However, when I tried to add a second drive to the mix is where I became lost. Could you please provide more direction on the autofs settings to add a second USB drive. I was able to format the second drive and get the UUID #, however, from there I am not sure if I need to create a second auto.usbdrive file or where to go. To test the USB configuration, plug in the USB device. Use dmesg to confirm that the drive appears in the system message buffer. It should look something like this: umass0: Drive, class 0/0, rev 2.00/1.04, addr 3 on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x0100 umass0:4:0:-1: Attached to scbus4 da0 at umass-sim0 bus 0 scbus4 target 0 lun 0 da0: Drive 1.04.
Many external storage solutions, such as hard drives, USB thumbdrives, and CD and DVD burners, use the Universal Serial Bus (USB). FreeBSD provides support for USB 1.x, 2.0, and 3.0 devices. https://torrentimmo.mystrikingly.com/blog/quarkxpress-2015-11-0-0-1-download-free.
Note:
USB 3.0 support is not compatible with some hardware, including Haswell (Lynx point) chipsets. Most up to date adobe reader. If FreeBSD boots with a failed with error 19 message, disable xHCI/USB3 in the system BIOS.
Support for USB storage devices is built into the GENERIC
kernel. For a custom kernel, be sure that the following lines are present in the kernel configuration file:
FreeBSD uses the umass(4) driver which uses the SCSI subsystem to access USB storage devices. Since any USB device will be seen as a SCSI device by the system, if the USB device is a CD or DVD burner, do not include device atapicam
in a custom kernel configuration file.
The rest of this section demonstrates how to verify that a USB storage device is recognized by FreeBSD and how to configure the device so that it can be used.
USB 3.0 support is not compatible with some hardware, including Haswell (Lynx point) chipsets. Most up to date adobe reader. If FreeBSD boots with a failed with error 19 message, disable xHCI/USB3 in the system BIOS.
Support for USB storage devices is built into the GENERIC
kernel. For a custom kernel, be sure that the following lines are present in the kernel configuration file:
FreeBSD uses the umass(4) driver which uses the SCSI subsystem to access USB storage devices. Since any USB device will be seen as a SCSI device by the system, if the USB device is a CD or DVD burner, do not include device atapicam
in a custom kernel configuration file.
The rest of this section demonstrates how to verify that a USB storage device is recognized by FreeBSD and how to configure the device so that it can be used.
To test the USB configuration, plug in the USB device. Use dmesg
to confirm that the drive appears in the system message buffer. It should look something like this:
The brand, device node (da0
), speed, and size will differ according to the device.
PCManFMis A Lightweight File Manager With Built-in Support For Accessing Remote Shares
Since the USB device is seen as a SCSI one, camcontrol
can be used to list the USB storage devices attached to the system:
Alternately, usbconfig
can be used to list the device. Refer to usbconfig(8) for more information about this command.
If the device has not been formatted, refer to Section 17.2, 'Adding Disks' for instructions on how to format and create partitions on the USB drive. If the drive comes with a file system, it can be mounted by root
using the instructions in Section 3.7, 'Mounting and Unmounting File Systems'.
Warning:
Cached
Allowing untrusted users to mount arbitrary media, by enabling vfs.usermount
as described below, should not be considered safe from a security point of view. Most file systems were not built to safeguard against malicious devices.
To make the device mountable as a normal user, one solution is to make all users of the device a member of the operator
group using pw(8). Next, ensure that operator
is able to read and write the device by adding these lines to /etc/devfs.rules
:
Note:
If internal SCSI disks are also installed in the system, change the second line as follows:
This will exclude the first three SCSI disks (da0
to da2
)from belonging to the operator
group. Replace 3
with the number of internal SCSI disks. Refer to devfs.rules(5) for more information about this file.
Next, enable the ruleset in /etc/rc.conf
:
Then, instruct the system to allow regular users to mount file systems by adding the following line to /etc/sysctl.conf
:
Since this only takes effect after the next reboot, use sysctl
to set this variable now:
The final step is to create a directory where the file system is to be mounted. This directory needs to be owned by the user that is to mount the file system. One way to do that is for root
to create a subdirectory owned by that user as /mnt/
. In the following example, replace username
username
with the login name of the user and usergroup
with the user's primary group:
Suppose a USB thumbdrive is plugged in, and a device /dev/da0s1
appears. If the device is formatted with a FAT file system, the user can mount it using:
Before the device can be unplugged, it must be unmounted first:
After device removal, the system message buffer will show messages similar to the following:
USB devices can be automatically mounted by uncommenting this line in /etc/auto_master
: https://atomicdownload.mystrikingly.com/blog/play-playstation-1-games-on-mac.
Then add these lines to /etc/devd.conf
:
Reload the configuration if autofs(5) and devd(8) are already running:
autofs(5) can be set to start at boot by adding this line to /etc/rc.conf
:
autofs(5) requires devd(8) to be enabled, as it is by default.
Start the services immediately with:
Each file system that can be automatically mounted appears as a directory in /media/
. The directory is named after the file system label. Carrot weather 1 3 4 days. If the label is missing, the directory is named after the device node.
The file system is transparently mounted on the first access, and unmounted after a period of inactivity. Automounted drives can also be unmounted manually:
This mechanism is typically used for memory cards and USB memory sticks. It can be used with any block device, including optical drives or iSCSILUNs.
My big project for 2014 was the new FreeBSD automounter. Like any proper FreeBSD Foundation sponsored project, it included the usual kind of documentation - man pages and the Handbook chapter. But there is no document that shows how it works inside, from the advanced system administrator or a power user point of view.
So, here it is. The article demonstrates how modular the automounter is, and how easy it is to adopt to any mount-related situation you might have, using recently added removable media support as an example. (And it shows some related mechanisms as a bonus.)
autofs(5) Basics
The purpose of autofs(5) is to mount filesystems on access, in a way that's transparent to the application. In other words, filesystems get mounted when they are first accessed, and then unmounted after some time passes. The application trying to access the filesystem doesn't even notice this event, apart from a slight delay on first access. It's a mechanism similar to ones available in other systems, in particular to OS X. It's a completely independent implementation, it's just that OS X is the other operating system I use.
Automounting requires cooperation of four things: the kernel filesystem, autofs.ko, which is responsible, among other things, for 'pausing' the application until the filesystem is actually there; the automountd(8) daemon, which is the component that retrieves configuration information from maps (this includes fetching it from remote sources, such as LDAP) and actually mounts the filesystems; the automount(8) utility for various administrative purposes; and then the autounmountd(8) daemon to, well, unmount the filesystems mounted by automountd(8) after a timeout.
Setting it up is fairly simple: you obviously need to have autofs(5) enabled in /etc/rc.conf:
And you need to have the autofs(5) daemons running - just like other daemons in FreeBSD those will get started at system bootup if autofs_enable was set; otherwise you need to start them by hand:
# /etc/rc.d/automount start
# /etc/rc.d/automountd start
# /etc/rc.d/autounmountd start
The kernel driver will get loaded automatically, you can see it in kldstat(8) output.
autofs(5) and Removable Media
Note that at the time of this writing, this is only available in FreeBSD 11-CURRENT. This will change soon.
The main configuration file for autofs(5) is /etc/auto_master; you need to uncomment this line:
This basically says that there is a /media directory, and automount will mount the '-media' map there, and everything that gets mounted there will have the 'nosuid' mount option, for security reasons.
If you already had autofs(5) running before uncommenting the line, you must refresh its configuration by running automount(8) as root; run it as
automount -v
for a detailed explanation of what it does. It looks like this:If you run mount(8), you will see so called 'trigger nodes' of type autofs(5):
Basic usage
With all that done, plug a drive into USB, and here is what happens in a real-world case:
Two things to notice here: first, the 'ADATA UFD' is a factory default filesystem label on the flash drive. If there was no filesystem label, autofs(5) would use device name instead - in this case, that would be da0s1. Second, if you don't want to wait for autounmountd(8) to unmount the automounted volume, you can use
automount -u
. Or automount -fu
, if you want to force unmount.Not So Basic Usage
Take a close look at the directory listing for /media in previous example. Did you notice the md0 there? It looks like a device node for memory disk (md(4)), but is a directory. That's a leftover from my earlier experimentation, and shows an interesting feature of autofs(5)-based automounter: it's not limited to removable media, it can mount everything that's available for mounting. In this case it's a memory disk (kind of ramdisk, see mdconfig(8)). It can also be an iSCSI LUN. And, of course, a removable media. How does that work?
GEOM
In FreeBSD, GEOM is a name of what could otherwise be called a block device layer. It's a piece of code that manages all the 'disk-like devices', both physical and virtual: SATA/SAS/FC/NVME/USB drives, memory disks, iSCSI LUNs, partitions, encrypted GELI volumes, etc.
GEOM has another meaning: an instance of GEOM class. The 'class' here means the 'kind' of device, and the instance is an actual device of that kind. It's easiest to explain it with an example:
See? I've used the geom(8) command to get the information about two GEOM classes: 'disk', and 'part'. The first one returned information about three instances of the disk class: the DVD drive, the SSD, and the flash. The second one returned information on the partitions known to the system. Everything that is potentially mountable - a physical disk, a partition, encrypted ELI volume, multipath device, RAID3 volume, memory disks, even volume labels - it all has its GEOM class and can be queried in a similar way. To see all the GEOM instances in the running system, use:
# sysctl kern.geom.conftxt
Now, notice the 'Mode' lines. Like the one for ada0: 'r2w2e3'. Those are three usage counters for ada0 GEOM: read, write, and exclusive. They are non-zero, because ada0 is used: there are three partitions on it; three instances of PART GEOM class hold it opened. The partitions, just like any other GEOM nodes, have their own counters. Take a look at the first one, ada0p1: the mode there is 'r0w0e0'. This means it's not open by anything. It's, in other words, available for mounting. If you check the MD geom class:
You will see the same thing: it's not opened. That's the first thing the autofs(5) '-media' map checks for: zero access counts; if the counts are not zero, it means the node is used by something: it's either mounted (like ada0p2, mounted on /), or there is something 'on top of it' - like ada0.
But why there is no /media/ada0p1? Because it's not mountable; there is no filesystem there. It's a boot loader partition. How does autofs(5) figure it out?
fstyp(8)
Before we can do anything with a filesystem, we need to determine what kind of filesystem it is - and whether it actually is a supported filesystem in the first place. That means we need a piece of code that can take a look at it and determine if it has a format it recognizes.
It is possible to use file(1) for this, e.g.:
# file -s /dev/md0
vermaden's sysutils/automount port uses this approach. There are a few problems with doing it this way, though. First, the output, for a typical FAT filesystem, looks like this:
It's not particularly easy to parse. It's even harder to extract the volume label.
Second, file(1) can recognize all kinds of file types, from JPEG to 6502 assembly. This means that if there are some strange data on the removable media, instead of a filesystem we expect, the file(1) will output something our script wasn't tested against, making the first problem even harder.
Third, file(1) had its share of security bugs, e.g. CVE-2014-1943, CVE-2014-9620, or CVE-2014-3710.
For this reason I've decided the proper fix would be to just write a new utility. The strange name - fstyp(8) - comes from the utility of the same name, installed by default on Solaris, IRIX, OS X, and perhaps most other UNIX systems.
The fstyp(8) addresses the file(1) issues: the output is easily parseable (just a filesystem name, one word), it only recognizes filesystems supported by FreeBSD, and uses Capsicum sandboxing to make sure that even if there is a vulnerability, its impact is limited to incorrectly reporting the filesystem type. It's a good topic for another article, but in short - in FreeBSD, every process can enter what's called a 'capability mode'. It's one way - a process can enter it, but there is no way to exit it. Child processes inherit the mode. In capability mode, kernel will deny all attempts to open new files, create sockets, attach the shared memory segments etc., but the process is pretty much free to do anything it likes with the file descriptors it already had opened before entering the capability mode - and it can receive other file descriptors over a UNIX socket. So, the fstyp(8) utility opens the device file, then calls cap_enter(2), which switches it into capability mode, and then continues execution, reading from the device to determine what's there. Should it be compromised, it won't be able to execute /bin/sh, it won't be able to open a socket to transmit the data to some external host, etc.
The '-media' Map
Those are the components underneath the autofs(5), but how does it fit together? Let's start with the actual map. In FreeBSD, special maps (the ones with names starting with '-') are just executables in /etc/autofs/:
See the special_media? That's the one. It's a shell script. The reason it's in /etc is that the system administrator can modify it if required, or add new special maps.
Now, let's try to run it by hand, as root:
That's exactly how automountd(8) uses it, after the kernel component notifies it that it needs the /media directory taken care of. It's described in more detail in the auto_master(5) manual page. The shell script is pretty well commented, and I don't think there is any point in explaining it here.
Bottom line:
The core autofs itself doesn't know anything about removable devices; the special map '-media' does: it queries GEOM for the list of all disk-like nodes that are not in use, and then uses fstyp(8) to determine whether they contain a useful filesystem. UNIX. Modularity. Plain text. ;-)
Cache
Now, let's create a second memory disk, 1GB in size (the '1g' below) to see if it all works as intended:
Whoops. Where is /media/md1?
There is one more mechanism for the whole thing to work correctly: the autofs(5) cache needs to be dealt with.
The first paragraph mentioned that it's automountd(8) that does all the map parsing - including running the /etc/autofs/special_media - and actual mounting. Doing it every time someone accesses the /media directory - or any directory, for that matter - would kill performance. For this reason, after the kernel component asks the automountd(8) to do its magic, it doesn't do that again until some time later. In most cases it doesn't matter - the list of NFS exports for a given host doesn't change too often - but in case of removable media it's not acceptable. The cache needs to be flushed, using
automount -c
. After that, the subsequent lookup in /media will trigger automountd(8), which will query the devices list and refresh the directory contents.This obviously needs to happen automatically. And if you actually went and opened /etc/auto_master in a text editor, you would have noticed this:
The devd(8) is a daemon responsible for listening for notifications from the kernel and running whatever is configured in its config, /etc/devd.conf. There are all kinds of things there, from running utilities to upload firmware for various USB devices, to launch moused(8) when a mouse gets connected, to switching power profiles, to. discarding autofs(5) caches. It looks like this:
If you do
man devd.conf
, you will see the description of those events. Note that, just like the '-media' map works the same way for flash drives and encrypted volumes over multipath over iSCSI, this mechanism does not care about any specific hardware either.Caveats
Two, really. First: you need to run 11-CURRENT. Second: the nodes in /media never disappear. I expect to merge this support to 10-STABLE after the second issue is addressed.
Continue reading.