mount —bind NTFS partition in read only mode
@user39559, Yes, it won’t delete (if remounting to read-only has worked). It will say «Read-only filesystem». It is like you can’t delete a file on mounted DVD even as root.
For a long time after bind mounts were introduced, the kernel associated mount options with devices rather than mount points, end of story. When you ran mount —bind , the kernel silently ignored all options since they couldn’t be applied just to the bind mount.
Starting with kernel 2.6.26 (or earlier for distributions that patched the upstream kernel), bind mounts have a read-only status that is separate from the original mount. So read-only bind mounts do work. However, the support is not perfect, for example the kernel still ignores options passed to mount —bind . You can make a read-only bind mount by making a bind mount and mounting it read-only. This introduces a security problem in some scenarios (there is a small window of time during which the bind mount is writable).
Debian lenny has a patched 2.6.26 kernel that makes mount —bind -r create a read-only bind mount atomically. Ubuntu 10.04 doesn’t include that patch.
The fuse filesystem bindfs generalizes the effect of mount —bind . It supports read-only bind mounts and many other permission and ownership changes. It is not fully equivalent to mount —bind , however. For example, reading from a read-only bind mount never updates the access time of a file, but might for a bindfs -p a-w fuse mount.
bind mounting read-only using fstab on Ubuntu?
I need to remount one directory (/src) as readonly in another location (/dst). This can be done like this:
$ sudo mount --bind /src /dst $ sudo mount -o remount,ro /dst
However, I would like to use /etc/fstab to have the mount taking place at boot time and have seen different suggested solutions to this problem, e.g.
/src /dst none bind 0 0 /src /dst none remount,bind,ro 0 0
/src /dst none bind 0 0 /dst /dst none remount,bind,ro 0 0
mount: /dst not mounted already, or bad option
The above solutions supposedly works on different distros, but unfortunately not on Ubuntu 10.04.4 LTS (kernel 2.6.32-41-server). Any ideas how to accomplish this apart from placing the mount commands into /etc/rc.local ?
2 Answers 2
On older kernels, mount —bind cannot create a read-only view of a read-write filesystem. The kernel stores the read-write status of the filesystem in a single place which is not duplicated by the bind mount. Newer kernels allow this but still require a separate mount step: first bind, then make read-only. There is a kernel patch to change that, and some distributions (such as Debian) have applied it, but Ubuntu hasn’t (at least not as of 12.04).
One solution is to create the read-only view from a boot script instead from /etc/fstab , as Oli explains.
Otherwise, you can use bindfs instead. This is a FUSE filesystem. Going through FUSE is slightly slower as it introduces an additional layer of indirection. You also lose support for extended file metadata such as ACLs. On the flip side, the read-only view will have a recognizable filesystem type, making it easy to exclude from filesystem traversals (such as locate and backups).
The fstab entry looks like this:
bindfs#/src /dst fuse perms=a=rX
Read only bind-mount?
I use mount -o bind to mount directories inside chroots, which works really well. The problem is that I’d like some of these bind-mounted directories to be read only in chroot. Is it possible? If not — any other way to achieve it? I was thinking about using NFS for localhost mounts, but it looks like overkill.
4 Answers 4
According to this article is it is possible. You do need a recent kernel.
mount --bind -o ro /vital_data /untrusted_container/vital_data
mount --bind /vital_writable_data /untrusted_container/vital_data mount -o bind,remount,ro /untrusted_container/vital_data
Supported since Linux 2.6.26.
In Squeeze it used to work with only:
Now in Debian Wheezy you have to do:
mount -o remount,ro,bind /dst
to get rid of the: resource busy message.
Edit: Now in Debian Jessie, mount tries to be smart and mounts sub dirs, which if already mounted with bind, gets recursive and bad things happens 🙂
There is a special option that forces util-linux to be ‘stupid’ again. Solutions is this:
mount --bind --make-rprivate /sbin/ $prefix/sbin/ mount -o remount,ro,bind $prefix/sbin/
Afterwards you can mount —bind $prefix/sbin to another dir.
The shared subtree operations. Since Linux 2.6.15 it is possible to mark a mount and its submounts as shared, private, slave or unbindable. A shared mount provides the ability to create mirrors of that mount such that mounts and unmounts within any of the mirrors propagate to the other mirror. A slave mount receives propagation from its master, but not vice versa. A private mount carries no propagation abilities. An unbindable mount is a private mount which cannot be cloned through a bind operation. The detailed semantics are documented in Documentation/filesystems/sharedsubtree.txt file in the kernel source tree. Supported operations are:
mount --make-shared mountpoint mount --make-slave mountpoint mount --make-private mountpoint mount --make-unbindable mountpoint
The following commands allow one to recursively change the type of all the mounts under a given mountpoint.
mount --make-rshared mountpoint mount --make-rslave mountpoint mount --make-rprivate mountpoint mount --make-runbindable mountpoint
mount(8) does not read fstab(5) when a —make-* operation is requested. All necessary information has to be specified on the command line. Note that the Linux kernel does not allow to change multiple propagation flags with a single mount(2) syscall, and the flags cannot be mixed with other mount options.
Since util-linux 2.23 the mount command allows to use several propagation flags together and also together with other mount operations. This feature is EXPERIMENTAL. The propagation flags are applied by additional mount(2) syscalls when the preceeding mount operations were successful. Note that this use case is not atomic. It is possible to specify the propagation flags in fstab(5) as mount options (private, slave, shared, unbindable, rprivate, rslave, rshared, runbindable).