Avoiding creation of files at some mount point.
I have some embedded environment, on which there is a mount point called /media/card. This mount point receives the SDCard filesystem, where our application runs. We have some problems of card not being inserted, and people wrongly copying data to this mount point - via SFTP. The safe-lock implemented by me was put some check on application's startup script to do not execute if /media/card isn't mounted. I do this by greping /proc/mounts.
I want to know if there is a way to put all tree below /media/card, while umounted, in read-only and when SDCard got mounted, overwrite permissions setted that tree. I've tryied to setup permissions, but even with chmod 000 /media/card, I still can create files, I mean, touch /media/card/foo works. Since I'm running from a flash disk, the filesystem used is jffs2. Running applications that logs to filesystem can harm whole environment after some time, so I would like to have something more secure. Best regards, Daniel |
Quote:
# Mount the flash drive if ! (mount -L charlie /media/card); then echo "mount failed for flash card" exit fi |
Could you just remove the directory if the mount is unsuccessful? What is this "tree" you're speaking of? If the card is not mounted, the mount point should just be an empty directory.
|
With tree I mean all directories below /media/card, like /media/card/app/foo/bar/etc... I wan't to prohibit the user from writing on /media/card when no filesystem is mounted on it. Something like this
touch /media/card/foo # Error, pohibited. /media/card on same filesystem as / mount /dev/sdb1 /media/card touch /media/card/foo # Ok! The ideia is to pohibit user to write data below /media/card on root filesystem, and permit on other filesystem (usually vfat) I think about removing the card directory at all, and create on auto-mount.sh script (udev stuff), and remove on umount. This way no mount point exists when no filesystem is mounted on it. But I don't know if this script will run if the machine boots with SDCard inserted already. I'm gonna test it.. Regards, Daniel |
Is it root you're trying to stop from writing to this directory, or another user? You can't stop root from doing anything, root can do whatever it wants, but it would be pretty easy to block a regular user from writing to that directory when the card is not mounted.
|
I see, it's root user. So this would be fixed if I use proper users, true. I'll try this! Thanks for suggestion!!
|
You can test if something is mounted on a folder with the 'mountpoint' command eg
Code:
keithhedger@LFSStarBug:/tmp-> mountpoint /etc |
Mount another filesystem there with options=ro.
|
All times are GMT -5. The time now is 10:49 PM. |