Re: mounting filesytem for homedir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roger Heflin wrote:
Guillaume wrote:

i try to mount EXT3 partition in the /home/username directory but i'm
hae some issue with ACL.
here is the process i use to reach this goal:
 * create the user
 * check the ACLs on this directory ( /home/user 770 user:user)
 * check the group on the special file ( /dev/sda1 root:user)
 * mount the filesystem (fsttab => /dev/sda1 /home/backup ext3
iocharset=utf8,group,noatime )
 ->> fail... only user root can do this.
 * if i mount the filesystem with the superuser ACL on the directory
/home/user change and look like this : (/home/user 775 root:root)
   this is not good and i would like to have 770 user:user

 > You need to make sure that /home/user has the correct permission on it
before
you mount the disk, and then after you mount the disk you need to again make
sure the correct permission is on /home/user.

If you have user:user on /home/user before the mount, but not on /home/user
after the mount (actually on "." on the filesystem on the disk part) then the most restrictive of the two permissions will be used. If either permission is wrong, there will be problems. It is not typically a problem with directories like home since /home is owned by root, but is a problem when a user owns the entire partition filesystem.

Bzzzzt.

The mode of the directory the filesystem is going to be mounted on doesn't have any impact on the mode/rights of the mounted filesystem, including the "root" of the mounted file system.

You should see it as a filesystem that is overlayed on the directory you're mounting on (e.g. /home/user). At the moment the filesystem is mounted on /home/user, the original /home/user directory becomes completely invisible and unreachable. Every reference to /home/user/* including /home/user itself is redirected to the mounted filesystem.

So... if I understand the OP correctly, he wants to change the file mode on the "root" of the mounted filesystem, not the "mount"-directory in the root file system. There is only one way to achieve that: mount the filesystem and then change the directory's mode (and owner etc.). You probably have to do this as root, as it's very probable that your "normal" user doesn't have the proper rights.

Maybe it helps if I give an example, this is the way I do it: I have an ext3 filesystem on /dev/sdd2 and a directory /var/backup that is used as the mount point. The directory /var/backup is owned by root and has file mode 000 (d---------). You can safely do this and I even recommend it, as it prevents any access to this directory when the filesystem is not mounted (for whatever reason). As soon as I mount /dev/sdd2 on /var/backup, the owner of this directory becomes bacula and the file mode becomes 775 (drwxrwxr-x) because that is how it's stored in the file system on /dev/sdd2. After unmounting, this becomes 000/root again.

If you want to be able to mount the file system as non-root you either need to:
 - use automount or
- specify the "user" option in fstab (as root) (you cannot do this from the command line for security purposes), but please note that now anybody can mount the filesystem (although with a bit limited functionality, no dev/no suid/no exec).

I hope this helps...

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux