Date: Thu, 21 Feb 2008 22:59:45 +0100 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: Mounting FS read-only for specific user (or root) Message-ID: <200802212259.46294.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <47BDEB9A.80207@gmx.net> References: <47BCC9C6.9050501@gmx.net> <200802212131.16581.fbsd.questions@rachie.is-a-geek.net> <47BDEB9A.80207@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 21 February 2008 22:22:34 Andrew Bradford wrote: > Mel escribi=F3: > > On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote: > >> Erik Norgaard escribi=F3: > >>> I assume the reasoning for this is you want to preserve permissions > >>> and attributes on your backup, so you can't solve this simply by > >>> setting permissions appropriately. > >> > >> Yes, exactly. Users need to be able to see their own backups, and > >> nobody else's. > > > > Isn't this what acl's are for? See setfacl(8). I haven't looked into it > > in great detail but seems to me that if you make a subdir owned by the > > user for each backup root for that user and set the acl to only be > > accessible by user, it should work. > > I can't test it on my system at the moment, but wouldn't acls make the > files writable for general users? The backup filesystem needs to be > mounted read-write for root only, and read-only for general users, yet > maintain ownership and permissions. Yeah, you're right. It applies to files only. Sorry for the noise. However, you can still do it with normal permissions, if the users can't se= e=20 the real directory. So I guess the solution would be to either jail it and= =20 mount it ro with nullfs into the jail and root would use the host system, o= r=20 if it's on a different machine to nfs mount it ro and root would use the nf= s=20 host machine. The jail/nullfs trick I use with a template jail and standard ports that I= =20 don't want the jails to screw with. =2D-=20 Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802212259.46294.fbsd.questions>