[SOLVED] Avoiding creation of files at some mount point.
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have some embedded environment, on which there is a mount point called /media/card. This mount point receives the SDCard filesystem, where our application runs. We have some problems of card not being inserted, and people wrongly copying data to this mount point - via SFTP. The safe-lock implemented by me was put some check on application's startup script to do not execute if /media/card isn't mounted. I do this by greping /proc/mounts.
I want to know if there is a way to put all tree below /media/card, while umounted, in read-only and when SDCard got mounted, overwrite permissions setted that tree. I've tryied to setup permissions, but even with chmod 000 /media/card, I still can create files, I mean, touch /media/card/foo works.
Since I'm running from a flash disk, the filesystem used is jffs2. Running applications that logs to filesystem can harm whole environment after some time, so I would like to have something more secure.
The safe-lock implemented by me was put some check on application's startup script to do not execute if /media/card isn't mounted. I do this by greping /proc/mounts.
Could you do the mount in the application startup script? If so, then you could check the mount command for successful completion. The command would look someting like this:
# Mount the flash drive
if ! (mount -L charlie /media/card);
then
echo "mount failed for flash card"
exit
fi
Could you just remove the directory if the mount is unsuccessful? What is this "tree" you're speaking of? If the card is not mounted, the mount point should just be an empty directory.
With tree I mean all directories below /media/card, like /media/card/app/foo/bar/etc... I wan't to prohibit the user from writing on /media/card when no filesystem is mounted on it. Something like this
touch /media/card/foo # Error, pohibited. /media/card on same filesystem as /
mount /dev/sdb1 /media/card
touch /media/card/foo # Ok!
The ideia is to pohibit user to write data below /media/card on root filesystem, and permit on other filesystem (usually vfat)
I think about removing the card directory at all, and create on auto-mount.sh script (udev stuff), and remove on umount. This way no mount point exists when no filesystem is mounted on it. But I don't know if this script will run if the machine boots with SDCard inserted already. I'm gonna test it..
Is it root you're trying to stop from writing to this directory, or another user? You can't stop root from doing anything, root can do whatever it wants, but it would be pretty easy to block a regular user from writing to that directory when the card is not mounted.
Distribution: Void, Linux From Scratch, Slackware64
Posts: 3,150
Rep:
You can test if something is mounted on a folder with the 'mountpoint' command eg
Code:
keithhedger@LFSStarBug:/tmp-> mountpoint /etc
/etc is not a mountpoint
keithhedger@LFSStarBug:/tmp-> mountpoint /dev
/dev is a mountpoint
keithhedger@LFSStarBug:/tmp->
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.