Linux fstab mount as user

Automatically mount a drive using /etc/fstab, and limiting access to all users of a specific group

This works to auto mount it, however I would like to restrict read/write access to users belonging to a specific group. How would I go about doing this in /etc/fstab? Can I simply just use chown or chmod to control the access?

4 Answers 4

If the filesystem type is one that doesn’t have permissions, such as FAT, you can add umask , gid and uid to the fstab options. For example:

 /dev/sdb1 /media/workspace auto defaults,uid=1000,gid=1000,umask=022 0 1 

umask=022 this will set permissions so that the owner has read, write, execute. Group and Others will have read and execute.

To see your changes you do not need to reboot. Just umount and mount again without arguments. For example:

umount /media/workspace mount /media/workspace 

But make sure to do not have any process (even your shell) using that directory.

I would gate access to the filesystem through a directory that contains the mount point.

mkdir -p /media/group1only/workspace chgrp group1 /media/group1only chmod 750 /media/group1only 

This is full access to root and read+execute access for members of group1. Don’t give them write access here, since if they accidentally rename the workspace mount point, it could make your system fail to boot.

/dev/sdb1 /media/group1only/workspace auto defaults 0 1 

After the filesystem is mounted, you can make further ownership and mode changes to objects within the filesystem to accommodate finer-grain access among the group members.

This recipe does not work. After mounting the properties for /media/group1only/workspace are drwxr-xr-x 2 root root 4096 apr 13 09:05 workspace . Thus group1only does not play any role for the mount point.

For example, assuming the filesystem on the disk supports ACL’s, and using the hypothetical user, myusername, and the hypothetical group for accessing the disk, diskusers, something like the following could be done. $ indicated a command executed as a regular user; # indicates a command executed as the user, root.

Create a group to which a user may belong for the purpose.

$ sudo groupadd diskusers $ sudo usermod -a -G diskusers myusername $ logout 

$ sudo -i # mount /media/workspace # chown root:root /media/workspace # chmod 0750 /media/workspace/ # setfacl -d -m -g:diskusers:7 /media/workspace # setfacl -m g:diskusers:7 /media/workspace 

The «7» in the setfacl command is octal (read = 4 + write = 2 + execute = 1), much like normal octal permissions (0400, 0200, 0100).

The -d is a switch to specify a default mask — new files and directories. The -m is the mask to apply to the directory.

You also could apply the mask to all files initially after setting the default (above):

find /media/workspace -exec setfacl -m g:diskusers:7 <> + 

At that point, only root and members of diskusers can access the files. I like Mark Plotnick’s idea, too, about applying permissions to a subdirectory. This technique could be used that way, too.

Источник

What Is Linux fstab File and How Can We Configure It?

Linux operating system relies on files. File systems should be mounted in order to be used. Mounting a file system can be with the mount command. In order to mount single or multiple file systems, we need some configuration. There is default configuration while using mount . But if we want to provide different options about mount we can use /etc/fstab file. In fstab we can provide information about the mount and automatically mounted files with during boot.

/etc/fstab File

fstab file is stored under the /etc directory. /etc/fstab file is a simple column based configuration file where configurations are stored as column based. We can open fstab with the text editors like nano , vim , Gnome Text Editor , Kwrite etc. but if we want to save the changes we made we require to get root privileges with the sudo command.

After providing the password for the user ismail to get root privileges with sudo command we will see following fstab file content

Comment

Before starting the detailed configuration about fstab we need to learn comment. In the previous screenshot, we see the turquoise lines those are comments. So lines starting with the # are comments. We can provide comments about newly created or changes configurations between configuration lines.

fstab Columns

As stated previously fstab file consists of columns which stored configuration options. Each row contains a single configuration record to mount and each column in this row contains different configuration options.

Here is sample configuration row or record.

UUID=e1ea69a0-7566-4002-a47d-3a93d1ebfb96 / ext4 errors=remount-ro 0 1

Each configuration columns is defined in the comment line which starts <file system .

We can see that the following configuration column is provided where we will explain them in detail.

• `File System` is the source which we want to mount
• `Mount Point` is the destination we want to mount
• `Type` is the file system type of the `File System`
• `Option` is used to specify the behavior of the mount
• `Dump` specifies whether the file system will be dumped in the error case
• `Pass` sets whether the file system check will be performed

File System Column

We will start with the first column which is used to specify the source file system device. Source file system device can be expressed in 2 different ways. The first way is specifying the path of the partition like /dev/sda1 . As dev path is used to store device information. Another way to specify the source file system is providing the UUID information like UUID=e1ea69a0-7566-4002-a47d-3a93d1ebfb96 .

We can see that /dev/fd0 is the floppy disk.

We can find the UUID of a disk with the following blkid command which is shot form of Block ID . We should run with the sudo .

Mount Point or Dir Column

The second column specifies the path the source will be mounted. Generally, ile system root is specified as / . In this following screenshot, we can see that /dev/sda1 is mounted to the / .

We can see that /dev/fd0 is mounted to the /media/floppy0 . The following mounts are also popular in the Linux world.

• `/mnt` is used to mounted external hard disk drives or USB.
• `/boot` is used to mount boot partition and the kernel.
• `/home` is used to mount users home directories

File System Type Column

Up to now, we have specified the source and destination partitions and locations. But as we know there are a lot of different file system types which is supported by Linux. ext4 , ext3 , fat , ntfs are some of them. In the file system type column, we can specify the file system with a single word.

We can see that in this example we are using ext4 and auto filesystems. auto is used to find source partition file system type automatically which can be used in some cases or different file systems like CDROM.

Options Column

Options column is the most comprehensive part of a fstab record. We can specify different behavior options int this part like automount, read-only, noatime etc.If there are multiple options we can delimit them with a comma. Here is an example of options column.

We can see that errors=remounte-ro is provided in the first line. Also rw , user , noauto , exec , utf8 is provided with comma delimiter.

• `auto/noauto` is used to specify automatically mount given file system on boot. We can also block automount with the `noauto` option during boot.
• `exec/noexec` is used to set mounted file system files to be executable. If we set to `noexec` the executables in the given file system will not be executed. This can be used to make user home directories `/home` more secure.
• `ro/rw` is another useful option where we can make file system read-only or read-write. If we do not want to enable file, folder changes and removal we can mount read-only with the `ro` . But in most cases `rw` will be the best solution where we can change file system contents.
• `sync/async` option is used to specify file system and disk synchronization. This option generally used to make file system more performative. If we select `sync` the changed content will be saved to the disk immediately which create some overload but will be more reliable. `async` will make write operation to the disk more flexible and more performative.
• `nouser/user` is another important option. By default, normal users cannot mount a file system with the `mount` command and needs `root` privileges to mount. This is depicted with the `nouser`. If we want to normal user mount given file system we should provide `user` option which will enable a normal user to mount given file system.
• `defaults` is a generic options wich is used in most of the cases which provides default options like `rw,suid,dev,exec,auto,nouser,async`
• `noatime` option is used to disable access time information to be written to the file system. Disabling access time will boost the disk performance.
• `suid/nosuid` option is used to allow `suid` and `sgid` bits.

Dump Column

Dump column is used to specify whether the there will a dump in an error event. This is designed in the old times and should be set to 0 . 1 means enable dumping.

Pass Column

File systems can be corrupted in different situations like disk hardware problem, electricity problem or software bug. This requires a file system check. We can enable an automatic fsck by setting 1 . We should enable fsck for the root / file system. But we can skip for file systems like NTFS and FAT automatic file system check during reboot which can be accomplished after the start.

Mounting All File Systems In fstab

mount command is used to mount file systems in fstab . We can mount all filesystems given in fstab by using -a or —all option. Only the noauto file systems will be skipped and not mounted. Mount command will skip already mounted file systems too.

Umount File System

We can also mount an already mounted file system with the umount command. We just need to provide the file system or mounting point. In this example, we will umount /mnt .

uid or UUID Identifier

Harddisks or Partitions can be specified with the UUID or Unified Unique Identifier. This makes mount operations more stable because as its name suggests every disk or partition on the each will have a unique UUID. So they can not overlap accidentally. We can list uid with the following command.

We can see that partition named /dev/sda1 has e1ea69a0-7566-4002-a47d-3a93d1ebfb96 as UUID.

noatime Mount Option

Performance is a very important factor in computer usage. The disk is one of the most important parts of computer performance. We can increase the performance of the file system or disk by skipping unnecessary disk operations like metadata storage. noatime will disable to store access time about file and folders in a file system.

Источник

fstab как монтировать диск с правами обычного пользователя?

c такой командой у диска рут права, а как дать на него права узера1?

Монтирование не формирует права, она их наследует с каталога в который монтируется.

А может кто подскажет, как nfs монтировать при старте системы?
_netdev в fstab написан, mount монтирует нормально.

UUID=1736A8F536B3C0AB /media/two ntfs noatime,nodev,nosuid,noexec,rw,uid=1000,gid=4095,fmask=117,dmask=007 0 0 

Это неправильный совет. Опция user даёт пользователям право монтировать устройство. Чтобы указать пользователей, которые будут владеть файлами на ntfs-3g, используются опции uid и gid.

у меня наоборот: при монтировании разрешения для каталога игнорятся. сделал 600, смонтировал vfat стало 777 (после отмонтирования снова 600).

Сетевые ФС на постоянной основе в общем случае лучше монтировать чем-нибудь типа autofs.

Ага, прочитал не внимательно, в шапке «fstab как монтировать диск с правами обычного пользователя?»

Да, действительно. Так тоже можно было понять.

Источник