How to Mount VMware Disk Images under Linux

Submitted by jbreland on Sun, 08/05/2007 - 00:42

Occasionally I have need to copy files to/from a VMware instance. The usual process for this would involve starting up the virtual machine, loading the OS, copying the files, then shutting it down and exiting VMware. However, this adds a lot of overhead to a simply file copy process. There are some easy to find utilities for doing this under a Windows host OS, but doing so under Linux has proved a bit more difficult. After a good bit of searching, I found this VMware forum post that suggested I could use a utility called vmware-mount.pl to achieve this.

Excellent. Of course, as with many things in Linux, it's not that easy.

To begin with, I had to track down a copy of the utility. I use (and highly recommend) the excellent free VMware Player to run my guest instances. It works like a champ, but unfortunately contains only a limited selection of support tools. To get a copy of vmware-mount.pl, you'll need to download the VMware Server package for Linux. Specifically, download the file labeled "VMware Server for Linux Binary (tar.gz)". This script may also come with VMware Workstation, but VMware Server, like the Player product, is free to download and use.

Once you've downloaded VMware Server, extract the contents of the tarball ( tar xf VMware-server-1.0.3-44356). Change to the bin/ directory, and copy vmware-mount.pl and vmware-loop to the bin/ directory of your installed copy of VMware Player. In my case, this this /opt/vmware/player/bin/. Verify that both scripts are executable (chmod a+x >files< if necessary).

That takes care of installing the necessary files. In order to use these scripts, however, you need support enabled for certain kernel features. Depending on your distribution this may already be enabled, but for troubleshooting purposes I'm including the three main options that I'm aware of:

  • Loopback device support (allows mounting of file objects as block devices):
    Device Drivers -> Block devices -> Loopback device support
  • Network block device support (not sure exactly what this does, but it's necessary):
    Device Drivers -> Block devices -> Network block device support
  • Filesystem support for guest OS partition(s) (eg., FAT32 or NTFS for Windows partitions, etc.)
    File systems -> DOS/FAT/NT Filesystems -> VFAT (substitute for needed filesystems)

Note: all of these options can be compiled as modules if preferred.

Now, time to test the script. From the command line, change to a directory containing a VMware disk image (*.vmdk file). Issue the following command (substituting the name of your own disk filename):

vmware-mount.pl -p WinXP_Pro_SP2.vmdk

This should like the available partitions inside the virtual disk:

--------------------------------------------
VMware for Linux - Virtual Hard Disk Mounter
Version: 1.0 build-44356
Copyright 1998 VMware, Inc. All rights reserved. -- VMware Confidential
--------------------------------------------

Nr      Start       Size Type Id Sytem
-- ---------- ---------- ---- -- ------------------------
 1         63   12562767 BIOS  7 HPFS/NTFS

In this case, I have a single NTFS partition, labeled as partition 1. Next, we'll try mounting the partition. These commands must be run as root:

mkdir mount_test
vmware-mount.pl WinXP_Pro_SP2.vmdk 1 -o ro mount_test

These commands will create a temporary directory for testing, then mount the first partition of my VMDK file in read-only mode. You will likely be given a warning about using this program with 2.4+ kernels. In my experience it is safe to ignore this warning, so enter Y to continue. You may also be given a warning about loading the Network Block Device driver; again, enter Y to continue. If successful, switch to another console, switch to root again, and change to the mount_test/ directory. You should see a list of files and directories from the guest OS. Switch back to the first console and enter Control-C to unmount the disk.

Assuming all went well, you can now copy files to/from your virtual disk (remove the read-only switch in the above code to write to the disk). However, mounting the disk from the command line and performing all copy operations as root is not very convenient, so let's setup a method to automatically mount the disk using your standard user account. The next part of this tip utilizes techniques from my Adding Custom Actions to KDE Context Menus article, and will only work for KDE users.

To begin, we need to make KDE recognize the VMDK format by creating a file association. Within Konqueror, select Settings, Configure Konqueror.... Select the File Associations tab, then click Add... under the Known Types pane. Select application as the Group, enter the name x-vmdk, and click OK. Click Add.. in the Filename Patterns pane, enter *.vmdk, and click OK. Add another pattern for *.VMDK so KDE will recognize both cases. Enter a description, such as VMware disk image, then click OK to close the settings window.

Next, we need to tell KDE what to do with these files. Following the directions in the Adding Custom Actions to KDE Context Menus article, create the following servicemenu file:

vmdk.desktop
[Desktop Entry]
ServiceTypes=application/x-vmdk
Actions=mountvmdk

[Desktop Action mountvmdk]
Name=Mount VMDK
Exec=launch.sh %d mountvmdk.sh \"%f\"
Icon=binary

As you can see by the Exec line, this requires two "support" scripts, launch.sh and mountvmdk.sh. launch.sh can be found on the Adding Custom Actions to KDE Context Menus article page, and mountvmdk.sh, which is based on my mountiso.sh script from the same page, can be download here: mountvmdk.sh script. Both of these scripts must be made executable and placed in a directory in your user's path (eg, ~/bin/ or /usr/local/bin/).

The following command from mountvmdk.sh does the magic:

echo 'y' | sudo vmware-mount.pl $1 1 -o ro,uid=`id -u` $DIR

echo 'y' will automatically answer the question about using a 2.4+ kernel. sudo instruct the system to run the command as root (more on that later). The 1 instructs the command to mount the first partition. This shouldn't be an issue in most cases as there really isn't much of a need to create multiple partitions on a VMware disk, but keep it in mind in case you do need to work with multiple partitions. Moving along, the '-o ro' option will mount the disk in read-only mode. I'm doing this purely for safety reasons (this is a new process for me), and it should not be needed. Finally, the uid=`uid -u` option is important. This instructs the mount command to mount the disk under your regular user's name rather than as root. The id -u command will print out your uid (User ID) and pass it to the sudo mount command. Without this, you would be unable to view the files as a non-root user.

Finally, we need to tell Linux that it's ok to do this as a regular user. This is done using the sudo command. Make sure that sudo is installed on your system, then run visudo to edit the sudoers file. Explanation of the file format is way beyond the scope of this article (this simple Google search should provide plenty of examples), but you'll need to give your regular user account permission to run the vmware-mount.pl command. Additionally, if you chose to compile either the loopback network block device drivers as modules you'll need to have permission to run the modprobe command as well. Make sure that this access is only given to trusted accounts, as it can definitely be a security risk

That should do it. Save all of the files, restart Konqueror, and then right-click on a vmdk file. Select Actions, Mount VMDK from the context menu. You should now have the contents of the vmdk file accessible in a subdirectory matching the name of the original file. When finished, simply enter Ctrl-C in the xterm window to unmount the disk image and remove the temporary directory.

Much easier. :-)

Airline Security

Submitted by jbreland on Fri, 07/27/2007 - 13:45

I usually refrain from posting about such stuff on my site, mostly because I tend to work myself up into a rant and I just don't have the time and energy to deal with that these days, but this was a really good read. While responding to a question about a certain aspect of airline security, a pilot provided his thoughts on the industry as a whole. This is a very insightful point of view, and covers a lot of what's just plain wrong with the state of affairs today.

I highly encourage anyone interested in this sort of stuff (and if you ever have reason to fly on a plane, you should be interested) to read the full article. It only takes a few minutes.
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

(as found on Bruce Schneier's blog)

A Behind-the-Scenes Look at How DRM Becomes Law

Submitted by jbreland on Fri, 07/13/2007 - 09:42

This is just a quick post about an article I recently read. Cory Doctorow (of Boing Boing, among others) has written a pretty insightful article for Information Week on "...the back room dealing that allowed entertainment companies and electronics companies to craft public policy on digital rights management." It manages to be insightful, disturbing, and disgusting all at the same time, and is worth a read if you're interested in how DRM comes to be.

Here's a small excerpt from the article:

Then the MPAA dropped the other shoe: the sole criterion for inclusion on the list would be the approval of one of its member-companies, or a quorum of broadcasters. In other words, the Broadcast Flag wouldn't be an "objective standard," describing the technical means by which video would be locked away -- it would be purely subjective, up to the whim of the studios. You could have the best product in the world, and they wouldn't approve it if your business-development guys hadn't bought enough drinks for their business-development guys at a CES party.

You can read the full article here:
http://www.informationweek.com/news/showArticle.jhtml?articleID=201000854

or, you can find the much friendlier single-page version here:
http://informationweek.com/shared/printableArticle.jhtml?articleID=201000854

Which file types are actually executed during extraction by Universal Extractor?

Submitted by jbreland on Sun, 07/01/2007 - 14:49

JST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.

JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:

Are any files executed during extraction?

This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.

Windows Vista Security Considerations for Developers

Submitted by jbreland on Fri, 06/22/2007 - 10:52

I'm sure that everyone reading this site is aware of the fact that Windows Vista has made some rather drastic changes to the underlying OS in the name of security. Some of these are good and overdue changes; some, however, are freakin' brain dead (you can see my last post for a very brief summary of my feelings about Vista from a user's perspective). Regardless of my personal feelings, the fact is Vista is here and it's install base is only going to grow as people purchase new PCs. Given that I maintain a few applications for Windows, I have to take Vista into consideration and make sure that my apps continue to play nicely on Microsoft's current and future operation systems.

Unfortunately, I'm rather late to this party. Until just recently I have had no direct exposure with Vista; I even managed to go through the entire alpha, beta, and release candidate stages of Vista without seeing a Vista system a single time. Needless to say, once it was released I began receiving notices that Universal Extractor has Vista compatibility issues. I'm sure AutoFLAC does as well, but I guess those users are a bit less demanding. :-) (I say that in jest, of course - the UniExtract community over on the MSFN forum has been fantastic!)

The good news is that I finally do have access to a Vista system. I can't stand using it (again, see my last post if you want to know how I really feel about it), but it can at least serve as a test box for UniExtract and AutoFLAC. The next couple revisions of each will focus on Vista compatibility, and in anticipation of this I've begun doing some research into the Vista changes that most affect applications and installers. I'm post some of the more useful links I've found both for my own reference and for anyone else that may benefit from this information.

New ACLs Improve Security in Windows Vista - detailed article about many of the changes to user and administrator privileges, file system and registry permissions, etc.; very informative, though highly technical

File and Registry Virtualization – the good, the bad, and the ugly - discussion about the compatibility features provided by Vista to allow older "non-compliant" applications to install and function properly

Vista considerations - small write-up on the Inno Setup Knowledge Base discussing Inno-specific considerations

Vista FAQ and INNO Vista and XP questions - two Inno Setup newsgroup discussion threads concerning Vista compatibility

I know there's a lot more information out there, and I'll probably update this post as I come across it, but this will get me started. Do you know of any other good resources? Please post a comment!

KDE Hidden Preferences

Submitted by jbreland on Tue, 05/15/2007 - 04:32

One thing I love about KDE is it's incredible breadth of configuration options. I really like to tweak my environment to best suite my needs, preferences, and habits. I know what works best for me, and prefer to have my desktop environment reflect those preferences.

Despite the vast number of preferences in the KDE Control Center, there are still quite a few options for which new GUI preference setting exists. The Hidden Configuration KDE Wiki page discusses some of these options, and is worth a read if you use KDE. In particular, I was looking for a way to disable the listing and expanding of archive files in Konqueror's sidebar. This "feature" was borrowed from Windows XP (Compressed Folders), where it always bugged the hell out of me. If I wanted view the contents of Zip files in Windows Explorer then I'd unzip the damn file.

Needless to say, I was rather dismayed and disappointed when I saw this "feature" appear in a KDE upgrade. There is no GUI preference available for disabling it, but after quite a bit of internet searching I found the above Hidden Configuration page, which discusses how to do it. It's a useful resource, and I wanted to make a note of it here both for the benefit of others as well as so I can easily find the page again next time I setup KDE. :-)

If you would like to disable this feature as well, first try entering this command (as documented in the Wiki): kwriteconfig --file konqsidebartng.rc --group General --key ShowArchivesAsFolders --type bool false. You'll need to restart Konqueror for the change to take effect. If that does not work (it didn't for me), do this instead:

  1. Edit ~/.kde/share/config/konqsidebartng.rc
  2. Search for the option titled ShowArchivesAsFolders
  3. If you ran the kwriteconfig command, you should find it under the [General] category. Delete that under [General] and instead add ShowArchivesAsFolders=false it to the top of the file
  4. If you do not already have that setting in the file, simply add it to the top of the file as described in the last step
  5. Save the file and restart konqueror

You should now be rid of those annoying archive folders. Enjoy.

Oh, and if you'd like to disable this feature in Windows XP as well, you can easily to so by running the following command: regsvr32.exe /u zipfldr.dll. If you choose to reenable it, you can do so simply by running regsvr32.exe zipfldr.dll.

Useful New Windows Apps

Submitted by jbreland on Sat, 05/05/2007 - 04:33

I came across a couple of very useful Windows apps tonight while doing some maintenance on my systems. The first is Core Mini-SFTP Server. This is a commercial/proprietary app, but it's available free of charge. As implied by the name, it's a stripped-down sFTP server for Windows. No installation or configuration is necessary; simply download and run the executable, specify the username, password, and root directory, then click Start. Any user can now connect via SFTP using the specified credentials. It's very convenient if you simply need quick and easy access to an sFTP server on Windows, but, of course, it does have limitations. It's strictly single user, must be run interactively (ie, it cannot be run as a service when the system starts), and only minimal sftp functionality is included (the sftp client under Linux works, for example, but scp does not). Additionally, it stores the specified password in plaintext within the registry. Keep this in mind when choosing a password, and be sure to delete the key after you're finished if it's a sensitive password (HKCU\Software\FTPWare\msftpsrvr\msftpsrvr).

Next up is a fine new FOSS app for Windows. Infra Recorder is a very slick CD burning application based on cdrecord. The interface is very nice and intuitive, functionally it can do just about anything you'd expect of a CD burning application, and so far it seems quite stable (considering it's a beta release). I'm quite pleased with it so far. The audio capabilities are somewhat limited (it can only handle WAV files directly, for example), but given that I use Exact Audio Copy for all of my audio CD needs it's not much of an issue for me. It'll make a great alternative to cdrtfe, my current burning app of choice under Windows.

Enjoy. :-)

Edit: I'm afraid I'm going to have to take back some of the praise for Infra Recorder. It doesn't seem to actually want to write the disc image that you tell it to burn. Instead, it just pretends to burn it for several minutes, letting you think it's being written to disc. I discovered this after thinking I had burned a freshly downloaded 700 MB Kubuntu ISO, only to find out after I had deleted ISO that it had not, in fact, been written to disc. So, I downloaded it again, checked and double-checked all settings (especially the "simulation" option, and attempted to burn it again, but it still failed. I then fired up cdrtfe and burned it without problem on the first attempt, confirming that the disc image was fine.

I'd recommend sticking with cdrtfe for important stuff for now.

Adding Custom Actions to KDE Context Menus (aka, servicemenus)

Submitted by jbreland on Fri, 04/20/2007 - 01:16

One thing I always liked about Windows (compared to Linux) is that it's very easy to add custom actions to the context (right-click) menu for any given file types. For example, I used this ability with Universal Extractor to add UniExtract... entries to the context menu of archive files, and I use it with Open with Arguments to add Open with arguments... to .exe and .bat files. I missed that ability for quite some time once I began using Linux as my primary OS. Something as simple as extracting Zip files, for example, would require jumping to the command line and entering an appropriate unzip command[1]. However, a while back I stumbled across a tutorial entitled, "Creating Konqueror Service Menus", and was very pleasantly surprised to discover that this allowed me to do exactly what I had wanted for so long.

I setup a few custom actions (called "servicemenus" in KDE) a while back on my home system and pretty much forgot about it since it "just worked", but since I'm now using a new desktop system at home I'm already missing these custom actions. So, I figured I'd document them here while setting them up again. Hopefully this information will help out other Linux users. Much more thorough instructions can be found in the article referenced above - my instructions should be treated as more of a reference.

To begin, you'll need to create a new .desktop file for the action you want to perform. For the purposes of this article, I'm going to add a context menu item that will extract RAR files to the current directory. So, we'll create a new file named ~/.kde/share/apps/konqueror/servicemenus/rar.desktop. The file name is arbitrary, but it must be saved in the specified location, and must end with the .desktop extension. Next open the file in your favorite editor and add the following:

rar.desktop
[Desktop Entry]
ServiceTypes=application/x-rar,application/x-rar-compressed
Actions=unrar

[Desktop Action unrar]
Name=Extract Here
Exec=launch.sh %d unrar x \"%f\"
Icon=package

This code is not very intuitive, so I'll explain each option

  • ServiceTypes - specifies the type of files with which the action should be associated. The easiest way to determine this information is to run Konqueror, click Settings, Configure Konqueror, and select the File Associations section. Enter the file extension you want to associate the action with (in this case, rar, and then add the listed file types to the Service Types entry. Repeat for each extension if you want to associate with multiple types
  • Actions - specifies the name of the stanza that defines the action. Multiple actions can be specified, but we'll only use one here. Just make sure that the name entered here matches the [Desktop Action xxx] defined below.
  • Name - the name of the context menu entry that will appear when right-clicking on the given type of files
  • Exec - the action to perform when selected; more details below. Please also see this page for a full discussion of this item, including a list of valid field codes.
  • Icon - the name of the icon to associate with the context menu entry (optional). This can point to a real file if you want to use a custom icon, but you have to specify the full path and filename. In this case, I'm telling it to use the package icon from the current icon set. The easiest way (that I know of) to view these "pre-defined" icons is to right-click on any K-menu entry, select Edit Item, and click on the icon button for that item, It'll bring up an icon browser. Find the icon you like best, note the name, then close the windows and add it to the Icon entry.

Now, let's discuss the Exec entry. Ordinarily you'd probably want to call the binary directly; eg., unrar x \"%f\". In this case, however, I want to get feedback on the current progress of the operation, as well as any errors that might have occured. Since unrar is a CLI application, running it from a GUI wouldn't provide any feedback. It would simply run in the background and then exit. To work around this, I created a "wrapper" script called launch.sh that will accept arguments passed by KDE and run the command in a standalone xterm terminal[2]. Using this method, clicking the the action in the context menu will spawn a new xterm window, which will then display the current status of the operation. It will also allow you to enter any additional information that may be necessary, such as answering an overwrite prompt or providing an archive password.

The code for the wrapper script is listed below. The only dependency is that xterm must be installed in an your $PATH.

launch.sh
#!/bin/bash

# enable support for spaces
IFS=$'\r\n'

# check for number of arguments
if [ "$2" = "" ]; then
    echo "Usage: $0 <dir> <command>"
    exit 1
fi

# set directory and command
DIR=$1
shift
COM=$@

# execute command in xterm
cd $DIR
xterm -e $COM
exit

That should do it. Save both of those files, make sure that launch.sh is copied to a location in your $PATH, then try right-clicking on a RAR file. Under the Actions submenu, you should now see an entry called Extract Here. Click it, and if all goes well the contents of the RAR file should be extracted to that directory.

For reference, here's a list of all KDE servicemenus that I have created:

  • audacious.desktop - Enqueue and begin playing all selected audio files in Audacious (originally written for XMMS, and still contains the commented code if desired)
  • iso.desktop - Mount an ISO CD-Rom image in a subdirectory of the current folder to allow file browsing and copying; press Enter when complete to unmount the ISO and remove the temporary directory. This service menu requires my mountiso.sh script.
  • par.desktop - Repair damaged RAR archives using associated PAR files
  • rar.desktop - Extract contents of RAR archives
  • tbz.desktop - Extract contents of bzipped tarballs
  • tgz.desktop - Extract contents of gzipped tarballs
  • vmdk.desktop - Mount a VMware disk image in a subdirectory of the current folder to allow file browsing and copying; press Ctrl-C when complete to unmount the disk image and remove the temporary directory. This service menu requires my mountvmdk.sh script. More details can be found in the How to Mount VMware Disk Images under Linux article.
  • xine.desktop - Enque and begin playing all selected video files in Xine
  • zip.desktop - Extract contents of ZIP archives
  • launch.sh - Wrapper script to display service menu output in an xterm window; most of my servicemenus require this script

[1] Yes, I know that I can install a GUI archiving utility such as Ark. However, that's not really relevant here for two reasons:

  1. I want to right-click and extract directly within Konqueror without first opening it in a separate utility
  2. File extraction is just an easy-to-visualize simple example - there are other cases where install a separate utility is not an option or just doesn't make any sense

[2] Yes, you could theoretically call xterm directly from the .desktop file rather than using a wrapper script, but I couldn't get it to work properly. I had issues with getting xterm and the associated command (in this case, unrar) to accept the correct path, as well as dealing with spaces in the filename. My wrapper script will handle anything that's thrown at it (so far, anyway...).