On Fri, 2008-05-23 at 15:02 +0200, Erik Slagter wrote: > Roger Heflin wrote: > > Guillaume wrote: > > >> i try to mount EXT3 partition in the /home/username directory but i'm > >> hae some issue with ACL. > >> here is the process i use to reach this goal: > >> * create the user > >> * check the ACLs on this directory ( /home/user 770 user:user) > >> * check the group on the special file ( /dev/sda1 root:user) > >> * mount the filesystem (fsttab => /dev/sda1 /home/backup ext3 > >> iocharset=utf8,group,noatime ) > >> ->> fail... only user root can do this. > >> * if i mount the filesystem with the superuser ACL on the directory > >> /home/user change and look like this : (/home/user 775 root:root) > >> this is not good and i would like to have 770 user:user > > > You need to make sure that /home/user has the correct permission on it > > before > > you mount the disk, and then after you mount the disk you need to again > > make > > sure the correct permission is on /home/user. > > > > If you have user:user on /home/user before the mount, but not on /home/user > > after the mount (actually on "." on the filesystem on the disk part) > > then the most restrictive of the two permissions will be used. If > > either permission is wrong, there will be problems. It is not > > typically a problem with directories like home since /home is owned by > > root, but is a problem when a user owns the entire partition filesystem. > > Bzzzzt. > > The mode of the directory the filesystem is going to be mounted on > doesn't have any impact on the mode/rights of the mounted filesystem, > including the "root" of the mounted file system. > > You should see it as a filesystem that is overlayed on the directory > you're mounting on (e.g. /home/user). At the moment the filesystem is > mounted on /home/user, the original /home/user directory becomes > completely invisible and unreachable. Every reference to /home/user/* > including /home/user itself is redirected to the mounted filesystem. > > So... if I understand the OP correctly, he wants to change the file mode > on the "root" of the mounted filesystem, not the "mount"-directory in > the root file system. There is only one way to achieve that: mount the > filesystem and then change the directory's mode (and owner etc.). You > probably have to do this as root, as it's very probable that your > "normal" user doesn't have the proper rights. > > Maybe it helps if I give an example, this is the way I do it: I have an > ext3 filesystem on /dev/sdd2 and a directory /var/backup that is used as > the mount point. The directory /var/backup is owned by root and has file > mode 000 (d---------). You can safely do this and I even recommend it, > as it prevents any access to this directory when the filesystem is not > mounted (for whatever reason). As soon as I mount /dev/sdd2 on > /var/backup, the owner of this directory becomes bacula and the file > mode becomes 775 (drwxrwxr-x) because that is how it's stored in the > file system on /dev/sdd2. After unmounting, this becomes 000/root again. > > If you want to be able to mount the file system as non-root you either > need to: > - use automount or > - specify the "user" option in fstab (as root) (you cannot do this > from the command line for security purposes), but please note that now > anybody can mount the filesystem (although with a bit limited > functionality, no dev/no suid/no exec). You can make it slightly more restrictive by using the 'owner' or 'group' options, but that means matching the owner (resp. group) of the special file to the user. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
