writeprotection of unmounted mountpoints automaitcally - possible??

Sun Jan 16 15:44:08 UTC 2005

On Sun, 2005-01-16 at 14:40 +0100, Alexander Raab wrote:
> Jonathan Berry wrote:
> 
> >On Fri, 14 Jan 2005 09:30:29 +0100, Alexander Raab
> ><alexander.raab at chello.at> wrote:
> >  
> >
> >>Hi, all.
> >>Is there a possibility to set the permissons of ummounted mountpoints to
> >>writeprotected?
> >>I am coping files very often without checking if a usb-drive is really
> >>mounted.
> >>
> >>Alex
> >>    
> >>
> >
> >I think this would be possible, but only if what you are mounting is,
> >say, formatted with FAT or FAT32.  I know the permissions for those
> >FSs are set when the device is mounted with options in fstab.  You
> >should be able to "chmod -w" the mount point (device is not mounted),
> >which should prevent writing.  Then when the device is mounted, the
> >options should change the permissions.  You can always try it and see
> >what happens.
> >I know if the device is formatted with ext3 then you simply
> >chmod/chown the directory after the device is mounted to change the
> >permissions on the device.  I don't recall whether these permissions
> >are seperate from those of the directory when nothing is mounted
> >there.  Again, I'd suggest just trying it and seeing what happens. 
> >You can always change it if it doesn't work.
> >
> >Jonathan
> >
> >  
> >
> Hi,
> nice idea, but change the permissions didn't help.
> I have made a chmod -rwx and d--------- looks good, but it didn't help.
> No permissions, but I still can write there.
> Alex
> 
You have 2 different aspects here. Filesystem vs mounted device.

Changing the mount point (filesystem) options does not affect the mount
options.  To have a partition mounted as read only, add the option "ro"
to the options column in /etc/fstab for that device.

Note: root can still write to the raw device, but it should prevent
writing to the filesystem when mounted.

As previously noted, root can write to a mount point/filesystem
regardless of its permissions.  The mount point is a directory on the
filesystem -- regardless of whether it has a device mounted there or
not.

To prevent writing to a directory that belongs to an unmounted device
you can handle that with several factors.

1.  Make the mount point owned by root, and writable only by root.  (The
system uses permissions 755 for most.)
2.  Work as a normal user the 99+ percent of the time you do not need
root privileges. (This prevents the regular user from writing to any
location that is restricted to root modification.)
3.  Make the mount point options include "rw,users,UID=XXX,GIC=XXX"
where XXX is your regular users UID and GID respectively.

Now when mounted the (fat or fat32) filesystem there (your USB stick)
will be usable by the regular user, but the directory will not be
writable by the same user when unmounted.