Mounting FS read-only for specific user (or root)
Andrew Bradford
a-bb at gmx.net
Thu Feb 21 21:23:37 UTC 2008
Mel escribió:
> On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote:
>
>> Erik Norgaard escribió:
>>
>>> I assume the reasoning for this is you want to preserve permissions
>>> and attributes on your backup, so you can't solve this simply by
>>> setting permissions appropriately.
>>>
>> Yes, exactly. Users need to be able to see their own backups, and
>> nobody else's.
>>
>
> Isn't this what acl's are for? See setfacl(8). I haven't looked into it in
> great detail but seems to me that if you make a subdir owned by the user for
> each backup root for that user and set the acl to only be accessible by user,
> it should work.
>
I can't test it on my system at the moment, but wouldn't acls make the
files writable for general users? The backup filesystem needs to be
mounted read-write for root only, and read-only for general users, yet
maintain ownership and permissions.
Is it possible to use acls to revoke normal UNIX permissions on a
directory hierarchy? I.e. use acls to limit users from writing to the
read-write backup filesystem.
More information about the freebsd-questions
mailing list