Mounting FS read-only for specific user (or root)
Andrew Bradford
a-bb at gmx.net
Thu Feb 21 19:33:05 UTC 2008
Erik Norgaard escribió:
> Andrew Bradford wrote:
>
>> I'm trying to set up a mounted filesystem that is read-write for
>> root, but read-only for anyone else. It will be mounted as a backup
>> directory, so files listed in that directory will be owned by current
>> users on the system but can't be writeable, regardless of the file
>> permissions.
>>
>> hd2 mounted rw in /root/backup-rw
>> hd2 mounted ro in /backups
>>
>> Is this possible?
>
> Have you tried? ;)
Yes, and it seems to almost work (but not quite). I can set the mount
point to have 700 permissions, which excludes everyone from accessing
the mounted filesystem but root. If I then mount it again using nullfs,
it inherits the permissions of the original mountpoint, and is
unreadable by everyone.
>
> I assume the reasoning for this is you want to preserve permissions
> and attributes on your backup, so you can't solve this simply by
> setting permissions appropriately.
Yes, exactly. Users need to be able to see their own backups, and
nobody else's.
>
> But then, do users need frequent access to their backup? Then you
> could simply mount it on a mount point which only has root access.
It would be preferable to not require root access to restore backups.
Looks like nullfs isn't the answer. How hard would it be to write a
nullfs-clone that allowed different permissions on the destination mount
point than the source mount point?
>
> Cheers, Erik
>
Thanks,
Andrew
More information about the freebsd-questions
mailing list