1.8. My CD/DVD Is LockedWhen you press the eject button on your CD or DVD drive, you'd think that the drive should open. Unfortunately, it doesn't always happen. Anything that is using a file or reading a directory on that CD/DVD can keep your system from opening that drive. This could be something as simple as a user whose current directory lies on the CD/DVD drive. If you're running Linux as a server, you probably need to accept the locking of the CD/DVD drive. Other users may be installing Linux from a shared DVD on your system and may need access to the data on the drive. While you may have good reasons as an administrator to unlock a drive, be aware that you may be interrupting some task being run by one or more of your users (or fellow administrators). On the other hand, if you're working with a single-user Linux workstation, users won't understand why their CD/DVD is locked. They'll just complain, and you'll be annoyed, as they won't be interested in learning "simple" commands such as umount. All they'll tell you is that the CD is broken. In this annoyance, I'll show you how I believe servers and workstations should be configured with respect to the CD/DVD drive. The defaults vary depending on your distribution. Based on those defaults, if you still have problems, there are a series of common steps that you can follow. 1.8.1. Recommended /etc/fstab Defaults for a CD/DVD on a ServerWhen you configure a server, you'll want full control over any CD/DVD drives on your system. Generally, you'll want to limit privileges to administrative users. Take the following default entry from my /etc/fstab on Red Hat Enterprise Linux 4, with a regular CD/DVD drive: /dev/hdc /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 The applicable entry from my SUSE Linux workstation is: /dev/cdrecorder /media/cdrecorder subfs noauto,users,gid=users 0 0 Finally, the associated directive from my Debian system is: /dev/hdc /media/cdrecorder auto ro,users,noauto,unhide,exec 0 0 As you should already know, the first column is the CD/DVD drive device file, and the second column is the default directory where the drive is mounted. The third column specifies the filesystem, such as ext3 or reiserfs. auto auto-detects the filesystem. subfs represents the Linux removable-media-handling system and is most closely associated with SUSE. The fourth column specifies the mount options, and that's the focus for this annoyance. (For more information on the fifth and sixth columns, which are rarely changed these days, see the fstab manpage.) Examine the options described in Table 1-9. This table is not comprehensive, but is limited to options that may contribute to problems unmounting a CD/DVD drive.
With these options in mind, I recommend that you change the directives associated with the CD/DVD drive in your /etc/fstab to disallow mounts by regular users. I'd change the SUSE Linux 9.3 directive to delete users access by user and group: /dev/cdrecorder /media/cdrecorder subfs noauto 0 0 I'd change the Debian Sarge directive to delete regular user access by removing the users and uid options. /dev/hdc /media/cdrecorder auto ro,noauto,unhide,exec 0 0 The situation with Red Hat Enterprise Linux 4/Fedora Core is different. The directive associated with the CD/DVD drive is governed by the relatively new Hardware Abstraction Layer daemon, using the storage-policy.fdi configuration file. On Fedora Core, this file is located in the /usr/share/hal/fdi/90systempolicy/ subdirectory; on Red Hat Enterprise Linux 4, it's located in the /usr/share/hal/fdi/90defaultpolicy/ directory. By default, the user who owns the device file associated with the CD/DVD drive can also mount and unmount that drive. In other words, based on the following, the user michael, and no other regular user, is allowed to mount the CD/DVD drive associated with /dev/hdd: $ ls -l /dev/hdd brw------- 1 michael disk 22, 64 Jul 22 02:35 /dev/hdd If the specified user is your regular account as an administrator, that's generally good enough for a server. As an alternative to changing fstab, you can remove the following line from the noted storage-policy.fdi configuration file: <merge key="storage.policy.default.mount_option.pamconsole" type="bool">true</merge> When you restart the HAL daemon with the /etc/init.d/haldaemon restart command, not even the regular owner of the CD/DVD device file is allowed to mount that drive. Access is limited to the root user, and that's appropriate on a server. 1.8.2. Recommended Defaults for a CD/DVD on a WorkstationWorkstations should be configured differently from servers. One difference is in the way they handle removable media. Regular users expect CDs and DVDs to be automatically mounted when placed in their drives. It's important that the applicable directives in /etc/fstab support access by normal users. Based on the directives from the previous section, I'd make sure at least the user option is included in the appropriate directive; the following example works on my SUSE Professional workstation: /dev/cdrecorder /media/cdrecorder subfs noauto,users,gid=users 0 0 The following works well on a Debian Sarge workstation: /dev/hdc /media/cdrecorder auto ro,users,noauto,unhide,exec 0 0 The situation is a bit different with Red Hat/Fedora workstations. The directive is acceptable as is; all you need to do is make sure the owner of the CD/DVD device file, such as /dev/hdc or /dev/hdd, is the primary user of the workstation. 1.8.2.1. Modifying the GUI device-management toolGNOME provides removable device-management tools that are not affected by the options in /etc/fstab. For example, in the GNOME Desktop Environment, run the gnome-volume-properties command. This starts the Drives and Media Preferences tool, which allows you to control how GNOME reacts when you insert a CD/DVD into the drive. On a server, I recommend that you disable all automatic mounting. There is no corresponding stable utility available on the KDE Desktop Environment; the last information I can find on the Kautorun software is from 2000. However, you can take advantage of the .kde/Autostart directory to create your own Autorun system on KDE. The Autorun system is available only on Red Hat distributions. The associated RPM doesn't work on SUSE Linux, so if you want Autorun on KDE for SUSE or Debian Linux, you'll have to compile it from the source code. To do so, take the following steps:
Remember to tell your users how they can unmount their drivesat least how they can right-click on the CD/DVD icon in their GUI desktops to bring up a menu that lets them unmount the drive. I describe this and other options in the next section. 1.8.3. Getting the CD/DVD OutAs problems with a CD/DVD drive can vary, I provide a simple checklist of steps you can take. The first steps may seem elementary for geeks but are shown because we all forget the obvious sometimes:
|