From owner-freebsd-questions@FreeBSD.ORG Thu Feb 21 19:33:05 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71BE516A408 for ; Thu, 21 Feb 2008 19:33:05 +0000 (UTC) (envelope-from a-bb@gmx.net) Received: from pd2mo2so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 4467813C45A for ; Thu, 21 Feb 2008 19:33:05 +0000 (UTC) (envelope-from a-bb@gmx.net) Received: from pd4mr5so.prod.shaw.ca (pd4mr5so-qfe3.prod.shaw.ca [10.0.141.50]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JWL009MESY3HCHC@l-daemon> for freebsd-questions@freebsd.org; Thu, 21 Feb 2008 12:32:27 -0700 (MST) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd4mr5so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JWL002T4SY2BT90@pd4mr5so.prod.shaw.ca> for freebsd-questions@freebsd.org; Thu, 21 Feb 2008 12:32:27 -0700 (MST) Received: from [192.168.1.102] ([24.108.85.74]) by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JWL0067BSXO8X60@l-daemon> for freebsd-questions@freebsd.org; Thu, 21 Feb 2008 12:32:17 -0700 (MST) Date: Thu, 21 Feb 2008 11:32:37 -0800 From: Andrew Bradford In-reply-to: <47BD3A0B.2030806@locolomo.org> To: Erik Norgaard Message-id: <47BDD1D5.6060003@gmx.net> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 8BIT References: <47BCC9C6.9050501@gmx.net> <47BD3A0B.2030806@locolomo.org> User-Agent: Thunderbird 2.0.0.6 (X11/20071022) Cc: freebsd-questions@freebsd.org Subject: Re: Mounting FS read-only for specific user (or root) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 19:33:05 -0000 Erik Norgaard escribió: > Andrew Bradford wrote: > >> I'm trying to set up a mounted filesystem that is read-write for >> root, but read-only for anyone else. It will be mounted as a backup >> directory, so files listed in that directory will be owned by current >> users on the system but can't be writeable, regardless of the file >> permissions. >> >> hd2 mounted rw in /root/backup-rw >> hd2 mounted ro in /backups >> >> Is this possible? > > Have you tried? ;) Yes, and it seems to almost work (but not quite). I can set the mount point to have 700 permissions, which excludes everyone from accessing the mounted filesystem but root. If I then mount it again using nullfs, it inherits the permissions of the original mountpoint, and is unreadable by everyone. > > I assume the reasoning for this is you want to preserve permissions > and attributes on your backup, so you can't solve this simply by > setting permissions appropriately. Yes, exactly. Users need to be able to see their own backups, and nobody else's. > > But then, do users need frequent access to their backup? Then you > could simply mount it on a mount point which only has root access. It would be preferable to not require root access to restore backups. Looks like nullfs isn't the answer. How hard would it be to write a nullfs-clone that allowed different permissions on the destination mount point than the source mount point? > > Cheers, Erik > Thanks, Andrew