Mounting FS read-only for specific user (or root)

Mel fbsd.questions at
Thu Feb 21 21:59:49 UTC 2008

On Thursday 21 February 2008 22:22:34 Andrew Bradford wrote:
> Mel escribió:
> > On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote:
> >> Erik Norgaard escribió:
> >>> I assume the reasoning for this is you want to preserve permissions
> >>> and attributes on your backup, so you can't solve this simply by
> >>> setting permissions appropriately.
> >>
> >> Yes, exactly.  Users need to be able to see their own backups, and
> >> nobody else's.
> >
> > Isn't this what acl's are for? See setfacl(8). I haven't looked into it
> > in great detail but seems to me that if you make a subdir owned by the
> > user for each backup root for that user and set the acl to only be
> > accessible by user, it should work.
> I can't test it on my system at the moment, but wouldn't acls make the
> files writable for general users?  The backup filesystem needs to be
> mounted read-write for root only, and read-only for general users, yet
> maintain ownership and permissions.

Yeah, you're right. It applies to files only. Sorry for the noise.

However, you can still do it with normal permissions, if the users can't see 
the real directory. So I guess the solution would be to either jail it and 
mount it ro with nullfs into the jail and root would use the host system, or 
if it's on a different machine to nfs mount it ro and root would use the nfs 
host machine.

The jail/nullfs trick I use with a template jail and standard ports that I 
don't want the jails to screw with.


More information about the freebsd-questions mailing list