Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
lvm2 fstab and /dev/ permissions
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
swingkyd
Guru
Guru


Joined: 13 Jan 2005
Posts: 334

PostPosted: Fri May 30, 2008 3:58 pm    Post subject: lvm2 fstab and /dev/ permissions Reply with quote

I am trying to set up some logical volumes with permissions in fstab that allow only "disk" users to read/write. I would like the volumes to mount automatically at startup. The file system is reiserfs so gid and umask don't seem to work.
can I just change the owner and permissions of the /dev/vg/lv_audio /dev/vg/lv_video etc. to what I require: say: "root:disk" will this be preserved when I reboot?
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Fri May 30, 2008 4:29 pm    Post subject: Reply with quote

Are you aware that any user in the "disk" group is practically root because he is allowed to read, and maybe even write, on any disk directly, circumventing the permissions of the files of the filesystems on those disks. If you want users to be able to write files on those volumes, you have to set up the permissions of the filesystems on those disks accordingly (chgrp users /mnt/mymusic/ or whatever), and make fstab entries with the user flag so users can mount them; you do not need to change permissions for the actual disk devices.
Back to top
View user's profile Send private message
swingkyd
Guru
Guru


Joined: 13 Jan 2005
Posts: 334

PostPosted: Fri May 30, 2008 4:38 pm    Post subject: Reply with quote

frostschutz wrote:
Are you aware that any user in the "disk" group is practically root because he is allowed to read, and maybe even write, on any disk directly, circumventing the permissions of the files of the filesystems on those disks.

I was not aware of this... I thought most of the permissions on the /dev/hd[ab]* were root:root and not root:disk
So I should not put normal users on the "disk" group?
frostschutz wrote:
If you want users to be able to write files on those volumes, you have to set up the permissions of the filesystems on those disks accordingly (chgrp users /mnt/mymusic/ or whatever), and make fstab entries with the user flag so users can mount them; you do not need to change permissions for the actual disk devices.

These logical drives are intended to be network shares over SMB for things like audio, video, general etc. I would like read-write access for all users over the SMB network. I suppose this could be set up in Samba and the permissions can remain root correct? I'm really very green when it comes to this kind of stuff. It's my first attempt at setting up something like this.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Fri May 30, 2008 5:35 pm    Post subject: Reply with quote

swingkyd wrote:
frostschutz wrote:
Are you aware that any user in the "disk" group is practically root because he is allowed to read, and maybe even write, on any disk directly, circumventing the permissions of the files of the filesystems on those disks.

I was not aware of this... I thought most of the permissions on the /dev/hd[ab]* were root:root and not root:disk
So I should not put normal users on the "disk" group?


Yes, you should not do this.

Quote:
These logical drives are intended to be network shares over SMB for things like audio, video, general etc. I would like read-write access for all users over the SMB network. I suppose this could be set up in Samba and the permissions can remain root correct? I'm really very green when it comes to this kind of stuff. It's my first attempt at setting up something like this.


I do not use Samba myself so I can not offer any assistance here. Your problem anyway is not with the permission of the device nodes themselves, but with the permissions of the directories and files on your filesystems, which you can change with chmod / chown / chgrp / etc. This may be a good time to familiarize yourself with Linux file permissions.
Back to top
View user's profile Send private message
swingkyd
Guru
Guru


Joined: 13 Jan 2005
Posts: 334

PostPosted: Fri May 30, 2008 6:39 pm    Post subject: Reply with quote

frostschutz wrote:
I do not use Samba myself so I can not offer any assistance here. Your problem anyway is not with the permission of the device nodes themselves, but with the permissions of the directories and files on your filesystems, which you can change with chmod / chown / chgrp / etc. This may be a good time to familiarize yourself with Linux file permissions.


I am aware of linux file permissions in of themselves (setting permissions using chmod/chown/chgrp etc.). I am not familiar with the best way to set up groups for file sharing etc.

I was hoping that the user could create and delete the contents of the entire share (the root of the mount point). if I share the mount point: vg_audio, I want the user to be able to read and write to the root of the mount point. I am not aware of any way of doing this except by changing the permissions of the device node to something that permits this. Changing the mount point permissions does nothing as the device node permissions take precedence over the mount point permissions.

I thought users had to be part of the "disk" group to perform CD copying and such???
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Fri May 30, 2008 6:56 pm    Post subject: Reply with quote

swingkyd wrote:
Changing the mount point permissions does nothing as the device node permissions take precedence over the mount point permissions.


That's not true. The permissions of the device node is not related *at all* to the permissions of the files on the device. On a filesystem, you can have a file that can be read and written to by everone, even if no one has the right to access the raw device directly. And you can have a file that can only be read by root, even if everyone is allowed to access the raw device (and thus get at the contents of the file indirectly).

I do not know where the confusion comes from, but one possibility is that you tried to change the permissions of a mount point before actually mounting it. Once you mount something, the mount point will have the permissions of the mounted filesystems root directory /. The permission that the directory which is used as a mount point has (and this directory resides on another filesystem), and any files that are stored within this directory (on the other filesystem as well), will be hidden away as soon as the other filesystem was mounted in this directory.

This is for example done with /dev. Your root filesystem will have a static standard set of device nodes stored in /dev. Then sometime during boot, a ramdisk (udev) will be mounted into /dev. This hides the static set of device nodes that are on the root filesystem, as well as their permissions, as well as the permissions of the /dev directory itself, and replace it with the permissions of the ramdisks root /, and with the files on the ramdisk (device nodes dynamically created by udev). The original files and permissions are of course still there, you just don't see them while something else is mounted over it. If you mount / somewhere else again (for example to /mnt/root) you will be able to see the files in /mnt/root/dev again as they are not hidden there by something that was mounted into /dev.
Back to top
View user's profile Send private message
swingkyd
Guru
Guru


Joined: 13 Jan 2005
Posts: 334

PostPosted: Fri May 30, 2008 7:48 pm    Post subject: Reply with quote

well... I appreciate your patience with me ;) I'm apparently a slow learner. I'm a long time user of linux but some weaknesses are obviously showing through there.

When a device node ownership of a CDROM device is set to "root:disk", and I am in the "disk" group, I can access the disk for CDRW functions. If it is set to "root:root" I cannot. This is of course if the /dev/hdc (CDRW device) is not mounted.
The confusion for me is that even if I mount the /dev/hdc to a /mnt/cdrw point, the permissions of the file mount point /mnt/cdrw are ignored (as expected).

Now for mounting a hard drive (say /dev/hdb1) to /mnt/data, the same holds true. Depending on whether I have an fstab entry with "users", the /mnt/data will pick up the user ownership and any permission options if the user actually mounts the drive. This is not good if multiple users are to access the drive.

If the only options in the fstab entry is "defaults," then on a boot, root:root gets the ownership of /mnt/data directory. Consequently, users cannot create new directories, add files etc. Only if I happen to have a directory in /dev/hd1 which has ownership of something like "root:users" and I am in the user group can I do anything and only on this directory.

What I want to do is have "root:users" ownership of the /mnt/data file when it is mounted at boot so users have full control of the contents of /dev/hdb1. This node is mounted to the /mnt/data file at boot and the users in the group "user" can have rw access to all the contents but "other" does not.

Am I totally out to lunch with what I am asking here? I could be totally mistaken too.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Sat May 31, 2008 7:06 am    Post subject: Reply with quote

swingkyd wrote:
When a device node ownership of a CDROM device is set to "root:disk", and I am in the "disk" group, I can access the disk for CDRW functions. If it is set to "root:root" I cannot.


This is because you need to access the cdrw directly, as there is no filesystem to mount yet. Another problem is that CD-R are read only, the file system used on CD-R do not support Linux file system ownerships and permissions, and even if they did, you couldn't change them because it is read only. In such a case you have to set up an entry in fstab; there is the users options, or there are uid / gid options that allow you to set the ownership / permissions of the whole cdr tree manually.

For hard drives, as long as you're using a Linux file system on them (like ext2/3, not vfat/ntfs), you can just change the permissions of any files directly. If you have a separate /home partition, you are doing this already, as you (hopefully) have set correct permissions for each home directory in /home that prevents one user accessing the private data of the other.

Quote:
What I want to do is have "root:users" ownership of the /mnt/data file when it is mounted at boot so users have full control of the contents of /dev/hdb1.


mount /mnt/data
chown root:users /mnt/data/
ls -al /mnt | grep data

If it's a Linux file system, the permission for the mount point should be restored, if you umount it (after umounting, /mnt/data permissions are different as it is a different directory... root of the mounted filesystem versus the data directory of the / filesystem) and remount it again (/mnt/data will be the root of the mounted filesystem again and still have the root:users ownership you set before).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum