Date: Thu, 21 Feb 2008 13:22:34 -0800 From: Andrew Bradford <a-bb@gmx.net> To: Mel <fbsd.questions@rachie.is-a-geek.net> Cc: freebsd-questions@freebsd.org Subject: Re: Mounting FS read-only for specific user (or root) Message-ID: <47BDEB9A.80207@gmx.net> In-Reply-To: <200802212131.16581.fbsd.questions@rachie.is-a-geek.net> References: <47BCC9C6.9050501@gmx.net> <47BD3A0B.2030806@locolomo.org> <47BDD1D5.6060003@gmx.net> <200802212131.16581.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mel escribió: > On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote: > >> Erik Norgaard escribió: >> >>> I assume the reasoning for this is you want to preserve permissions >>> and attributes on your backup, so you can't solve this simply by >>> setting permissions appropriately. >>> >> Yes, exactly. Users need to be able to see their own backups, and >> nobody else's. >> > > Isn't this what acl's are for? See setfacl(8). I haven't looked into it in > great detail but seems to me that if you make a subdir owned by the user for > each backup root for that user and set the acl to only be accessible by user, > it should work. > I can't test it on my system at the moment, but wouldn't acls make the files writable for general users? The backup filesystem needs to be mounted read-write for root only, and read-only for general users, yet maintain ownership and permissions. Is it possible to use acls to revoke normal UNIX permissions on a directory hierarchy? I.e. use acls to limit users from writing to the read-write backup filesystem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47BDEB9A.80207>