LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 03-10-2006, 04:18 PM   #1
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Rep: Reputation: 30
Advice on filesystem structure


Hi,
As a server admin, I've recently made a huge mistake and removed user data inadvertently. The mistake happened because of the way that I have my filesystem setup. The OS is FC4, and the environment is multiuser and educational. To ease access to data on the server, we've approached the system build with multiple groups and users, with shared write access to many resources that are needed for class. With the idea of moving toward a fully chroot jailed environment, I had to consider access to files in areas like /var. For example, the use of darcs repositories. I created a directory /var/www/darcs, and granted write permission to the darcs group. To allow chrooting, I then mounted that directory into the user's home directories:

Code:
/etc/fstab entry:

/var/www/darcs /home/[username]/repos none bind 0 0
This works quite well, and allows me to prevent the use of sym links, making ftp maintenance easier etc. Unfortunately, what I didn't consider was how I normally go about removing old user directories. My normal process of doing this is:

Code:
$ userdel [user]
$ pwd
/home
$ rm -rf [user]
Well, because of my filesystem structure, and the fact that the /var/www/darcs directory is directly mounted in the user's home directory, the rm -rf [user] command decended into each directory within the users home directory, including the /var/www/darcs directory, and now, I have destroyed that data. I don't believe that data was production yet, but the professor spent time getting those areas setup for the students to use.

So, what's my question? Well, thinking of chroot jails, vsftp not allowing symlinks, and many other problems associated to symlinks, how would you suggest I setup the system to allow full chroot jails, and also access to shared locations of the filesystem, protecting them from stupid mistakes like mine?

Thanks for any and all suggestions!
Mike.
 
Old 03-10-2006, 09:43 PM   #2
PenguinPwrdBox
Member
 
Registered: Oct 2003
Location: /illinois/chicago
Distribution: Slackware/Gentoo/FC/RHEL
Posts: 568

Rep: Reputation: 30
Keep doing what you are doing - except chown the shared portions of the filesystem to a system user account and group that is not in use anywhere else on the system. Then, using chmod, set the sticky bit recursively so that noone other than the files owner can change/delete them.

Your other option would be to NFS export the shared dir's RO, and mount them within the chroot jail.
 
Old 03-10-2006, 10:03 PM   #3
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Original Poster
Rep: Reputation: 30
is the sticky bit applicable to root though? I did the rm -rf as root. Thanks for the advice, I will do that to protect against the other users, and I'm working on scripts to handle deleting users to avoid forgetting to unmount etc.

Thanks!
Mike.
 
Old 03-14-2006, 09:56 AM   #4
mikeyt_333
Member
 
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353

Original Poster
Rep: Reputation: 30
Thanks for your advice on this, and for confirming that the way I am going about the filesystem structure is okay. I also spoke with a co-worker, and he suggested that a safer way of doing a recursive rm would be to use the find command which you can then limit to specific uid/gid, tell it not to leave the current filesystem, only go a certain depth to avoid removing all directories etc. I thought I'd share this incase anybody was following the thread and interested in other ways of safely rm -rf'ing. Thanks again!

Mike.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Advice on a HD filesystem endfx Linux - Hardware 3 07-30-2005 09:46 PM
ADVICE NEEDED: Best filesystem to use on second HDD when dual-booting? neocookie Linux - General 1 01-13-2005 08:10 AM
Filesystem structure Techformer Linux - Newbie 3 11-29-2004 04:35 PM
DISCUSSION: Virtual Filesystem: Building a Linux Filesystem from an Ordinary File mchirico LinuxAnswers Discussion 0 10-28-2004 11:35 PM
Encrypted Root Filesystem HOWTO and /dev filesystem tmillard Linux From Scratch 0 10-18-2004 04:58 PM


All times are GMT -5. The time now is 12:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration