I had some cases where files were written to a mount point because of mount failure.
Is there a simple way to detect such files (something that ca easily automated)?
(I know it's possible to mount the file system in a new mount point using something like:
mount --bind / /tmp/tmp
and then looking for files in all the mountpoints.
but I'm hoping for something quicker
In the future, you can run chattr +i /mountpoint (with the mount unmounted). This changes the mount point's directory to immutable. The result is that you'd error-out on new write activity. It protects the mount point in other situations as well.
Ophir,
I don't know how to achieve what you are asking for, but I do have advice for you :)
When you are preparing a mount point set its permissions to the strictest possible mask. Mount your filesystem to the mount point and set permissions on the mount point (with mounted filesystem) to the desired set. Let me illustrate:
# mkdir -m0 /mnt/mountpoint
# mount -t ext4 /dev/sdb1 /mnt/mountpoint
# chown -h user:group /mnt/mountpoint
# chmod 0750 /mnt/mountpoint
The thing is that a filesystem preserves owner/permission information, so each time you mount that filesystem your mount point will inherit owner/group/permissions from the mounted filesystem.
This trick may help you to protect and easily detect when the filesystem is not mounted. If your application is running under root, it would be able to write to a directory with permissions set to 000, but this is a good check (to check for mount point's permissions) to realise that we are writing to the wrong place.
I hope this will help.
P.S. @ewwhite has provided a better option of protecting the mount point with 'chattr +i' than setting it to 'chmod 0'.
