LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   How do I create a read-only bind mount in fstab? (http://www.linuxquestions.org/questions/linux-general-1/how-do-i-create-a-read-only-bind-mount-in-fstab-778248/)

ShiningMasamune 12-26-2009 09:24 PM

How do I create a read-only bind mount in fstab?
 
Greetings all. I see that it is possible to create a read-only bind mount by first mounting regularly with mount --bind and then remounting as ro. But how do I go about putting that in fstab so that I can have it mounted as read-only on startup?

TruongAn 12-27-2009 06:11 AM

Quote:

Originally Posted by ShiningMasamune (Post 3805563)
Greetings all. I see that it is possible to create a read-only bind mount by first mounting regularly with mount --bind and then remounting as ro. But how do I go about putting that in fstab so that I can have it mounted as read-only on startup?

Can you tell us why do you need to bind it on startup? mount it as read only in the first place would be easier though ??
For your problem, I think you can try put those two mount command in the bash startup file or make a shell script and put it in /etc/init.d

ShiningMasamune 12-27-2009 01:30 PM

I'm using read-only bind mounts to allow untrusted users to access my secure backup volume. That way, only root can write to the volume to make backups (as I have the real mount point in /root), but other users can have read access. From what I can see, this application was one of the major motivations from implementing read-only bind mounts in the first place.

I realize I could put those two commands in a shell script and put that in init.d, but that seems somewhat inelegant to me. Is there no way to do it with fstab?

colucix 12-27-2009 02:44 PM

Suppose you want to bind /volume to /mnt:
Code:

/volume    /mnt    none    bind            0 0
/mnt        /mnt    none    remount,ro      0 0

Just note that I cannot successfully remount /mnt if the binded directory is not in its own partition. The error is:
Code:

mount: /mnt is busy
I think this is related to a kernel bug or something, since if I try the lsof command on /mnt just after the bind mount, it states that /mnt is extremely busy (a lot of unrelated processes seems to keep it busy).

By the way, if you successfully remount the bind point as readonly from the command line, the above mentioned fstab entries should work for you.

felixk 12-27-2009 04:02 PM

Quote:

Originally Posted by ShiningMasamune (Post 3805563)
Greetings all. I see that it is possible to create a read-only bind mount by first mounting regularly with mount --bind and then remounting as ro. But how do I go about putting that in fstab so that I can have it(?) mounted as read-only on startup?

What is the "it" that you want to mount as "read-only" on startup?
The answer to your problem is either very simple or beyond my abilities.
Here is a current (read/write) entry in my /etc/fstab:

/dev/hdb2 /mnt/puppy ext3 rw,user,noauto 0 2

If I wanted the partition to (permanently) be "read-only", the entry would read:

/dev/hdb2 /mnt/puppy ext3 ro,user,noauto 0 2

No need to invoke the "--bind" option.

felixk

ShiningMasamune 12-27-2009 04:35 PM

colucix, I'm afraid your solution doesn't work for me. I put exactly what you wrote in fstab (changing the paths of course) but upon booting, I see "mount: /mnt not mounted already, or bad option". /volume is not mounted at /mnt when I check. Strangely, when I comment out the second line, then then mount is created fine (but rw).

felixk, I'm trying to make the bind read-only, not the device mount point.

colucix 12-27-2009 05:10 PM

Just out of curiosity, which commands do you issued when you did the bind mount and then remounted it read-only? Also which kernel are you running? The read-only bind mounts are supported since 2.6.26.

Here is what I get from my attempt, after inserting the above lines in my /etc/fstab (running kernel 2.6.27 in Opensuse 11.1)
Code:

# mount -a
# mount
<omitted>
/volume on /mnt type none (ro)
# cat > /mnt/testfile
-bash: /mnt/testfile: Read-only file system


ShiningMasamune 12-27-2009 05:18 PM

I used:
mount --bind /volume /mnt
mount -o remount,ro /mnt

I'm on 2.6.31, fresh after upgrading to Karmic Koala.

And I just discovered something: When I have both lines in fstab, it coughs up those errors on boot. However, when I do mount -a after booting, it works fine and just as expected. This leads me to believe that the issue is probably related to the other boot problems I'm experiencing over in:
http://www.linuxquestions.org/questi...arting-778356/
Note that the "mountall: Event failed" thing I mention happens without either of the new lines in my fstab, so it's not caused by this issue.

colucix 12-27-2009 06:14 PM

I cannot tell for sure if this specific issue is related to the problems at boot, but indeed mount -a should mimic what happens at boot. Hence, I agree that there must be a relationship between this and the boot problems.

I don't replay to your other thread to not remove it from the "zero reply" list (so it will be bumped in the next hours) but looking at the ubuntu bug reports I found this and some other bugs related to mountall. Let's hope they release a more stable version of the involved packages soon. Good luck! :)

rlhartmann 12-27-2009 10:21 PM

Modified from colucix,

I believe there was a typo, it should be something like

Quote:

/dev/sdb1 /mnt none vfat 0 0
/mnt /mnt_ro none bind,ro 0 0

You first have to mount the physical file system, could be vfat, ext2, ext3, etc,
then mount into a different location as read-only with a different mount point.

colucix 12-28-2009 03:26 AM

Hi rlhartmann,

that was not a typo. I started from the assumption that "the filesystem mount options will remain the same as those on the original mount point, and cannot be changed by passing the -o option along with --bind" from the man page of mount. The same is stated in this article, cited by the kernel developers. This is (apparently) the reason why you have to remount the filesystem to change options. Therefore I used the same source and destination mount point in the second line:
Code:

/volume    /mnt    none    bind            0 0
/mnt        /mnt    none    remount,ro      0 0

Anyway, I said "apparently" because I tried your suggestion:
Code:

/volume    /mnt    none    bind,ro        0 0
and it works for me! That is the filesystem is bind mounted read-only, despite the previous assertions (I tested as in my previous post and I cannot create a file under the binded mount point). This is a chance for the OP to try out.

Thank you for the notice! :)

/dev/kev 01-28-2010 10:01 PM

Quote:

Originally Posted by colucix (Post 3806535)
... I tried your suggestion:
Code:

/volume    /mnt    none    bind,ro        0 0
and it works for me! That is the filesystem is bind mounted read-only, despite the previous assertions (I tested as in my previous post and I cannot create a file under the binded mount point). This is a chance for the OP to try out.

Am I missing something? On my Slackware 13 system (with mainline 2.6.32.3 kernel), bind mounting directly as ro still (silently) fails, while mounting normally and then remounting as ro works. And there still doesn't appear to be any way to have the two operations done automatically from fstab (short of writing a wrapper shell script for mount, which is hardly more elegant that just shoving stuff in rc.local or similar)...

colucix 01-29-2010 08:57 AM

Hi /dev/kev and welcome to LQ!
Quote:

Originally Posted by /dev/kev (Post 3844348)
Am I missing something? On my Slackware 13 system (with mainline 2.6.32.3 kernel), bind mounting directly as ro still (silently) fails, while mounting normally and then remounting as ro works.

That's true. I noticed that the behaviour is different for different Linux flavors. Besides my previous test on OpenSuse running kernel 2.6.27 (where the direct readonly bind mount works) I tried:

1) Fedora, 2.6.25 --> it works
2) VectorLinux (slackware based), 2.6.27 --> it doesn't work

Unfortunately this is a still poor documented feature and I cannot tell for sure what's going on behind the scenes.

/dev/kev 02-17-2010 06:34 PM

Okay then, thanks for that. It sounds like some vendors are including patches for it in their kernels, which gives me reasonable hope that it'll be included in the stock kernel at some point in time.

scheidel21 05-06-2012 10:28 PM

I am going to show off my necromancy skills and resurrect this thread, although briefly. Why not cheat and add the mount command to the rc.local file?


All times are GMT -5. The time now is 05:39 AM.