Re: Setting [u|f]mask on a bind mount
On 09/01/2007 01:00 PM, Bob Proulx wrote:
> Glen Pfeiffer wrote:
>> I tried mounting a directory like so:
>>
>> mount --bind -o umask=0117 /home/files /home/glen/files
>>
>> What I am shooting for, is that all files created in
>> /home/glen/files will have the permissions 660.
>
> But those are the same files as files in another directory, right?
> The files can't have different permissions in different places.
>
> Or are you simply trying to make the files when created have a
> specific permission? If so then umask is the only way.
Yes, I am trying to change the default permissions of *newly
created* files. That is why I tried umask, but it doesn't work
with a bind mount.
> You would have to change the original mount point options in
> order to do this. The directory would need to be on its own
> filesystem. You could create a filesystem specific for this
> purpose. Then you could bind mount it anywhere else fine.
I can't believe I didn't think of this earlier, but my /home is
on a separate partition. I changed the umask in /etc/fstab - but
that didn't work either. I got errors about a bad superblock when
mounting.
> This is a good place for a plug for LVM because then a new
> mount point could be created very easily.
I will consider that if I ever rebuild.
> Perhaps saying a little more about the overall problem that you
> are trying to solve will spark an idea from someone on the
> mailing list.
My reasons for this stem from paranoia. I see no reason to allow
the world read access by default. Since it is on my home network
it is overkill, but I like to prepare for the unknown. For
example: I will have house guests that I want to allow use of my
computers. But I don't want them to have read access to the
shared "family" documents. So I want documents created within
that directory to have permissions of 660. I have set the sticky
group bit, so created files are owned by the family group.
--
Glen
Reply to: