mounting filesytem for homedir

Fri May 23 13:42:35 UTC 2008

On Fri, 2008-05-23 at 15:02 +0200, Erik Slagter wrote:
> Roger Heflin wrote:
> > Guillaume wrote:
> 
> >> i try to mount EXT3 partition in the /home/username directory but i'm
> >> hae some issue with ACL.
> >> here is the process i use to reach this goal:
> >>  * create the user
> >>  * check the ACLs on this directory ( /home/user 770 user:user)
> >>  * check the group on the special file ( /dev/sda1 root:user)
> >>  * mount the filesystem (fsttab => /dev/sda1 /home/backup ext3
> >> iocharset=utf8,group,noatime )
> >>  ->> fail... only user root can do this.
> >>  * if i mount the filesystem with the superuser ACL on the directory
> >> /home/user change and look like this : (/home/user 775 root:root)
> >>    this is not good and i would like to have 770 user:user
> 
>   > You need to make sure that /home/user has the correct permission on it
> > before
> > you mount the disk, and then after you mount the disk you need to again 
> > make
> > sure the correct permission is on /home/user.
> > 
> > If you have user:user on /home/user before the mount, but not on /home/user
> > after the mount (actually on "." on the filesystem on the disk part) 
> > then the most  restrictive of the two permissions will be used.  If 
> > either permission is wrong, there will be problems.   It is not 
> > typically a problem with directories like home since /home is owned by 
> > root, but is a problem when a user owns the entire partition filesystem.
> 
> Bzzzzt.
> 
> The mode of the directory the filesystem is going to be mounted on 
> doesn't have any impact on the mode/rights of the mounted filesystem, 
> including the "root" of the mounted file system.
> 
> You should see it as a filesystem that is overlayed on the directory 
> you're mounting on (e.g. /home/user). At the moment the filesystem is 
> mounted on /home/user, the original /home/user directory becomes 
> completely invisible and unreachable. Every reference to /home/user/* 
> including /home/user itself is redirected to the mounted filesystem.
> 
> So... if I understand the OP correctly, he wants to change the file mode 
> on the "root" of the mounted filesystem, not the "mount"-directory in 
> the root file system. There is only one way to achieve that: mount the 
> filesystem and then change the directory's mode (and owner etc.). You 
> probably have to do this as root, as it's very probable that your 
> "normal" user doesn't have the proper rights.
> 
> Maybe it helps if I give an example, this is the way I do it: I have an 
> ext3 filesystem on /dev/sdd2 and a directory /var/backup that is used as 
> the mount point. The directory /var/backup is owned by root and has file 
> mode 000 (d---------). You can safely do this and I even recommend it, 
> as it prevents any access to this directory when the filesystem is not 
> mounted (for whatever reason). As soon as I mount /dev/sdd2 on 
> /var/backup, the owner of this directory becomes bacula and the file 
> mode becomes 775 (drwxrwxr-x) because that is how it's stored in the 
> file system on /dev/sdd2. After unmounting, this becomes 000/root again.
> 
> If you want to be able to mount the file system as non-root you either 
> need to:
>   - use automount or
>   - specify the "user" option in fstab (as root) (you cannot do this 
> from the command line for security purposes), but please note that now 
> anybody can mount the filesystem (although with a bit limited 
> functionality, no dev/no suid/no exec).

You can make it slightly more restrictive by using the 'owner' or
'group' options, but that means matching the owner (resp. group) of the
special file to the user.

poc