Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Linux/Unix - mount point question?  (Read 5270 times)

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Linux/Unix - mount point question?
« on: November 21, 2019, 04:14:11 PM »

As mentioned elsewhere, I’ve spent some time this week messing around with a data disk in a CentOS box.   The disk has a few partitions, mounted at various places in hierarchy.   To facilitate this work I manually stopped the various services that might access the disk’s partitions, and then unmounted the partitions.   

All went well, the work is complete.  But it occurred to me as an afterthought... if there was anything I’d overlooked that might try and access these partitions, it might end up writing to the unmounted mount points?  A candidate would have been my overnight backup script, which writes things to one of these partitions and in fact that nearly happened, except the script failed last night for other reasons.

So my question... is there anything I could, or should have done, or permissions I should set, to protect the mount points from being written during the time the partitions were unmounted?
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Linux/Unix - mount point question?
« Reply #1 on: November 21, 2019, 04:44:02 PM »

Any partitions which aren't mounted are simply unavailable space. Nothing can write to them (apart from low level functions such as format, which can normally only be run by root).
Logged
  Eric

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #2 on: November 21, 2019, 05:04:36 PM »

Maybe I didn't explain it very well.

Specific actual example:  I have a directory named /mythtv/default.   It is the default place in which TV recordings get stored.  And in my /etc/fstab file, I specify that a specific partition gets mounted at /mythtv/default.  That ensures that my TV recordings are guaranteed to have a certain amount of space available, and also guarantees that they won't won't run riot and consume the entire disk. 

So in normal running /myth/default is actually mapped to a specific parition (/dev/sdb2 in fact, identified in /etc/fstab by its UUID). 

But if /dev/sdb2 is unmounted, then /mythtv/default simply becomes a directory within the filesystem of the parent directory and writing to /mythtv/default would consume space on an unintended disk.  Also, the data written would also become invisible once /dev/sdb2 was mounted on top. 

Both of the things in above paragraph would be bad things, and I'm just wondering if there is some way I could make these things impossible, rather than depending on own perfection?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Linux/Unix - mount point question?
« Reply #3 on: November 21, 2019, 05:25:47 PM »

I suspected that was what you were asking but I was unable to answer promptly.

I would be inclined to test that the physical partition is actually mounted on the mount-point, within the file system tree, before allowing any write (or read) process to take place.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Re: Linux/Unix - mount point question?
« Reply #4 on: November 21, 2019, 05:55:54 PM »

This might work if the TV recording software fails if it tries to write in to a non-existent directory. If you kept the mount the same but created a base directory within the mounted partition called (say) data, could you configure the TV recordings to store in /mythtv/default/data by default? If the partition isn't mounted that directory wouldn't exist.
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #5 on: November 21, 2019, 06:20:12 PM »

These suggestions may avoid the Myth problem.

But Another partition user is a nightly cron job, that produces a .iso that is a snapshot of everything that matters to me.  It is designed to ‘always succeed’ so in the event of directories not existing, it creates them.   Yes I could change that, but I like it as it is.

I was really hoping somebody might surprise me by telling me I could protect the mount points with simple permission settings.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #6 on: November 21, 2019, 07:00:53 PM »

I have found a suggestion elsewhere of using chattr to make the underlying mount point immutable,   Eg, with the partition unmounted...

Chattr  +i /mythtv/ default

Chattr is not a thing I am familiar with, or have ever used, but I may try it tomorrow and report back on success.  Meanwhile of course, encouragement/discouragement obviously welcomed. :)
Logged

petef

  • Reg Member
  • ***
  • Posts: 135
Re: Linux/Unix - mount point question?
« Reply #7 on: November 21, 2019, 09:18:44 PM »

I do not think you can easily protect against general mounts. For specific mounts an alternative to your chattr is

mkdir -p /mythtv/default
chmod a-rwx /mythtv/default


Whether or not nested files can be created is down to a design decision within software. In some cases the program will assume that an installation procedure has been performed and that the destination directory exists. In others an absent directory tree will be created on the fly. Unmounting is adequate to protect against the former. The latter relies on permissions being locked down.

Remember that most everything in Unix or Linux is a file. Programs accessing them do not care what kind of filesystem they are on, whether symlinks are involved, and so on.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #8 on: November 21, 2019, 09:53:39 PM »

The point is, I know I can avoid writing to unmounted mount points by just not doing so.  I can also contrive hierarchies that do not do so.  But I seeking a method that makes it very unlikely do so, even by mistake.   

Or for that matter, prevents another user from doing so, by mistake or by lack of communication.  The only other user is my other half who is also privy to root credentials.  But whilst it is unlikely we would both be logged in doing system admin tasks at the same time, it is not impossible.

Actually however I think chattr +i might be doing the trick.

Tested by (as root)...

mkdir /testmnt
chmod 777 /testmnt
chattr +i /testmnt

Attempting to create a file (still as root) now fails
>/testmnt/a
-bash: /testmnt/a: Operation not permitted

Now mount a partition there...
mount /dev/sdb2 /testmnt

I can now create a file
>/testmnt/a
.. no error

Even as a non privileged user
>/testmnt/a2
.. no error

Am I missing something, is there a downside?
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #9 on: November 21, 2019, 10:06:52 PM »

Ps:  *Assuming (?) there’s no forum etiquette breached by linking to discussions in other respectable places, here’s where I found the chattr idea...

https://serverfault.com/questions/570255/prevent-the-possiblity-of-writing-data-to-an-unmounted-mount-point-directory

*Otherwise tell me and I’ll delete, or (admins) just delete.
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Linux/Unix - mount point question?
« Reply #10 on: November 21, 2019, 10:35:04 PM »

That's no problem.
Logged
  Eric

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #11 on: November 21, 2019, 10:40:00 PM »

 :)
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Linux/Unix - mount point question?
« Reply #12 on: November 23, 2019, 09:13:56 PM »

Very interesting, I had no idea that this method existed and seems a good idea to apply to my backup drive mountpoints.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Linux/Unix - mount point question?
« Reply #13 on: November 23, 2019, 09:43:45 PM »

I’ve not really got my head around it tbh, but it does seem to provide the protection I wanted.

I worked on Unix system development for a living once upon a time and whilst I may simply have forgotten, I have no recollection of anything comparable to chattr (etc) but in these days (SVR4 early days) linux-based Operating Systems were virtually unknown.   Not sure whether it was resident on CentOS 7 by default, or if it is part of a package I subsequently installed.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Linux/Unix - mount point question?
« Reply #14 on: November 23, 2019, 11:02:58 PM »

This is interesting: https://en.wikipedia.org/wiki/Chattr

    A file with the i attribute cannot be modified.
    It cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.
    When set, prevents, even the superuser, from erasing or changing the contents of the file.

Makes it sound like its almost an accident it works the way it does for mount points.
« Last Edit: November 23, 2019, 11:05:16 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
Pages: [1] 2