Computer Laboratory

Access to removable media (floppies and CDs) under Fedora Linux

Introduction

This document describes how to access Removable Media on Lab Fedora machines, such as Floppies and CDs.

There are three basic ways of accessing data on removable media:

Explicit mounting (mount / umount)

Any lines in /etc/fstab which have the  user or owner flag can be mounted (respectively by anyone or just the owner, which may be the user logged in at the X console) by using the mount command, and unmounted by the umount command.

Either the device name (/dev/cdrom) or the mount point (/media/cdrecorder, /mnt/cdrom, etc.) can be used. In some cases (such as USB devices) the device name may change, so there may be multiple device names for the same mount point (e.g. /dev/sda1, /dev/sdb1 and /dev/sdc1). If the mount does not work, try all the device names in turn. If the device isn't available (use "ls /dev/sda1" to check. See also "grep sda1 /proc/partitions" and "cat /proc/scsi/scsi"), it can be created using "cl-asuser mknod /dev/sdc1 b 8 33".

See User configuration page for details of creating mount points on old FC3 systems.

Some "window managers" (e.g. KDE, GNOME and xfce) notice when new devices appear and install icons which allow the new device to be explicity mounted or unmounted, or mount and open the device.

For users not using such a window manager (e.g. if logged in via ssh, running a script from a cron job, or using a window manager which just manages windows), the rpm pmount should be loaded, allowing users to manually mount or unmount removable media.

Direct access without mounting (mtools for floppies)

mtools accesse the raw data directly, so there is no mount or unmount.

Automatic mounting (auto mounter)

If an auto mounter is configured to access the device, accing the file's path name causes the automounter to mount the device. This is not used on recent Lab systems.

Burning CDs and DVDs

Writing a CD or DVD is a two stage process. First the image has to be generated, then the image has to be written to disc. No special privs should be needed to do the first part. It should be possible to use the command line tool mkisofs command on any machine to generate an iso image, e.g. `mkisofs -r -J -hide-joliet-trans-tbl -o iso-image src-dir' which writes the CONTENTS of src-dir, but not the directory itself.
An alternative is to use the GUI k3b. A user reports:

You can use k3b to make a CD image. First click on the burn button. You will then get a warning that you can only create a CD image since there is no usable writer. After that a dialog box appears, under the "writing" tab there are a couple items grouped under "options", one of the is "Only Create Image". Then in the box for "write image file to" you simply enter in the directory to write the image, and click on "burn". Note that "save" doesn't save the image, it only saves the settings.

With a suitable fstab entry, it can then be tested before burning.

Background on security problems – a tarpit

Writing a disc requires certains privs. Depending on the distribution, kernel, etc, his may be achieved by:
  1. the user has logged in at the console and been made the owner of the device
  2. the device having been set to be world writable
  3. the programme being run under sudo
  4. the programme being run setuid root
Under 2.6 and later kernels (run `uname -r' to display the current kernel), having write access to the device is not sufficient, as certain calls need special privs as they can effect other devices, so having write access to the device (first two techniques above) may not be sufficient.

cdrecord is a proper un*x command which does just one simple action, write a disc, so can be run under sudo (so long as env_reset is set) but not setuid (as env vars can be set to make it run other programmes), so can use the third technique above.

growisofs on the other hand combines generating the ISO image with writing the disc, so must not be run under sudo (it refuses to) as it would read files as root. However, if run setuid root, it can drop privs before generating the image, so can use the fourth technique above.

As such programmes to write discs my need to be run when logged in at the console, may need to be setuid or may need to be run under sudo, depending on the distribution, kernel and command used.

Burning a CD

To actually write a CD from Linux use the cdrecord command on a machine with suitable hardware, e.g. `cdrecord -v iso-image' (or may need `sudo cdrecord -v iso-image'). If /etc/cdrecord.conf doesn't have a suitable CDR_DEVICE line, discover the CD id using `cdrecord -scanbus' and then use a command such as `cdrecord -v dev=/dev/cdrom iso-image' or `cdrecord -v dev=a,b,c iso-image'.
If it is not run under sudo, write access is needed for the device. On 2.6 and later kernels, /dev/cdrom should normally be allocated to the user who logins in at the X console. On earlier kernels, /dev/sg0 needs to be user writable.

If the files and writer are on the same machine, there is no need for generating the iso image on disc, and a pipe can be used. There should not be a problem with under-run. e.g. `mkisofs -r -J -hide-joliet-trans-tbl src-dir | cdrecord -v -'.

Burning a DVD

The local script cl-writedvdimage is a wrapper capable of being run under sudo to simply copy an image to a DVD. Normal use is `sudo cl-writedvdimage iso-image', but more infor is available by running `cl-writedvdimage -help. A user has reported that `cdrecord -v -sao iso-image' writes the data, but when this was tried, the result was not readable.

It happily rewrites DVD+RW, but not DVD-RW.

The above should be sufficient for most users, but those wanting the full gory details can read the rest of this subsection ...

To write a DVD, as of 2005/08 cdrecord (and dvdrecord) appears not to work with the default settings (Sense Code: 0x30 Qual 0x05 (cannot write medium – incompatible format) Fru 0x0), but writes with the "-sao", although attempts to read such a disc appear to fail. growisofs is also known to work. Its expected use is as a fontend to mkisofs, but using peculiar syntax, it can be used to burn an existing image. The man page's example is `growisofs -dvd-compat -Z /dev/dvd=image.iso' which writes image.iso to the DVD. Even more obscrure is that `/some/cmd | growisofs -Z /dev/scd0=/dev/fd/0' is needed to use it as a pipe!
growisofs is not run under sudo, so write access is needed for the device, which should normally be allocated to the user who logins in at the X console.
See chalmers for more growfs gems and IBM on CD writing in general and the CDR FAQ.

Other hints and tips

Alternative, transfer the image to the scratch space on publicdump1 or publicdump2 and write it fron M$ or Linux.

To be friendly to Mac's, include -hfs.

If there are access restrictions on the files, it may be useful to use `-r' to make files more readily readable on other systems.

FAT32 can only store 2GB files, so use a native FS (ext2/ext3 or NTFS) for large DVDs.

Floppies

MSDOS floppies should wherever possible be processed (without mounting) using mtools. Only if this is not possible should mount be used.

mtools (MSDOS only)

Some systems have the `mtools' package which allows MSDOS format floppies to be accessed directly as a raw device (if the user has sufficient access) using `mdir', `mcopy' (using the `-t' flag for text) and `mdir' commands. It is usually best to start with `mdir' to see what's on the disk. Then copy files from the disk using a prefix of `a:' to denote the disk, e.g. `mcopy a:foo.doc a:bar.doc .' to read binary files from floppy to unix, or `mcopy -t foo.txt bar.txt a:' to write text unix files to floppy for use on DOS or Windows systems. Check the result e.g. with `mdir'. Ejecting and re-inserting the floppy will clear the block cache, allowing the data to be read from disk to check that the writes actually worked.

Formatting Floppies

Many floppies come pre-formatted for DOS. If they are not, you may need to do a `low level' format and then build an empty filesystem on the disk.

The first can be performed on a linux box using one of the commands

fdformat /dev/floppy/0u1440
fdformat /dev/fd0H1440

which writes the basic block structure to the disk. It is then also necessary to build a file system on the disk. A DOS file system is a `lowest common denominator', readable on a large number of systems, but has restrictions on filenames. This can be circumvented by using `fd-win' which uses the Windows filing system (VFAT) allowing the data to be read by pure DOS systems, but the file names will be different. It can be created using the command
mformat a:
If it says that full geometry is needed, use the command
minfo a:
to find the correct settings, e.g.
mformat -h 2 -s 18 -t 80 a:
A less portable alternative is to use a Unix file system, using a command such as
mkfs -t ext2 /dev/fd
See `man -k format', `man -k file | grep system' or some such for further details.