Mounting FS read-only for specific user (or root)

Andrew Bradford a-bb at gmx.net
Thu Feb 21 21:23:37 UTC 2008


Mel escribió:
> On Thursday 21 February 2008 20:32:37 Andrew Bradford wrote:
>   
>> Erik Norgaard escribió:
>>     
>>> I assume the reasoning for this is you want to preserve permissions
>>> and attributes on your backup, so you can't solve this simply by
>>> setting permissions appropriately.
>>>       
>> Yes, exactly.  Users need to be able to see their own backups, and
>> nobody else's.
>>     
>
> Isn't this what acl's are for? See setfacl(8). I haven't looked into it in 
> great detail but seems to me that if you make a subdir owned by the user for 
> each backup root for that user and set the acl to only be accessible by user, 
> it should work.
>   
I can't test it on my system at the moment, but wouldn't acls make the 
files writable for general users?  The backup filesystem needs to be 
mounted read-write for root only, and read-only for general users, yet 
maintain ownership and permissions.

Is it possible to use acls to revoke normal UNIX permissions on a 
directory hierarchy?  I.e. use acls to limit users from writing to the 
read-write backup filesystem.


More information about the freebsd-questions mailing list