From owner-freebsd-questions@FreeBSD.ORG Fri Feb 22 19:14:03 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3EE016A502 for ; Fri, 22 Feb 2008 19:14:03 +0000 (UTC) (envelope-from a-bb@gmx.net) Received: from pd2mo2so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 1E71313C46A for ; Fri, 22 Feb 2008 19:14:02 +0000 (UTC) (envelope-from a-bb@gmx.net) Received: from pd3mr4so.prod.shaw.ca (pd3mr4so-qfe3.prod.shaw.ca [10.0.141.180]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JWN009PZMRDHC4R@l-daemon> for freebsd-questions@freebsd.org; Fri, 22 Feb 2008 12:14:01 -0700 (MST) Received: from pn2ml6so.prod.shaw.ca ([10.0.121.150]) by pd3mr4so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JWN00J1SMRA8O00@pd3mr4so.prod.shaw.ca> for freebsd-questions@freebsd.org; Fri, 22 Feb 2008 12:14:00 -0700 (MST) Received: from [192.168.1.103] ([24.68.224.245]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JWN00FG4MQY3030@l-daemon> for freebsd-questions@freebsd.org; Fri, 22 Feb 2008 12:13:46 -0700 (MST) Date: Fri, 22 Feb 2008 11:14:56 -0800 From: Andrew Bradford In-reply-to: <200802212131.16581.fbsd.questions@rachie.is-a-geek.net> To: Mel Message-id: <47BF1F30.4020103@gmx.net> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1; format=flowed Content-transfer-encoding: 8BIT References: <47BCC9C6.9050501@gmx.net> <47BD3A0B.2030806@locolomo.org> <47BDD1D5.6060003@gmx.net> <200802212131.16581.fbsd.questions@rachie.is-a-geek.net> User-Agent: Thunderbird 2.0.0.6 (X11/20071022) Cc: freebsd-questions@freebsd.org Subject: Re: Mounting FS read-only for specific user (or root) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2008 19:14:04 -0000 Mel wrote: > On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote: > >> Erik Norgaard escribió: >> >>> I assume the reasoning for this is you want to preserve permissions >>> and attributes on your backup, so you can't solve this simply by >>> setting permissions appropriately. >>> >> Yes, exactly. Users need to be able to see their own backups, and >> nobody else's. >> > > Isn't this what acl's are for? See setfacl(8). I haven't looked into it in > great detail but seems to me that if you make a subdir owned by the user for > each backup root for that user and set the acl to only be accessible by user, > it should work. > > After playing around with this for a bit, I took Erik's suggestion of mounting the backup directory rw in a root-specific area. I didn't think it would work, but my understanding of the permission structure in UNIX is flawed, and it does work :) The setup, for those interested, is as follows: disk2 mounted read-write in /root/.backup /root/.backup mounted using nullfs read-only in /backups drwx------ root wheel /root drwxr-xr-x root wheel /root/.backup drwxr-xr-x root wheel /backups This way, the permissions on /root prevents normal users from writing to the backup mount underneath it, even though they may own files and have write permissions on those files. The permissions of the mount point allow users to view the contents and restore files, but not write to it because the nullfs mount (/backups) is read-only. General users are unable to write to the read-write mount point (/root/.backup) because the permission of the parent directory (/root) is 700. This allows the backup process to write to the backup filesystem, yet still prevents normal users from writing to it. I think this setup could be improved as I'm simply relying on file permissions to keep the backup filesystem read-only for normal users. The problem is not having the ability to mount a filesystem read-write for a specific user -- regardless of the permissions of files on that filesystem. Thanks Erik and Mel for the help with this! Andrew