Before read: I don't want to use any udev rule.
I need to change (programmatically) the permissions of some device. But first in order to underestand what I have to do (in code) I want to make the job using just chmod command.
So far, I've tried this:
root# ls -l /dev/sdb
root# brw-rw-rw- 1 root disk 8, 16 Apr 7 05:27 /dev/sdb
root# chmod 0600 /dev/sdb
root# ls -l /dev/sdb
root# brw------- 1 root disk 8, 16 Apr 7 05:27 /dev/sdb
as you can see, /dev/sdb has read and write permissions only for the owner (wich is root). But I'm still able to create new files and read files from my connected flash drive.
What I'm missing. How can I use chmod to prevent users to write to some device?
Can be done what I'm asking for?
Thank in advance.
Related
I am trying to use rsync to backup some data from one computer (PopOS! 21.04) to another (Rocky 8.4). But no matter which flags I use with rsync, file permissions and ownership never seem to be saved.
What I do, is run this command locally on PopOS:
sudo rsync -avz /home/user1/test/ root#192.168.10.11:/root/ttt/
And the result I get something link this:
[root#rocky_clone0 ~]# ls -ld ttt/
drwxrwxr-x. 2 user23 user23 32 Dec 17 2021 ttt/
[root#rocky_clone0 ~]# ls -l ttt/
total 8
-rw-rw-r--. 1 user23 user23 57 Dec 17 2021 test1
-rw-rw-r--. 1 user23 user23 29 Dec 17 2021 test2
So all the file ownership change to user23, which is the only regular user on Rocky. I don't understand how this happens, with rsync I am connecting to root on the remote host, but as the result files are copied as user23. Why isn't -a flag work properly in this case?
I have also tried these flags:
sudo rsync -avz --rsync-path="sudo -u user23 rsync -a" /home/user1/test root#192.168.10.11:/home/user23/rrr
This command couldn't copy to the root directory, so I had to change the remote destination to user23's home folder. But the result is the same.
If someone could explain to me what am I doing wrong, and how to backup files with rsync so that permissions and ownership stay the same as on the local computer I would very much appreciate it.
Have a look at how the (target)filesystem is mounted on the Rocky(target) system.
Some mounted filesystems (such as many FUSE mounts) do not support the classical unix permissions, and simply use the name of the user who mounted the filesystem as owner/group.
Any attempt to chown/chmod/etc (either by you or by rsync) will just silently be ignored, but appear to "succeed" (no errors reported).
I can create a new urandom device on a some directory (test_urandom in below example), and it works as expected. E.g.
test_urandom$ sudo mknod -m 0444 ./urandom c 1 9
test_urandom$ ls -l
total 0
cr--r--r-- 1 root root 1, 9 Jun 9 09:06 urandom
test_urandom$ head -c 10 ./urandom
�O1�9�^
However, if I create the same device node in another directory, which in my case is an ext4 filesystem on a LVM (Logical Volume Management), it failed and system complained with permission denied.
test_urandom_lvm$ sudo mknod -m 0444 ./urandom c 1 9
test_urandom_lvm$ ls -l
total 0
cr--r--r-- 1 root root 1, 9 Jun 9 09:06 urandom
test_urandom_lvm$ head -c 10 ./urandom
head: cannot open ‘./urandom’ for reading: Permission denied
If I am allowed to create a device in the filesystem, why not allowed to read the device? What caused the permission denied? What changes is needed to make it work?
The filesystem is mounted with the nodev option, which inhibits block and character special device operation. Mounting it dev will allow them to work.
From a linux box, I recently mounted a Windows share using cifs.
The intend was to "locally" use rsync to backup my windows machine.
The command line used to mount the Windows drive is something like:
mount \\192.168.1.74\share /cifs1 -t cifs -o noserverino,iocharset=utf8,ro
Please also note that the drive attached to the linux box is formatted ntfs.
When doing a sample backup, rsync was always re-copying the directories (names), but not the files. After looking more closely at the "ls -lh " output at both ends, I noticed that on the linux side the size of the directory level is always 0:
TTT-Admin#1080-Router:/tmp/mnt/RT-1080/tmp# ls -lh
drwxrwxrwx 1 TTT-Admi root 0 Feb 8 12:14 DeltaCopy
but the size of the directory level on the cifs side was always different from 0:
TTT-Admin#1080-Router:/cifs1/temp/Rsync-Packages# ls -lh
drwxr-xr-x 1 TTT-Admi root 8.0K Feb 8 12:14 DeltaCopy
This difference explains why rsync was always recopying directories, but not recopying the folders(which was correct, folder sizes and time stamps being the same on both ends).
EDIT: the rsync command is:
> rsync -av /cifs1/Temp/Rsync-Packages/DeltaCopy /mnt/RT-1080/tmp/rsync
-av /cifs1/Temp/Rsync-Packages/DeltaCopy /mnt/RT-1080/tmp/
Is a directory supposed to "have a size" or not ? What should I do to solve this discrepancy ?
I have mounted a external drive at:
# mkdir /mnt/external
and subsequently:
mkdir -p /mnt/external
mount /dev/sdb1 /mnt/external
Now only the root-user has access to write to these folders.
linux-wyee:/home/martin # dir /mnt
drwxr-xr-x 2 root root 4096 13. Dez 22:01 external
How to change this - how to change that all can write to the external drive. I need to change the permissions within the terminal.
chmod 777 /dev/sdb1 /mnt/external or something alike -
Try this first,
umount /dev/sdb1
chmod -R 0777 /mnt/external
then mount with
mount /dev/sdb1 /mnt/external
or try
chmod -R 0777 /mnt/external
chmod -R 777 /mnt/external
No need to specify the device. You chmod the directory recursively.
However, usually external drives are formatted with FAT32 or some sort of Windows-compatible file system, which does not have POSIX / UNIX permissions. So this step may be redundant.
How is your drive formatted?
Have you tried writing to it as a non-root user?
A solution posted on behalf of the OP.
Update:
linux-wyee:/mnt # chown martin:users /mnt/external
See the results: - it is obvious that it works ;-)
martin#linux-wyee:/> cd mnt
martin#linux-wyee:/mnt> ls -l
insgesamt 4
drwxr-xr-x 3 root root 4096 13. Dez 19:43 external
martin#linux-wyee:/mnt> su
Passwort:
linux-wyee:/mnt # ^C
linux-wyee:/mnt #
linux-wyee:/mnt # chown martin:users /mnt/external
linux-wyee:/mnt # cd mnt
bash: cd: mnt: Datei oder Verzeichnis nicht gefunden
linux-wyee:/mnt # ls -l
insgesamt 4
drwxr-xr-x 2 martin users 4096 13. Dez 22:01 external
linux-wyee:/mnt #
It works as you see now the user martin has got permissions.
chmod -R 0777 /mnt/external
This seems to be excessive for me. Everyone on this machine can execute whatever he wants from external disk. A wide opened door for hackers. They can e.g. save a picture using a web form, change execute bit and run it as a script on your system.
Perhaps, rw access for owner and group and r for others would be a better option.
I had a similar problem, but the solution for me was to use the uid and gid options of the CIFS filing system. (I had to use CIFS because apparently NFS doesn't allow access via username and password, which I needed.)
In my embedded system I mound a uSD card in /mnt which is a folder residing on a NAND flash. A problem arises in the cases where uSD card fails to mount (missing or HW error).
Copying files to /mnt will in this case fill up the nand flash which has limited size.
My first idea was to just restrict the access to the /mnt folder so that when it fails to mount no write is allowed. As a test scenario I did (as root user)
mkdir /test
chmod 000 /test
d--------- 2 root root 160 Jan 3 10:58 test
/#
From a Ubuntu PC I then tries a to copy a file using scp
scp myFile root#192.168.1.100:/test
The idea was that as long as this directory had now acces rights this copy should be denied.
This is not the case, the file is myFile is copied to folder /test
Why is this so? My idea was as long as I revoked all access to this folder copying files would be rejected.
Where am I going wrong here?
root (or any user with uid 0 [zero] for that matter) is able to read and write to any file regardless of permission and ownership.
You might want to try out the immutable flag on that directory, though:
~# mkdir test
~# chmod 0000 test
~# touch test/foo # no error here
~# chattr +i test
~# touch test/foo2
touch: cannot touch 'test/foo2': Permission denied
Why does mnt reside on a nand flash ? You an also put it in a tmpfs file system, and limit the size of the tmpfs file system, using the size options
mkdir /media
mount -t tmpfs tmpfs -o size=4M /media
mkdir /media/mmc
Mount whatever you want in /media/mmc