I want to create a file in sys/kernel/security folder in Linux.
But sudo touch test returns permission error.
After sudo chmod 777 /sys/kernel/security it fails, so I tried to change permissions for /sys folder (yes, I know this is a bad way) and sudo -i. Files does not creates, but in all cases it sets correctly - drwxrwxrwx.
And now I actually have no ideas, so I hope to your tips.
Thanks.
/sys/kernel/security is Linux Kernel Security Module (LSM) space where kernel security module can show their data both r/w.
mount | grep security
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
This is another virtual file system mounted of /sys. You can't create files here and there is no meaning at all to create files here.
See, securityfs details here!
Related
I'm trying to make a fast reboot to the other Linux system. First step is kernel loading, I make it with
sudo kexec --append='$(cat /proc/cmdline)' -l new_kernel.img --reuse-cmdline
sudo kexec -e
It works fine, but loads only kernel, not entire system.
How can I mount an *.img file with OS resources, located at USB as /? Preferable during kernel loading, but afterwards mount is still suitable. *.img format is not necessary, it can be unpacked before
As stark said, pivot root() was the call I was searching for. Commands to make a USB located at /dev/sdb1 a root directory:
sudo -s
mkdir /newroot
mount /dev/sdb1 /newroot
cd /newroot
mkdir oldroot
pivot_root . oldroot/
switch_root() deletes all files at the previous root dir, also there are few other differences, this answer might be useful
I have a program called HelloWorld belonging to user test
HelloWorld will create a file HelloWorld.pid in /var/run to keep single instance.
I using following command to try to make test can access /var/run
usermod -a -G root test
However, when I run it, falied
could someone help me?
What are the permissions on /var/run? On my system, /var/run is rwxr-xr-x, which means only the user root can write to it. The permissions do not allow write access by members of the root group.
The normal way of handling this is by creating a subdirectory of /var/run that is owned by the user under which you'll be running your service. E.g.,
sudo mkdir /var/run/helloworld
sudo chown myusername /var/run/helloworld
Note that /var/run is often an ephemeral filesystem that disappears when your system reboots. If you would like your target directory to be created automatically when the system boots you can do that using the systemd tmpfiles service.
Some linux systems store per-user runtime files in /var/run/user/UID/.
In this case you can create your pid file in /var/run/user/$(id -u test)/HelloWorld.pid.
Alternatively just use /tmp.
You may want to use the user's name as a prefix to the pid filename to avoid collision with other users, for instance /tmp/test-HelloWorld.pid.
I've been using this line in /etc/fstab for mounting a storage device to my host:
//url.to-my-storage.com/mystorage /mnt/backup cifs
iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=1000,gid=1000,file_mode=0660,dir_mode=0770
0 0
I was mounting it to another host, and I ran this to protect the files from change through the new host:
chmod -R 444 /mnt/backup
(I tried to protect the storage from writing from this host, which turned out to change the mode of all the storage files)
I assume the missing executable permissions what causing me this:
$ sudo mount -a
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
I tried unmounting and mounting again, that didn't help, got the same permission error when using the mount command.
ls the dir shows this:
$ ls -la /mnt/backup
?????????? ? ? ? ? ? backup
HELP !
Dismounting a "Locked Out" Network Drive
To dismount a "locked out" network drive, you can try to force the unmount:
umount -f -t cifs /mnt/backup
If you are having trouble dismounting a drive, make sure that you don't have a console open somewhere where the current working directory (CWD) on the drive which you are trying to dismount, or have a file open in an editor or player somewhere or such.
Properly Mounting a Network Drive
You should add your permissions in your mount options rather than trying to apply them afterwards. You would want to replace these mount options:
rw,file_mode=0660,dir_mode=0770
with
ro
Currently you are mounting your CIFS drive as read-write (rw), giving files read-write permission (file_mode=0660) and directories read-write-execute (dir_mode=0770). Simply mounting the drive as read-only (ro) should suffice. (If you do need to fine tune the file and dir modes, rather use umask.)
I would also advise you to double check whether you are using uid and gid correctly: if the user ID or group ID used gets deleted, that could also lead to problems.
References
https://linux.die.net/man/8/mount
https://en.wikipedia.org/wiki/File_system_permissions
https://oracletechdba.blogspot.com/2017/06/umount-lsof-warning-cant-stat-cifs-file.html
https://stackoverflow.com/a/40527234/171993
Environment is in virtual box,ubuntu 12.04. It has 2 disks, /dev/sda1 and /dev/sdb1 are both ext4 type filesystem.
Since /dev/sdb1 is add after system installed, so I want to mount it manually. I'd try this command:
sudo mount -o user,defaults /dev/sdb1 ~/project
No errors report. Then I get mount info by mount:
/dev/sdb1 on /home/igsrd/project rw,noexec,nosuid,nodev
But when I ls -l to see /home/igsrd I found its permission is still belongs root, so I can't touch anything in it. Why it still belongs root?
I have another machine running ubuntu 12.04,too. I mount another partition with same option will be fine, correct permission(ownership). Are any differences between them?
*nix permissions on a filesystem that supports them natively, e.g. ext4, will be maintained regardless of how it is mounted when using a proper filesystem driver, e.g. the native ext4 driver built into Linux.
Why don't you just (while still root) do this:
chown -R <your-user-name> ~<your-user-name>/project
?
I've written a small FUSE-based filesystem and now the only part's missing is that I want to register it with fstab(5) to auto-mount it on system startup and/or manually mount it with just mount /srv/virtual-db. How can I achieve this?
I know, I can just run /usr/bin/vdbfs.py /srv/virtual-db from some init script, but that's not exactly pretty.
I'm sorry because this may be not exactly a programming question, but it's highly related, as the packaging and deployment is still the programmer's job.
In general, one "registers" a new mount filesystem type by creating an executable mount.fstype.
$ ln -s /usr/bin/vdbfs.py /usr/sbin/mount.vdbfs
If vdbfs.py takes mount-ish arguments (i.e. dev path [-o opts]), then mount -t vdbfs and using vdbfs as the 3rd field in fstab will work. If it doesn't, you can create a wrapper which does take arguments of that form and maps them to whatever your vdbfs.py takes.
FUSE should also install a mount.fuse executable; mount.fuse 'vdbfs.py#dev' path -o opts will go on and call vdbfs.py dev path -o opts. In that case, you can use fuse as your filesystem type and prefix your device with vdbfs.py#.
So to clarify ephemient's answer, there are two options:
Edit /etc/fstab like this:
# <file system> <mount point> <type> <options> <dump> <pass>
# ...
vdbfs.py#<dev> /srv/virtual-db fuse user,<other-opts> 0 0
Or,
Create an executable prefixed with "mount." (ensuring it can be used
with mount-like options):
$ ln -s /usr/bin/vdbfs.py /usr/sbin/mount.vdbfs
And edit /etc/fstab like this:
# <file system> <mount point> <type> <options> <dump> <pass>
# ...
<dev> /srv/virtual-db vdbfs.py user,<other-opts> 0 0
With regards to auto-mounting at start up and manually mounting with mount, the user and noauto options are relevant and fully supported by fuse itself so you don't have to implement them yourself. The user option lets a non-priveleged user who is a member of the "fuse" group mount your filesystem with the mount command, and noauto directs your filesystem not to automatically mount at startup. If you don't specify noauto, it will automatically mount.
To clarify #patryk.beza comment on the accepted answer, the correct way to mount a FUSE file system is by setting the file system type to fuse.<subtype>.
For example, to mount an s3fs-fuse implementation, which does not provide a specific /sbin/mount.* wrapper and uses normally the s3fs user command to mount S3 buckets, one can use this command as root:
mount -t fuse.s3fs bucket-name /path/to/dir -o <some,options>
or this line in /etc/fstab:
bucket-name /path/to/dir fuse.s3fs <some,options> 0 0
or this SystemD mount unit (for example, /etc/systemd/system/path-to-dir.mount):
[Unit]
Description=S3 Storage
After=network.target
[Mount]
What=bucket-name
Where=/path/to/dir
Type=fuse.s3fs
Options=<some,options>
[Install]
WantedBy=multi-user.target
How this works: mount recognizes the concept of "filesystem subtypes" when the type is formatted with a period (i.e. <type>.<subtype>), so that a type with the format fuse.someimpl is recognized to be the responsibility of the FUSE mount helper /sbin/mount.fuse. The FUSE mount helper then resolves the someimpl part to the FUSE implementation, in the same way as the # format is used in the original answer (I think this is just a path search for a program named <subtype>, but I'm not 100% sure about it).
You could just use fuse filesystem type. The following works on my system:
smbnetfs /media/netbios fuse defaults,allow_other 0 0
Another example:
sshfs#user#example.com:/ /mnt fuse user,noauto 0 0
After researching a lot found this solution to mount fuse filesystem suing fstab entry. I was using fuse for s3bucket to mount on local linux machine.
.passwd-s3fs : Is containing credentials to access your aws account 1] Secret key and 2] Access Key .
uid : User Id. You can type linux command id and you can get uid
Syntax:
s3fs#<Bucket_Name> <Mounted_Direcotry_Path> fuse _netdev,allow_other,passwd_file=/home/ubuntu/.passwd-s3fs,use_cache=/tmp,umask=002,uid=<User_Id> 0 0
Example:
s3fs#myawsbucket /home/ubuntu/s3bucket/mys3bucket fuse _netdev,allow_other,passwd_file=/home/ubuntu/.passwd-s3fs,use_cache=/tmp,umask=002,uid=1000 0 0
To mount you need run following command.
mount -a
To check your bucket is mounted properly or not use following command to check which shows all mounted points.
df -h