darkness

Monday, 02 January 2006

Configuring HAL

darkness @ 14:51:03

I have my GPG keys on an SD disk. When I connect the SD disk (via USB) I want that disk to be only accessible by my user. By default on FC4, when you connect a USB disk it seems to make it owned by the user “at the console” (however it determines that; it does it right in my limited experience) but readable by everyone which is not cool.

Red Hat Magazine has some help on configuring HAL which I basically followed to get what I wanted done. As root, I created /usr/share/hal/fdi/policy/95local (I think the Red Hat Magazine article suggests a different name; feel free to use whatever, but you probably want to make that number (95) in the 90s). In /usr/share/hal/fdi/policy/95local I made a file called darkness-pgp-sd.fdi:

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- --> 

<deviceinfo version="0.2">

  <!-- Default policies merged onto computer root object  -->
  <device>
    <match key="block.is_volume" bool="true">
      <match key="volume.fsusage" string="filesystem">
        <match key="volume.fstype" string="vfat">
          <match key="volume.uuid" string="64E0-F2ED">
            <merge key="volume.policy.mount_option.fmask=0177" type="bool">true</merge>
            <merge key="volume.policy.mount_option.dmask=0077" type="bool">true</merge>
        </match>
      </match>
    </match>
  </device>

</deviceinfo>

My guess is that this selects any block device which “is a volume,” which HAL knows the filesystem of to be “VFAT,” and for which the UUID is as given. I think I actually got that UUID by finding the disk in lshal before I made this configuration change. I’m sure there are other ways to read it. Then the <merge> elements specify settings to be merged with the settings from other, uh, policy files (I guess that’s what they’re called). Anything specified under volume.policy.mount_option is passed to mount. For example, here I’m saying that I want -o fmask=0177,dmask=0077 (along with whatever else is specified by other, uh, policies) passed to mount. Note that the mount option is contained entirely in the key. Presumably the key (volume.policy.mount_option...) must have a boolean value of true to be used as an option for the mount point.

After making this file I did do a service haldaemon restart. I don’t know if that was necessary. It might make some things (NetworkManager, I’m thinking of you here) go a little wonky, but it seems everything here worked out OK. After restarting hald, go ahead and connect your disk. You should get the requested mount options.

Powered by WordPress