Mount device as RW for root and RO for everyone else
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a device I want to mount for root with full permissions and for everyone else as readonly. The man page tells me this is possible.
So:
sudo mkdir /mnt/foosudo mkdir /mnt/fooReadOnlysudo chmod 700 /mnt/foo(rw for root only)sudo chmod 555 /mnt/fooReadOnly(ro / browse for everyone)- ensure device
/dev/sdaXis mounted as/mnt/foo
Then I did what the man page suggested:
sudo mount --bind /mnt/foo /mnt/fooReadOnlysudo mount -o remount,bind,ro /mnt/foo /mnt/fooReadOnly
Now to test:
ls /mnt/foo-->Permission denied...CORRECTsudo ls /mnt/fooworks ..CORRECTls /mnt/fooReadOnly-->Permission denied...INCORRECT?
I cannot change anything on that bind mount, it tells me Read-only file system.
How do I fix this?
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
ubuntu permissions mount fstab readonly
asked May 16 at 16:43
lonix
645
add a comment |Â
up vote
0
down vote
favorite
I have a device I want to mount for root with full permissions and for everyone else as readonly. The man page tells me this is possible.
So:
sudo mkdir /mnt/foosudo mkdir /mnt/fooReadOnlysudo chmod 700 /mnt/foo(rw for root only)sudo chmod 555 /mnt/fooReadOnly(ro / browse for everyone)- ensure device
/dev/sdaXis mounted as/mnt/foo
Then I did what the man page suggested:
sudo mount --bind /mnt/foo /mnt/fooReadOnlysudo mount -o remount,bind,ro /mnt/foo /mnt/fooReadOnly
Now to test:
ls /mnt/foo-->Permission denied...CORRECTsudo ls /mnt/fooworks ..CORRECTls /mnt/fooReadOnly-->Permission denied...INCORRECT?
I cannot change anything on that bind mount, it tells me Read-only file system.
How do I fix this?
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
ubuntu permissions mount fstab readonly
asked May 16 at 16:43
lonix
645
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a device I want to mount for root with full permissions and for everyone else as readonly. The man page tells me this is possible.
So:
sudo mkdir /mnt/foosudo mkdir /mnt/fooReadOnlysudo chmod 700 /mnt/foo(rw for root only)sudo chmod 555 /mnt/fooReadOnly(ro / browse for everyone)- ensure device
/dev/sdaXis mounted as/mnt/foo
Then I did what the man page suggested:
sudo mount --bind /mnt/foo /mnt/fooReadOnlysudo mount -o remount,bind,ro /mnt/foo /mnt/fooReadOnly
Now to test:
ls /mnt/foo-->Permission denied...CORRECTsudo ls /mnt/fooworks ..CORRECTls /mnt/fooReadOnly-->Permission denied...INCORRECT?
I cannot change anything on that bind mount, it tells me Read-only file system.
How do I fix this?
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
ubuntu permissions mount fstab readonly
asked May 16 at 16:43
lonix
645
I have a device I want to mount for root with full permissions and for everyone else as readonly. The man page tells me this is possible.
So:
sudo mkdir /mnt/foosudo mkdir /mnt/fooReadOnlysudo chmod 700 /mnt/foo(rw for root only)sudo chmod 555 /mnt/fooReadOnly(ro / browse for everyone)- ensure device
/dev/sdaXis mounted as/mnt/foo
Then I did what the man page suggested:
sudo mount --bind /mnt/foo /mnt/fooReadOnlysudo mount -o remount,bind,ro /mnt/foo /mnt/fooReadOnly
Now to test:
ls /mnt/foo-->Permission denied...CORRECTsudo ls /mnt/fooworks ..CORRECTls /mnt/fooReadOnly-->Permission denied...INCORRECT?
I cannot change anything on that bind mount, it tells me Read-only file system.
How do I fix this?
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
ubuntu permissions mount fstab readonly
asked May 16 at 16:43
lonix
645
asked May 16 at 16:43
lonix
645
asked May 16 at 16:43
lonix
645
asked May 16 at 16:43
lonix
645
645
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48
add a comment |Â
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I have a device I want to mount for root with full permissions and for everyone else as readonly.
sudo mkdir /root/mnt/foosudo mkdir /mnt/fooReadOnlymount -oro /dev/sdaX /mnt/foo- This ensures device /dev/sdaX is mounted readonly on /mnt/foo. I set this up first, because it is not possible to create a read-only bind mount in a single step. I don't want to let users access a read-write bind mount, even for an instant.
ls -ld /root- double-check this shows the modedr-xr-x---and ownerroot root.sudo mount --bind /mnt/fooReadOnly /root/mnt/foosudo mount -oremount,rw /root/mnt/foo
Try the above commands. After each mount command, you can run grep foo /proc/self/mountinfo, which shows the per-filesystem and per-mountpoint flags in separate columns.
To understand this, know that mount -oremount,rw (or mount -oremount,ro) changes both the per-filesystem flag and the per-mountpoint flag at the same time. But it does not affect the per-mountpoint flag of the other mount point(s).
It is not possible to try the above commands inside a user namespace (unshare -rm), even if you switch to mounting a tmpfs instead of sdaX. It fails with "permission denied" at mount -oremount,rw. Instead you would have to use the following sequence:
mount tmp -ttmpfs /root/mnt/foomount --bind /root/mnt/foo /root/mnt/fooReadOnlymount -oremount,bind,ro /root/mnt/fooReadOnlymount --bind /root/mnt/fooReadOnly /mnt/fooReadOnly
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
I would recommend not adapting the first sequence to fstab, because it is too much of a hack. You can adapt the second ordering instead.
/dev/sdaX /root/mnt/foo ...
/root/mnt/foo /root/mnt/fooReadOnly none bind,ro
/root/fooReadOnly /mnt/fooReadOnly none bind
answered May 16 at 19:01
sourcejedi
18.2k22475
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I domount -oro /dev/sdaX /mnt/fooI tryls /mnt/foobut get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?
– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Checkls -ld /mnt/foo(after mounting it).
– sourcejedi
May 18 at 9:31
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I have a device I want to mount for root with full permissions and for everyone else as readonly.
sudo mkdir /root/mnt/foosudo mkdir /mnt/fooReadOnlymount -oro /dev/sdaX /mnt/foo- This ensures device /dev/sdaX is mounted readonly on /mnt/foo. I set this up first, because it is not possible to create a read-only bind mount in a single step. I don't want to let users access a read-write bind mount, even for an instant.
ls -ld /root- double-check this shows the modedr-xr-x---and ownerroot root.sudo mount --bind /mnt/fooReadOnly /root/mnt/foosudo mount -oremount,rw /root/mnt/foo
Try the above commands. After each mount command, you can run grep foo /proc/self/mountinfo, which shows the per-filesystem and per-mountpoint flags in separate columns.
To understand this, know that mount -oremount,rw (or mount -oremount,ro) changes both the per-filesystem flag and the per-mountpoint flag at the same time. But it does not affect the per-mountpoint flag of the other mount point(s).
It is not possible to try the above commands inside a user namespace (unshare -rm), even if you switch to mounting a tmpfs instead of sdaX. It fails with "permission denied" at mount -oremount,rw. Instead you would have to use the following sequence:
mount tmp -ttmpfs /root/mnt/foomount --bind /root/mnt/foo /root/mnt/fooReadOnlymount -oremount,bind,ro /root/mnt/fooReadOnlymount --bind /root/mnt/fooReadOnly /mnt/fooReadOnly
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
I would recommend not adapting the first sequence to fstab, because it is too much of a hack. You can adapt the second ordering instead.
/dev/sdaX /root/mnt/foo ...
/root/mnt/foo /root/mnt/fooReadOnly none bind,ro
/root/fooReadOnly /mnt/fooReadOnly none bind
answered May 16 at 19:01
sourcejedi
18.2k22475
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I domount -oro /dev/sdaX /mnt/fooI tryls /mnt/foobut get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?
– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Checkls -ld /mnt/foo(after mounting it).
– sourcejedi
May 18 at 9:31
add a comment |Â
up vote
0
down vote
I have a device I want to mount for root with full permissions and for everyone else as readonly.
sudo mkdir /root/mnt/foosudo mkdir /mnt/fooReadOnlymount -oro /dev/sdaX /mnt/foo- This ensures device /dev/sdaX is mounted readonly on /mnt/foo. I set this up first, because it is not possible to create a read-only bind mount in a single step. I don't want to let users access a read-write bind mount, even for an instant.
ls -ld /root- double-check this shows the modedr-xr-x---and ownerroot root.sudo mount --bind /mnt/fooReadOnly /root/mnt/foosudo mount -oremount,rw /root/mnt/foo
Try the above commands. After each mount command, you can run grep foo /proc/self/mountinfo, which shows the per-filesystem and per-mountpoint flags in separate columns.
To understand this, know that mount -oremount,rw (or mount -oremount,ro) changes both the per-filesystem flag and the per-mountpoint flag at the same time. But it does not affect the per-mountpoint flag of the other mount point(s).
It is not possible to try the above commands inside a user namespace (unshare -rm), even if you switch to mounting a tmpfs instead of sdaX. It fails with "permission denied" at mount -oremount,rw. Instead you would have to use the following sequence:
mount tmp -ttmpfs /root/mnt/foomount --bind /root/mnt/foo /root/mnt/fooReadOnlymount -oremount,bind,ro /root/mnt/fooReadOnlymount --bind /root/mnt/fooReadOnly /mnt/fooReadOnly
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
I would recommend not adapting the first sequence to fstab, because it is too much of a hack. You can adapt the second ordering instead.
/dev/sdaX /root/mnt/foo ...
/root/mnt/foo /root/mnt/fooReadOnly none bind,ro
/root/fooReadOnly /mnt/fooReadOnly none bind
answered May 16 at 19:01
sourcejedi
18.2k22475
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I domount -oro /dev/sdaX /mnt/fooI tryls /mnt/foobut get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?
– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Checkls -ld /mnt/foo(after mounting it).
– sourcejedi
May 18 at 9:31
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I have a device I want to mount for root with full permissions and for everyone else as readonly.
sudo mkdir /root/mnt/foosudo mkdir /mnt/fooReadOnlymount -oro /dev/sdaX /mnt/foo- This ensures device /dev/sdaX is mounted readonly on /mnt/foo. I set this up first, because it is not possible to create a read-only bind mount in a single step. I don't want to let users access a read-write bind mount, even for an instant.
ls -ld /root- double-check this shows the modedr-xr-x---and ownerroot root.sudo mount --bind /mnt/fooReadOnly /root/mnt/foosudo mount -oremount,rw /root/mnt/foo
Try the above commands. After each mount command, you can run grep foo /proc/self/mountinfo, which shows the per-filesystem and per-mountpoint flags in separate columns.
To understand this, know that mount -oremount,rw (or mount -oremount,ro) changes both the per-filesystem flag and the per-mountpoint flag at the same time. But it does not affect the per-mountpoint flag of the other mount point(s).
It is not possible to try the above commands inside a user namespace (unshare -rm), even if you switch to mounting a tmpfs instead of sdaX. It fails with "permission denied" at mount -oremount,rw. Instead you would have to use the following sequence:
mount tmp -ttmpfs /root/mnt/foomount --bind /root/mnt/foo /root/mnt/fooReadOnlymount -oremount,bind,ro /root/mnt/fooReadOnlymount --bind /root/mnt/fooReadOnly /mnt/fooReadOnly
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
I would recommend not adapting the first sequence to fstab, because it is too much of a hack. You can adapt the second ordering instead.
/dev/sdaX /root/mnt/foo ...
/root/mnt/foo /root/mnt/fooReadOnly none bind,ro
/root/fooReadOnly /mnt/fooReadOnly none bind
answered May 16 at 19:01
sourcejedi
18.2k22475
I have a device I want to mount for root with full permissions and for everyone else as readonly.
sudo mkdir /root/mnt/foosudo mkdir /mnt/fooReadOnlymount -oro /dev/sdaX /mnt/foo- This ensures device /dev/sdaX is mounted readonly on /mnt/foo. I set this up first, because it is not possible to create a read-only bind mount in a single step. I don't want to let users access a read-write bind mount, even for an instant.
ls -ld /root- double-check this shows the modedr-xr-x---and ownerroot root.sudo mount --bind /mnt/fooReadOnly /root/mnt/foosudo mount -oremount,rw /root/mnt/foo
Try the above commands. After each mount command, you can run grep foo /proc/self/mountinfo, which shows the per-filesystem and per-mountpoint flags in separate columns.
To understand this, know that mount -oremount,rw (or mount -oremount,ro) changes both the per-filesystem flag and the per-mountpoint flag at the same time. But it does not affect the per-mountpoint flag of the other mount point(s).
It is not possible to try the above commands inside a user namespace (unshare -rm), even if you switch to mounting a tmpfs instead of sdaX. It fails with "permission denied" at mount -oremount,rw. Instead you would have to use the following sequence:
mount tmp -ttmpfs /root/mnt/foomount --bind /root/mnt/foo /root/mnt/fooReadOnlymount -oremount,bind,ro /root/mnt/fooReadOnlymount --bind /root/mnt/fooReadOnly /mnt/fooReadOnly
Also, how do I add this to /etc/fstab so that it will automatically remount on boot?
I would recommend not adapting the first sequence to fstab, because it is too much of a hack. You can adapt the second ordering instead.
/dev/sdaX /root/mnt/foo ...
/root/mnt/foo /root/mnt/fooReadOnly none bind,ro
/root/fooReadOnly /mnt/fooReadOnly none bind
answered May 16 at 19:01
sourcejedi
18.2k22475
edited May 16 at 19:27
answered May 16 at 19:01
sourcejedi
18.2k22475
answered May 16 at 19:01
sourcejedi
18.2k22475
answered May 16 at 19:01
sourcejedi
18.2k22475
18.2k22475
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I domount -oro /dev/sdaX /mnt/fooI tryls /mnt/foobut get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?
– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Checkls -ld /mnt/foo(after mounting it).
– sourcejedi
May 18 at 9:31
add a comment |Â
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I domount -oro /dev/sdaX /mnt/fooI tryls /mnt/foobut get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?
– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Checkls -ld /mnt/foo(after mounting it).
– sourcejedi
May 18 at 9:31
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I do
mount -oro /dev/sdaX /mnt/foo I try ls /mnt/foo but get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?– lonix
May 18 at 8:24
Lots to digest... new to this! I still have trouble getting the RO mount to work. Once I do
mount -oro /dev/sdaX /mnt/foo I try ls /mnt/foo but get "Permission denied" which shouldn't happen, as it's intended to be RO by anyone?– lonix
May 18 at 8:24
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Check
ls -ld /mnt/foo (after mounting it).– sourcejedi
May 18 at 9:31
@lonix I suspect you unintentionally set strict permissions on the root directory of the /dev/sdaX filesystem. Check
ls -ld /mnt/foo (after mounting it).– sourcejedi
May 18 at 9:31
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444199%2fmount-device-as-rw-for-root-and-ro-for-everyone-else%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
P.S. welcome to Unix StackExchange :-).
– sourcejedi
May 16 at 18:43
Once you mount on top of a directory, the permissions of that directory are ignored - we can only see the permissions of the directory which is mounted on top of it.
– sourcejedi
May 16 at 18:48