Permission problem on /media/user folder prevents me from accessing external media
When I plug in my external Hard drive, insert a DVD, or try to see what I've got on my USB drive, peculiar behavior is the usual outcome.
The filesystems mount fine. When I log in as root through sudo su, I can see the contents of the /media/casper/externaldrive perfectly fine. My user however, casper, can't. Ubuntu replies to every action that involves the location Permission denied:
casper@casper-desktop:/media$ ll /media/casper/externaldrive
ls: cannot access '/media/casper/externaldrive': Permission denied
I decided to do some digging into the permission (problems) of the /media folder. As casper, I see the following:
casper@casper-desktop:/media$ ls -alF
total 16
drwxr-xr-x 4 root root 4096 apr 21 17:47 ./
drwxr-xr-x 25 root root 4096 jul 29 15:43 ../
drwxr-x--- 3 root root 4096 aug 3 21:02 casper/
lrwxrwxrwx 1 root root 45 apr 21 17:47 .directory -> /etc/kubuntu-default-settings/directory-media
lrwxrwxrwx 1 root root 42 apr 21 17:47 .hidden -> /etc/kubuntu-default-settings/hidden-media
drwxr-xr-x 2 root root 4096 feb 29 23:56 home/
What struck me was that it said total 16, while there are only at most 6 listings. So I ran the command again, but as root. The result was the same, weird. (can anyone enlighten me on this?)
Anyway, what struck me even more was that the /media/casper directory is not mine and also can't be accessed by me. I got tempted to just chown -R the bazinkas out of it, but after I got a hold of myself I googled something like "Media user folder not mine help me".
It took a while but finally I stumbled upon this thread, where users explain the purpose of 750 root:root /media/user folders. It makes sure only root can mount, view and manage filesystems there, of which the individual permissions are changed to the actual user.
So if my information was correct, the /media/casper/externaldrive permissions should be favorable for me. I checked,
root@casper-desktop:/media/casper# ll
total 12
drwxr-x--- 3 root root 4096 aug 3 21:02 ./
drwxr-xr-x 4 root root 4096 apr 21 17:47 ../
drwxrwxrwx 1 casper casper 4096 aug 3 20:20 externaldrive/
And this seems to be the case.
So this is where I'm stuck. The filesystem has permissions for me all the way through the directory tree, yet I can't access a single file. This is the same for CD's and USB drives.
Who can help me access my precious?
Oh, and by the way. Aforementioned thread speaks of ACL on these /media/user folders, indicated by a + after the regular permissions, like drwxr-x---+ 3 root root. My system does not show this. Is ACL on these folders standard for Ubuntu or did the user have special things going on, and should I be worried that this is where my problem comes from?
Thanks for reading.
Since the permissions & ownership of /media/casper are
drwxr-x--- root root
With no + for ACLs (Access Control Lists) it's clear that only root can open, enter, read or write to this directory. Humble users like us get the permissions at the end of the string --- :(
We unprivileged folk get permission to access this location with ACLs. I am not sure why you don't have these already, but you can set them up, which may be simple or require a little tinkering:
- the
aclpackage is required (checkapt-cache policy acl) - the filesystem must be mounted with the
acloption
To check the latter (replace sdxY appropriately for your root partition):
sudo tune2fs -l /dev/sdxY | grep "Default mount options:"
should return:
Default mount options: user_xattr acl
Default mount options are set in /etc/mke2fs.conf
They may be overridden, so check:
cat /proc/mounts | grep sdxY
looks something like:
/dev/sdxY / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
The above is fine, (acl doesn't need to be mentioned) but if it says noacl you need to change it.
You can add the option to default mount options like this:
sudo tune2fs -o acl /dev/sdxY
Or you can add acl to the options for the root partition line in /etc/fstab for example:
UUID=whatever / ext4 errors=remount-ro,acl 0 1
With ACLs enabled, use setfacl to add permissions for yourself. To give username read and execute permissions on /media/casper (you need execute permission to enter a directory or search its contents):
sudo setfacl -m u:username:rx /media/casper
You can replace username with uid (probably you are 1000 - check with id command)
sudo setfacl -m u:1000:rx /media/casper
to see the ACL permissions you use getfacl like Oli did in his answer
getfacl /media/casper
To remove ACL permissions from a user
sudo setfacl -x u:username /media/casper
To clear all ACL permissions
sudo setfacl -b /media/casper
Note: I cheated and asked a question myself about why there are so many entries in /media. The answer is here
When you want to give access permission to a Windows drive from Ubuntu
The normal chmod command won't work if it is a Windows NTFS drive.
The following works for me.
Open the file /etc/mtab:
gedit /etc/mtab
Find the drive name in this file (just mouse over on drive for which you are looking for solution, in my case the GUI is showing different name and on mouse over it shows /media/user-name/drive-name)
Now in /etc/mtab:
Search the drive-name in file, and check to which drive your mounted drive is assigned (in my case - /dev/sda4)
Now mount this drive with:
sudo ntfs-3g /dev/sda4 /media/"$USER"
Now I am able to execute my executables, but I won't be able to see contents of drive-name, so I unmounted the drive and mounted it again.