[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting [u|f]mask on a bind mount

On 09/01/2007 01:00 PM, Bob Proulx wrote:
> Glen Pfeiffer wrote:
>> I tried mounting a directory like so:
>>   mount --bind -o umask=0117 /home/files /home/glen/files
>> What I am shooting for, is that all files created in 
>> /home/glen/files will have the permissions 660.
> But those are the same files as files in another directory, right?
> The files can't have different permissions in different places.
> Or are you simply trying to make the files when created have a 
> specific permission?  If so then umask is the only way.

Yes, I am trying to change the default permissions of *newly 
created* files. That is why I tried umask, but it doesn't work 
with a bind mount. 

> You would have to change the original mount point options in 
> order to do this.  The directory would need to be on its own 
> filesystem.  You could create a filesystem specific for this 
> purpose.  Then you could bind mount it anywhere else fine.

I can't believe I didn't think of this earlier, but my /home is 
on a separate partition. I changed the umask in /etc/fstab - but 
that didn't work either. I got errors about a bad superblock when 

> This is a good place for a plug for LVM because then a new 
> mount point could be created very easily.

I will consider that if I ever rebuild.

> Perhaps saying a little more about the overall problem that you 
> are trying to solve will spark an idea from someone on the 
> mailing list.

My reasons for this stem from paranoia. I see no reason to allow 
the world read access by default. Since it is on my home network 
it is overkill, but I like to prepare for the unknown. For 
example: I will have house guests that I want to allow use of my 
computers. But I don't want them to have read access to the 
shared "family" documents. So I want documents created within 
that directory to have permissions of 660. I have set the sticky 
group bit, so created files are owned by the family group.


Reply to: