Howto auto-mount devices under Linux with hotplug

Here is another small thing to make working with Linux more convenient: auto-mounting of hotplug-able devices. This is again specific to Debian GNU/Linux, but might be applicable to other distributions with only slight changes. Quite a few of the following steps have been taken from Ubuntu - well done folks!

The whole auto-mounting described here is based upon hald, a daemon that monitors the system’s hardware.

Update: As of 2010, none of this is typically required. Auto-mounting works with KDE and Gnome out-of-the-box.

Method 1:

Using method 1, a system user does the automatic mounting and unmounting of devices.

  1. The following packages should be installed: hal (>= 0.4.8-7), pmount (>= 0.8-2).
  2. During that installation, a group “hal” should be created. All users that should have access to the automatically mounted media (e.g. all member of the “users” group) should be added to this “hal” group."
  3. Additionally, the group “plugdev” will be created during the installation of pmount. All users that were added to group “hal” in the last step should also be added to this group. In addition, add the “hal” user to this group.
  4. A new script /etc/hal/device.d/60-pmount.hal should be created with the following content:


case "$1" in
        /usr/bin/pmount-hal $UDI -u 007


        echo "wrong command : $1"

With that, devices like USB media will be automatically mounted upon plugging them in (or loading a media like in the case of CD-ROMs) and unmounted upon removal. With KDE (>= 3.4.1 packages for Debian etch have already been compiled with hal support), those media will then appear under media:/, which is e.g. monitored by a kicker applet (see method 2b for slightly more details).

Update 2006-02: this method does actually no longer work with the current hal packages from Debian testing/unstable (version 0.5.6-2 at the time of this writing). The combination of hal, udev, and dbus seems to have changed considerably in the last few months, at least concerning integration of user scripts. But this is actually good news! Because now the auto-mounting by a system user is no longer necessary for Debian testing/unstable. Please see method 2b.

Method 2:

The first method has the problem that all media will be mounted by the user “hal” and can therefore not be unmounted manually by other users. For CD-ROMs, this is especially bad because only root can then unmount the media to allow it to be ejected. Writing to the devices is not an issue, because users in the “hal” group can do so when permissions are set correctly (this is the reason why an umask of 007 is passed to pmount in the above script). Nevertheless, it would be much nicer (and more secure) if the media was mounted as the user currently logged in (at least for local X11 desktop logins, this should be possible).

Method 2a - ivman:

For the Gnome desktop specifically and for user interaction in general, ivman is the tool to solve this problem. It monitors hal and calls pmount as the respective user, i.e. ivman is put between hal and pmount insted of the hald action script in method 1.

  • Unfortunately, under Debian testing/unstable this does not yet work without too much hassle, because there is no ivman package at the time of this writing (and the ivman package from ubuntu depends on newer hal and dbus packages which are only in experimental and conflict with other system packages). It will probably take a few more weeks to make this work. The following descriptions are therefore for Ubuntu. Update 2006-02: I haven’t tried to use the Ubuntu ivman package on my current Debian testing/unstable system now, after the hal/dbus/udev updates, simply because I don’t need ivman right now. KDE has something like it built in already. If you don’t need those user-defined actions and run KDE, you can skip to method 2b.
  • When the ivman package is installed and run as the logged in user, it will take care of responding to hal events and already ships with default rules for calling pmount for all storage type devices. The configuration is kept in /etc/ivman/.
  • Bonus for USB media with ssh keys on them: It is easily possible to automatically get asked for the ssh key’s passphrases when the USB media is connected and to have them added to a running ssh-agent as soon as the correct password has been entered. This, for the first time since I am using ssh keys, makes it very convenient to deal with the keys in a secure way: to not keep them on the hard disk, but to carry them around on a physical key chain (stored on one of those small USB sticks). ivman makes it very easy indeed, it is only necessary to add the following block to /etc/ivman/IvmConfigActions.xml:

   <ivm:Match name="" value="volume">

            <!--<ivm:Match name="hal.usb_device.product_id" value="0x1000">

            <ivm:Match name="hal.usb_device.vendor_id" value="0x90c">-->

                <ivm:Option name="exec" value="SSH_ASKPASS=~/conf/scripts/kde-ssh-askpass /usr/bin/ssh-add $hal.volume.mount_point$/keys/ssh/id_rsa" />




The path to the ssh keys on the USB media must be adapted accordingly (/keys/ssh/id_rsa in my case). The additional two matches can be activated when this should be called only for specific USB storage media. I did not active them, because ssh-add does not ask for any password when it can not find the key file at the specified location. Therefore, the password dialog will only appear when the media containing the keys is being connected. The used helper script ~/conf/scripts/kde-ssh-askpass just uses kdialog to ask for the passphrase:


exec kdialog --password 'SSH private key passphrase'

Method 2b - KDE 3.5:

For KDE 3.5 users (I am one), there is another method for automounting: to just let KDE do it. I’m really impressed with the current level of integration of the KDE desktop with udev/hal/dbus. To make it work, you just need to:

  1. Install hal (>= 0.5.6-2), udev (>= 0.084-3), dbus (>= 0.60-5), pmount (>= 0.9.7-2), and kdebase-kio-plugins (>= 4:3.5.1-1). As fas as I am aware, the last one is the key, because it depends on libhal1 (>= 0.5).

  2. Make sure that the necessary KDE services are enabled and running: in KDE Control Center under “KDE Components” - “Service Manager” - “Startup Services”  enable both the “KDED Media Manager” and “Media Notifier Daemon” (“KDE-Komponenten” - “Diensteverwaltung” - “KDE-Dienste beim Start”: “KDED Medienverwaltung”, “Gerätebenachrichtigung” in the German translation).
    The former takes care of adding devices to both the media:/ IO-slave and the kicker media applet (which just monitors the IO-slave). When I plug in my USB stick, I get a nice icon in kicker, which allows me to just open the device (it is auto-mounted by KDE using pmount when first opened) and to unmount/eject it.

    Screenshot of Kicker media applet showing the USB stick icon

    Screenshot of media:/ IO-slave showing the USB stick icon

    This also works perfectly for CDs.

    Screenshot of Kicker media applet showing the USB stick and CD icons

    The latter actually provides user notification when devices are hot-plugged, in much the same way as Windows XP is doing it (yes, that screenshot is in German).

    Screenshot showing the KDE media popup when plugging in a USB stick


  3. Since we also want the bonus points, it is possible to auto-execute actions for USB media in KDE too, like ivman can do. I created a new action for the “Media Notifier Daemon” using the above GUI - just click on setup and add the script to execute. However, I haven’t yet figured out how to use the script before the media is mounted (it’s now auto-mounted as in method 2a, but only on first konqueror/IO slave access) and how to auto-execute a script while still allowing other options to be used (e.g. starting media players when audio/video files or images are found).

Concluding, KDE 3.5 already offers a nice way of dealing with hot-plugging and removable media, which approaches (and, IMHO, exceeds) the ease of use of Windows XP (which arguably got that aspect of user interaction “right” in terms of very simple to use quite a while ago).

René Mayrhofer
René Mayrhofer
Professor of Networks and Security & Director of Engineering at Android Platform Security; pacifist, privacy fan, recovering hypocrite; generally here to question and learn