45

I have an Ubuntu server where I'm automounting an external hard drive each boot.

To do this, I've created an empty folder on the root partition, and the drive gets mounted "inside" this folder.

However, what if I perform a backup to this path when the drive isn't properly mounted? The backup would instead fill up my root partition!

I can ensure that the drive is mounted each time by performing:

sudo mount -a

... before each backup.

However, what are the best practices to ensure that data is never written to the empty mount-folder (except when the external hard drive is truly mounted)?

Can this be solved without scripting? Say with permissions for example? What are the best practices?

LonnieBest
  • 1,450
  • 4
  • 21
  • 36
  • 2
    Use the mountpoint command http://serverfault.com/questions/436048/crontab-running-before-nfs-mounted – user9517 Jan 27 '14 at 21:28

2 Answers2

69

I go a step further and always set the attributes of my mountpoint directories to immutable using chattr.

This is accomplished with chattr +i /mountpoint (with the mount unmounted).

This would error-out on new write activity and also protects the mount point in other situations.

But I suppose you could use the mountpoint command, too ;)

Community
  • 1
ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • 5
    This is a better solution; it requires no scripting to ensure nothing ever gets written to the root partition. To me, this seems like a best practice that should be done for all folders that will be exclusively used for mounting. – LonnieBest Jan 27 '14 at 22:33
  • 1
    @LonnieBest Thank you. I strive to make sure any removable or NFS/CIFS or major data partitions are mounted this way. – ewwhite Jan 27 '14 at 22:35
  • 1
    That is even better - I like it! – fukawi2 Jan 28 '14 at 02:22
  • 3
    How can you ensure that files will not be written to the local file system if you are a non-root user? You see, chattr +i requires root permissions, and even if you do it using root, thereafter a non-root user cannot mount to this protected mountpoint. So how does non-root user achieve this? – LonnieBest Jun 27 '16 at 18:18
  • @LonnieBest Should non-root/non-admin users have filesystem mount privileges? – ewwhite Jun 27 '16 at 18:20
  • Sure, when the user is me ;) . What if you, as administrator, want to give non-root users access to the immutable mount? I'm the user here. I know the root password, but I want to consume this mount using my regular user account without sudo. I can only seem to do this when the mount point is mutable. – LonnieBest Jun 29 '16 at 13:59
  • 1
    Presumably using `chattr` is a great idea iff there's no need to add/move files in the root of the mountpoint? – mwfearnley Apr 05 '18 at 15:25
  • 1
    @ewwhite Non-root users can mount things with fuse (e.g. sshfs). – jamesdlin Sep 11 '18 at 19:35
  • @jamesdlin Yes, but not when the share-folder is immutable. How can a non-root user mount to an immutable mount-folder? How can a non-root user ensure he doesn't fill up the root partition by writing data to a mount-folder that is for some reason not mounted at the time of his attempts to write to the mount? – LonnieBest Dec 17 '21 at 13:37
  • 1
    @LonnieBest I was agreeing with you and was disputing the question "Should non-root/non-admin users have filesystem mount privileges?" – jamesdlin Dec 17 '21 at 18:06
  • 1
    @mwfearnley Once the disk/device is mounted to the mountpoint, it masks the `chattr`'d directory, so you *can* add/move files in the root of the mountpoint, iff the device is mounted. – sssheridan Aug 21 '22 at 12:58
2

To expand on the comment about using mountpoint, this is roughly what I put into scripts when I need to check these kind of things:

DEST='/mnt/backup'
if ! mountpoint -q "$DEST" ; then
    echo "Destination is not mounted; attempting to mount"
    mount $DEST
    if ! mountpoint -q "$DEST" ; then
        echo "Unable to mount $DEST; Aborting"
        exit 1
    fi
    echo "Mounted $DEST; Continuing backup"
fi

This assumes that $DEST exists in /etc/fstab; it doesn't matter if it is an auto or noauto mountpoint.

As per the mount man page:

If only directory or device is given, for example:

mount /dir

then mount looks for a mountpoint and if not found then for a device in the /etc/fstab file. It's possible to use --tar‐get or --source options to avoid ambivalent interpretation of the given argument. For example

mount --target /mountpoint
fukawi2
  • 5,327
  • 3
  • 30
  • 51
  • Is $DEST the path-location to the (potentially empty) mount-folder? How does the command "mount $DEST" know what to mount there? Could you edit this post to include an example value for the variable $DEST? – LonnieBest Jan 27 '14 at 22:24
  • 1
    @LonnieBest Done. – fukawi2 Jan 28 '14 at 02:21
  • Thanks man. I wonder how the mount command knows which device is associated with /mnt/backup folder. Does it cross-reference with the fstab? – LonnieBest Jan 28 '14 at 03:59
  • 1
    @LonnieBest Yes, if you only provide 1 argument to `mount` it will consult /etc/fstab to determine the rest of the information. I'll update the answer with an excerpt from the man page. – fukawi2 Jan 28 '14 at 04:02