Mounted File system and Mount Point permissions
The permissions on a folder used as a mount point, and the permissions on the top of the filesystem itself are not related.
In other words. If you ls on a directory and then mount a filesystem to that directory and run the same ls command, the permissions will look different.
Thus:
1. Restrict the permissions on the mount point (directory) to be read only. This way, if the filesystem is not mounted for some reason no one can write any files to the directory. This will prevent two things. First, it will prevent someone from filling up the root filesystem by accident. Second, it will prevent files from getting spread out across the directory (inside the mount point) and the filesystem itself. It can be a real mess trying to resync up a filesystem and the files stuck in the directory.
2. When creating a new filesystem, be sure to mount it, and set the permissions, since you can’t do this without the filesystem being mounted.
How do you tell if a directory is just that, or if it is it’s own filesystem? df -k :
root> df -k /home
/home (/dev/vg00/lvol5 ) : 20464 total allocated Kb
8728 free allocated Kb
11736 used allocated Kb
57 % allocation used
root> df -k /etc
/ (/dev/vg00/lvol3 ) : 143360 total allocated Kb
3976 free allocated Kb
139384 used allocated Kb
97 % allocation used
See, /home is its own filesystem, but /etc is in /, as you can see above.
What do you do if you have a directory full of files that should have been in a filesystem mounted at that point?
First, mount the filesystem manually to another directory. Under temp or something.
Use fuser to see if any of the files are open. They must not be.
Then do something like this to get the files over to the mount point.
cd /directory_that_should_not_have_files_in_it
find . -depth -xdev | cpio -dumpx /tmp/mount_point
man find so you can verify my switches here (HPUX). These find switches say to traverse the directory tree first (-depth) and don’t cross a mount point (-xdev). The cpio switches say -d make the directories first, -u unconditionally -m retain modify times -p pass-through from std in and -x save or restore special files.
Now unmount the filesystem from the temp location and mount it properly. Oh! First fix the permissions on that directory so that next time the application or user cannot write to it!
