules.d/99-local.rules”:
KERNEL=="sd[a-z]*", SUBSYSTEMS=="usb", MODE="660", GROUP="plugdev"@StephenKitt 回答的變化是:
- 的去除
ATTR{removable}=="1"。如果ATTR{removable}=="1"包含,則分區 (/dev/sdn1) 不會受到影響。- 把它放在 99-local… 而不是 01-local… 因為否則 group 將被覆蓋在 50-…
(
udevadm test $(udevadm info -q path -n /dev/sdn)對於解決這個問題絕對至關重要。感謝@StephenKitt)。
usbwriters我不會嘗試保護設備不受 root 影響,而是使用udev諸如以下的規則確保可移動 USB 設備節點可按組寫入KERNEL=="sd[a-z]*", ATTR{removable}=="1", SUBSYSTEMS=="usb", MODE="660", GROUP="usbwriters"將其添加到某處
/etc/udev/rules.d(我有一個01-local.rules本地規則文件),然後將自己添加到您使用的組中。