Prevent the possiblity of writing data to an unmounted mount point directory
Solution 1
I go a step further and always set the attributes of my mountpoint directories to immutable using chattr.
This is accomplished with chattr +i /mountpoint
(with the mount unmounted).
This would error-out on new write activity and also protects the mount point in other situations.
But I suppose you could use the mountpoint command, too ;)
Solution 2
To expand on the comment about using mountpoint
, this is roughly what I put into scripts when I need to check these kind of things:
DEST='/mnt/backup'
if ! mountpoint -q "$DEST" ; then
echo "Destination is not mounted; attempting to mount"
mount $DEST
if ! mountpoint -q "$DEST" ; then
echo "Unable to mount $DEST; Aborting"
exit 1
fi
echo "Mounted $DEST; Continuing backup"
fi
This assumes that $DEST exists in /etc/fstab
; it doesn't matter if it is an auto
or noauto
mountpoint.
As per the mount
man page:
If only directory or device is given, for example:
mount /dir
then mount looks for a mountpoint and if not found then for a device in the /etc/fstab file. It's possible to use --tar‐get or --source options to avoid ambivalent interpretation of the given argument. For example
mount --target /mountpoint
Related videos on Youtube
LonnieBest
Do your work willingly, as though you were serving the Lord himself, and not just your earthly master. -Colossians 3:23 The thing about quotes on the internet is that you cannot confirm their validity. -Abraham Lincoln
Updated on September 18, 2022Comments
-
LonnieBest over 1 year
I have an Ubuntu server where I'm automounting an external hard drive each boot.
To do this, I've created an empty folder on the root partition, and the drive gets mounted "inside" this folder.
However, what if I perform a backup to this path when the drive isn't properly mounted? The backup would instead fill up my root partition!
I can ensure that the drive is mounted each time by performing:
sudo mount -a
... before each backup.
However, what are the best practices to ensure that data is never written to the empty mount-folder (except when the external hard drive is truly mounted)?
Can this be solved without scripting? Say with permissions for example? What are the best practices?
-
user9517 over 10 yearsUse the mountpoint command serverfault.com/questions/436048/…
-
-
LonnieBest over 10 yearsIs $DEST the path-location to the (potentially empty) mount-folder? How does the command "mount $DEST" know what to mount there? Could you edit this post to include an example value for the variable $DEST?
-
LonnieBest over 10 yearsThis is a better solution; it requires no scripting to ensure nothing ever gets written to the root partition. To me, this seems like a best practice that should be done for all folders that will be exclusively used for mounting.
-
ewwhite over 10 years@LonnieBest Thank you. I strive to make sure any removable or NFS/CIFS or major data partitions are mounted this way.
-
fukawi2 over 10 yearsThat is even better - I like it!
-
LonnieBest over 10 yearsThanks man. I wonder how the mount command knows which device is associated with /mnt/backup folder. Does it cross-reference with the fstab?
-
fukawi2 over 10 years@LonnieBest Yes, if you only provide 1 argument to
mount
it will consult /etc/fstab to determine the rest of the information. I'll update the answer with an excerpt from the man page. -
LonnieBest almost 8 yearsHow can you ensure that files will not be written to the local file system if you are a non-root user? You see, chattr +i requires root permissions, and even if you do it using root, thereafter a non-root user cannot mount to this protected mountpoint. So how does non-root user achieve this?
-
ewwhite almost 8 years@LonnieBest Should non-root/non-admin users have filesystem mount privileges?
-
LonnieBest almost 8 yearsSure, when the user is me ;) . What if you, as administrator, want to give non-root users access to the immutable mount? I'm the user here. I know the root password, but I want to consume this mount using my regular user account without sudo. I can only seem to do this when the mount point is mutable.
-
mwfearnley about 6 yearsPresumably using
chattr
is a great idea iff there's no need to add/move files in the root of the mountpoint? -
jamesdlin over 5 years@ewwhite Non-root users can mount things with fuse (e.g. sshfs).
-
LonnieBest over 2 years@jamesdlin Yes, but not when the share-folder is immutable. How can a non-root user mount to an immutable mount-folder? How can a non-root user ensure he doesn't fill up the root partition by writing data to a mount-folder that is for some reason not mounted at the time of his attempts to write to the mount?
-
jamesdlin over 2 years@LonnieBest I was agreeing with you and was disputing the question "Should non-root/non-admin users have filesystem mount privileges?"