Re: Lock out root writes on mounted directory?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEric \"Shubes\" at <-
MEric \"Shubes\" at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Kenneth
Date:  
To: Main PLUG discussion list
Subject: Re: Lock out root writes on mounted directory?
As someone else suggested, look at the output of "mount"


--- "Eric \"Shubes\"" <> wrote:

> It appears to be set in /etc/mtab. Any other way to tell? When I test,
> though, I'm able to delete files.
>
> Kenneth wrote:
> > I agree access control might do it, but it would be cumbersome. Are you
> sure
> > you're getting the ro option set? I know people who specifically keep
> root,
> > /usr, etc mounted ro, I don't think root should be able to write to them.
> >
> > --- Mike Schwartz <> wrote:
> >
> >> On 9/8/06, Eric Shubes <> wrote:
> >>> I've created a sandbox for building rpms. It was suggested to me that
> for
> >>> some directories, such as /bin, /lib, /sbin, I could mount them with
> >>> ro,bind
> >>> options instead of coping or hard linking them. What I've discovered,
> >>> though, is that the ro mount option does not prohibit root from
> modifying
> >>> a
> >>> mounted directory. Is there any way to mount a directory such that root
> >>> cannot write to it?
> >>> --
> >>> -Eric 'shubes'
> >>> ---------------------------------------------------
> >>>
> >> I could be way off base here,
> >> but have you looked in to access control lists?
> >> I think I read somewhere that FC4 or so,
> >> has an implementation of them
> >> that is comparable to the "ACL" functionality
> >> in some other OS's.
> >> --
> >> Mike Schwartz
> >> Glendale AZ
> >>
> >>
>
>
> --
> -Eric 'shubes'
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Website contributions (Was: Re: The site is down)Re: Where to place apps for WINE to run?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)