LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Avoiding creation of files at some mount point. (https://www.linuxquestions.org/questions/linux-general-1/avoiding-creation-of-files-at-some-mount-point-4175536905/)

danielhilst 03-16-2015 11:59 AM
Avoiding creation of files at some mount point.
 
I have some embedded environment, on which there is a mount point called /media/card. This mount point receives the SDCard filesystem, where our application runs. We have some problems of card not being inserted, and people wrongly copying data to this mount point - via SFTP. The safe-lock implemented by me was put some check on application's startup script to do not execute if /media/card isn't mounted. I do this by greping /proc/mounts.

I want to know if there is a way to put all tree below /media/card, while umounted, in read-only and when SDCard got mounted, overwrite permissions setted that tree. I've tryied to setup permissions, but even with chmod 000 /media/card, I still can create files, I mean, touch /media/card/foo works.

Since I'm running from a flash disk, the filesystem used is jffs2. Running applications that logs to filesystem can harm whole environment after some time, so I would like to have something more secure.

Best regards,
Daniel

jailbait 03-16-2015 03:54 PM
Quote:
Originally Posted by danielhilst (Post 5332970)
The safe-lock implemented by me was put some check on application's startup script to do not execute if /media/card isn't mounted. I do this by greping /proc/mounts.
Could you do the mount in the application startup script? If so, then you could check the mount command for successful completion. The command would look someting like this:

# Mount the flash drive
if ! (mount -L charlie /media/card);
then
echo "mount failed for flash card"
exit
fi

suicidaleggroll 03-16-2015 04:25 PM
Could you just remove the directory if the mount is unsuccessful? What is this "tree" you're speaking of? If the card is not mounted, the mount point should just be an empty directory.

danielhilst 03-17-2015 11:27 AM
With tree I mean all directories below /media/card, like /media/card/app/foo/bar/etc... I wan't to prohibit the user from writing on /media/card when no filesystem is mounted on it. Something like this

touch /media/card/foo # Error, pohibited. /media/card on same filesystem as /
mount /dev/sdb1 /media/card
touch /media/card/foo # Ok!

The ideia is to pohibit user to write data below /media/card on root filesystem, and permit on other filesystem (usually vfat)

I think about removing the card directory at all, and create on auto-mount.sh script (udev stuff), and remove on umount. This way no mount point exists when no filesystem is mounted on it. But I don't know if this script will run if the machine boots with SDCard inserted already. I'm gonna test it..

Regards,
Daniel

suicidaleggroll 03-17-2015 11:32 AM
Is it root you're trying to stop from writing to this directory, or another user? You can't stop root from doing anything, root can do whatever it wants, but it would be pretty easy to block a regular user from writing to that directory when the card is not mounted.

danielhilst 03-18-2015 05:07 AM
I see, it's root user. So this would be fixed if I use proper users, true. I'll try this! Thanks for suggestion!!

Keith Hedger 03-18-2015 11:52 AM
You can test if something is mounted on a folder with the 'mountpoint' command eg
Code:
keithhedger@LFSStarBug:/tmp-> mountpoint /etc
/etc is not a mountpoint
keithhedger@LFSStarBug:/tmp-> mountpoint /dev
/dev is a mountpoint
keithhedger@LFSStarBug:/tmp->

cepheus11 03-18-2015 12:06 PM
Mount another filesystem there with options=ro.


All times are GMT -5. The time now is 10:49 PM.