Re: mounting filesytem for homedir



On Fri, 2008-05-23 at 15:02 +0200, Erik Slagter wrote:
Roger Heflin wrote:
Guillaume wrote:

i try to mount EXT3 partition in the /home/username directory but i'm
hae some issue with ACL.
here is the process i use to reach this goal:
* create the user
* check the ACLs on this directory ( /home/user 770 user:user)
* check the group on the special file ( /dev/sda1 root:user)
* mount the filesystem (fsttab => /dev/sda1 /home/backup ext3
iocharset=utf8,group,noatime )
->> fail... only user root can do this.
* if i mount the filesystem with the superuser ACL on the directory
/home/user change and look like this : (/home/user 775 root:root)
this is not good and i would like to have 770 user:user

> You need to make sure that /home/user has the correct permission on it
before
you mount the disk, and then after you mount the disk you need to again
make
sure the correct permission is on /home/user.

If you have user:user on /home/user before the mount, but not on /home/user
after the mount (actually on "." on the filesystem on the disk part)
then the most restrictive of the two permissions will be used. If
either permission is wrong, there will be problems. It is not
typically a problem with directories like home since /home is owned by
root, but is a problem when a user owns the entire partition filesystem.

Bzzzzt.

The mode of the directory the filesystem is going to be mounted on
doesn't have any impact on the mode/rights of the mounted filesystem,
including the "root" of the mounted file system.

You should see it as a filesystem that is overlayed on the directory
you're mounting on (e.g. /home/user). At the moment the filesystem is
mounted on /home/user, the original /home/user directory becomes
completely invisible and unreachable. Every reference to /home/user/*
including /home/user itself is redirected to the mounted filesystem.

So... if I understand the OP correctly, he wants to change the file mode
on the "root" of the mounted filesystem, not the "mount"-directory in
the root file system. There is only one way to achieve that: mount the
filesystem and then change the directory's mode (and owner etc.). You
probably have to do this as root, as it's very probable that your
"normal" user doesn't have the proper rights.

Maybe it helps if I give an example, this is the way I do it: I have an
ext3 filesystem on /dev/sdd2 and a directory /var/backup that is used as
the mount point. The directory /var/backup is owned by root and has file
mode 000 (d---------). You can safely do this and I even recommend it,
as it prevents any access to this directory when the filesystem is not
mounted (for whatever reason). As soon as I mount /dev/sdd2 on
/var/backup, the owner of this directory becomes bacula and the file
mode becomes 775 (drwxrwxr-x) because that is how it's stored in the
file system on /dev/sdd2. After unmounting, this becomes 000/root again.

If you want to be able to mount the file system as non-root you either
need to:
- use automount or
- specify the "user" option in fstab (as root) (you cannot do this
from the command line for security purposes), but please note that now
anybody can mount the filesystem (although with a bit limited
functionality, no dev/no suid/no exec).

You can make it slightly more restrictive by using the 'owner' or
'group' options, but that means matching the owner (resp. group) of the
special file to the user.

poc

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • Re: mount() function problem !
    ... mount() attaches the filesystem specified by source (which is often a device name, ... point within a file system. ... details of the options available for each filesystem type. ... Specifies the journalling mode for file data. ...
    (comp.lang.c)
  • Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03
    ... They can simply mount a filesystem with any number of SUID ... root binaries on it and have their way with the box. ... They have physical access to the machine. ...
    (FreeBSD-Security)
  • Re: mounting filesytem for homedir
    ... you mount the disk, and then after you mount the disk you need to again make ... on the filesystem on the disk part) then the most restrictive of the two permissions will be used. ... It is not typically a problem with directories like home since /home is owned by root, but is a problem when a user owns the entire partition filesystem. ... The mode of the directory the filesystem is going to be mounted on doesn't have any impact on the mode/rights of the mounted filesystem, including the "root" of the mounted file system. ...
    (Fedora)
  • Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03
    ... They can simply mount a filesystem with any number of SUID ... root binaries on it and have their way with the box. ... I don't think anyone is arguing whether or not this is a bug. ...
    (FreeBSD-Security)
  • Summary: df -k : discrepancy in the % displayed
    ... The standard file system reserves about 10% of the kbytes for efficiency; ... is unavailable to anyone except root. ... If you created your filesystem with default options, ... This 5% or so reservation is probably not worth bothering with on a 1-2GB ...
    (SunManagers)