Lock out root writes on mounted directory?
Eric "Shubes"
plug at shubes.net
Fri Sep 8 16:00:47 MST 2006
It appears to be set in /etc/mtab. Any other way to tell? When I test,
though, I'm able to delete files.
Kenneth wrote:
> I agree access control might do it, but it would be cumbersome. Are you sure
> you're getting the ro option set? I know people who specifically keep root,
> /usr, etc mounted ro, I don't think root should be able to write to them.
>
> --- Mike Schwartz <mike.l.schwartz at gmail.com> wrote:
>
>> On 9/8/06, Eric Shubes <plug at shubes.net> wrote:
>>> I've created a sandbox for building rpms. It was suggested to me that for
>>> some directories, such as /bin, /lib, /sbin, I could mount them with
>>> ro,bind
>>> options instead of coping or hard linking them. What I've discovered,
>>> though, is that the ro mount option does not prohibit root from modifying
>>> a
>>> mounted directory. Is there any way to mount a directory such that root
>>> cannot write to it?
>>> --
>>> -Eric 'shubes'
>>> ---------------------------------------------------
>>>
>> I could be way off base here,
>> but have you looked in to access control lists?
>> I think I read somewhere that FC4 or so,
>> has an implementation of them
>> that is comparable to the "ACL" functionality
>> in some other OS's.
>> --
>> Mike Schwartz
>> Glendale AZ
>> schwartz at acm.org
>> Mike.L.Schwartz at gmail.com
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list