Discussion:
Setting [u|f]mask on a bind mount
(too old to reply)
Glen Pfeiffer
2007-08-31 06:00:23 UTC
Permalink
I tried mounting a directory like so:

mount --bind -o umask=0117 /home/files /home/glen/files

What I am shooting for, is that all files created in
/home/glen/files will have the permissions 660. But the above
command seems to have no effect on permissions of created files.

I have also tried this with no luck:

mount --bind -o fmask=0117 /home/files /home/glen/files

Then I read the man page:

Note that the filesystem mount options will remain the same as
those on the original mount point, and cannot be changed by
passing the -o option along with --bind/--rbind.

I take that to mean that I cannot change the umask when mounting
with --bind.

Any ideas on how to achieve my goal?

Thanks in advance!
--
Glen
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Bob Proulx
2007-09-01 20:00:10 UTC
Permalink
Post by Glen Pfeiffer
mount --bind -o umask=0117 /home/files /home/glen/files
What I am shooting for, is that all files created in
/home/glen/files will have the permissions 660.
But those are the same files as files in another directory, right?
The files can't have different permissions in different places.

Or are you simply trying to make the files when created have a
specific permission? If so then umask is the only way.
Post by Glen Pfeiffer
mount --bind -o fmask=0117 /home/files /home/glen/files
Note that the filesystem mount options will remain the same as
those on the original mount point, and cannot be changed by
passing the -o option along with --bind/--rbind.
I take that to mean that I cannot change the umask when mounting
with --bind.
Correct.
Post by Glen Pfeiffer
Any ideas on how to achieve my goal?
You would have to change the original mount point options in order to
do this. The directory would need to be on its own filesystem. You
could create a filesystem specific for this purpose. Then you could
bind mount it anywhere else fine.

This is a good place for a plug for LVM because then a new mount point
could be created very easily.

Perhaps saying a little more about the overall problem that you are
trying to solve will spark an idea from someone on the mailing list.

Bob
Glen Pfeiffer
2007-09-05 19:20:10 UTC
Permalink
Post by Bob Proulx
Post by Glen Pfeiffer
mount --bind -o umask=0117 /home/files /home/glen/files
What I am shooting for, is that all files created in
/home/glen/files will have the permissions 660.
But those are the same files as files in another directory, right?
The files can't have different permissions in different places.
Or are you simply trying to make the files when created have a
specific permission? If so then umask is the only way.
Yes, I am trying to change the default permissions of *newly
created* files. That is why I tried umask, but it doesn't work
with a bind mount.
Post by Bob Proulx
You would have to change the original mount point options in
order to do this. The directory would need to be on its own
filesystem. You could create a filesystem specific for this
purpose. Then you could bind mount it anywhere else fine.
I can't believe I didn't think of this earlier, but my /home is
on a separate partition. I changed the umask in /etc/fstab - but
that didn't work either. I got errors about a bad superblock when
mounting.
Post by Bob Proulx
This is a good place for a plug for LVM because then a new
mount point could be created very easily.
I will consider that if I ever rebuild.
Post by Bob Proulx
Perhaps saying a little more about the overall problem that you
are trying to solve will spark an idea from someone on the
mailing list.
My reasons for this stem from paranoia. I see no reason to allow
the world read access by default. Since it is on my home network
it is overkill, but I like to prepare for the unknown. For
example: I will have house guests that I want to allow use of my
computers. But I don't want them to have read access to the
shared "family" documents. So I want documents created within
that directory to have permissions of 660. I have set the sticky
group bit, so created files are owned by the family group.
--
Glen
--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Loading...