mount -o bind

mount -o bind

[Lucas Peet]

[-- Attachment #1.1: Type: text/plain, Size: 1350 bytes --]

Hello,

 

Does autofs / automount have the ability to bind one directory to another
like 'mount -o bind dir1 dir2'?  And if so, can this be handled by using
wildcards in the maps?  Here is my situation:

 

I have a large directory of user's home directories.  These are in a chroot
jail, so making soft links isn't an option, and hard links won't work for
directories.  I need to bind (mount) a directory that lives outside the
chroot jail to a directory / mount point inside each home directory.  The
users will only be accessing this directory for short periods (to copy a
file or two), and I think it would be more practical to have autofs mount it
whenever they needed access to it, and unmount it when they're done.

 

I'm not sure on the exact number of mounted filesystems Linux can handle (or
if a directory mounded via -o bind counts towards that, though I'd assume it
would), but I would think that using automount instead of putting hundreds
of entries into fstab would be more the Linux way of doing things.  Even if
I had to put an entry for each user in a map, that would be a better
solution to me than using fstab, since they all wouldn't be mounted at the
same time, all the time.

 

Dir to be accessed by all users:  /home/stuff/everyone

 

Mounted to: /home/users/*/everyone

 

Is this even possible?

 

Thanks,

 

-Lucas


[-- Attachment #1.2: Type: text/html, Size: 4856 bytes --]

[-- Attachment #2: Type: text/plain, Size: 140 bytes --]

_______________________________________________
autofs mailing list
autofs@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/autofs

Re: mount -o bind

[ramana]

Lucas Peet wrote:
> Hello,
> 
>  
> 
> Does autofs / automount have the ability to bind one directory to 
> another like ‘mount –o bind dir1 dir2’?  And if so, can this be handled 
> by using wildcards in the maps?  Here is my situation:
> 
>  
> 
> I have a large directory of user’s home directories.  These are in a 
> chroot jail, so making soft links isn’t an option, and hard links won’t 
> work for directories.  I need to bind (mount) a directory that lives 
> outside the chroot jail to a directory / mount point inside each home 
> directory.  The users will only be accessing this directory for short 
> periods (to copy a file or two), and I think it would be more practical 
> to have autofs mount it whenever they needed access to it, and unmount 
> it when they’re done.
> 
>  
> 
> I’m not sure on the exact number of mounted filesystems Linux can handle 
> (or if a directory mounded via –o bind counts towards that, though I’d 
> assume it would), but I would think that using automount instead of 
> putting hundreds of entries into fstab would be more the Linux way of 
> doing things.  Even if I had to put an entry for each user in a map, 
> that would be a better solution to me than using fstab, since they all 
> wouldn’t be mounted at the same time, all the time.
> 
>  
> 
> Dir to be accessed by all users:  /home/stuff/everyone
> 
>  
> 
> Mounted to: /home/users/*/everyone
> 
>  
> 
> Is this even possible?
> 
>  
>

To be honest I could not understand 100%.

But still something close to what you are asking is here http://www.intraperson.com/autodir/.

If something else that you want is missing let me know.

Regards
ramana
-- 
http://www.intraperson.com

Re: mount -o bind

[raven]

On Mon, 18 Apr 2005, Lucas Peet wrote:

> Hello,
>
>
>
> Does autofs / automount have the ability to bind one directory to another
> like 'mount -o bind dir1 dir2'?  And if so, can this be handled by using
> wildcards in the maps?  Here is my situation:
>
>
>
> I have a large directory of user's home directories.  These are in a chroot
> jail, so making soft links isn't an option, and hard links won't work for
> directories.  I need to bind (mount) a directory that lives outside the
> chroot jail to a directory / mount point inside each home directory.  The
> users will only be accessing this directory for short periods (to copy a
> file or two), and I think it would be more practical to have autofs mount it
> whenever they needed access to it, and unmount it when they're done.
>
>
>
> I'm not sure on the exact number of mounted filesystems Linux can handle (or
> if a directory mounded via -o bind counts towards that, though I'd assume it
> would), but I would think that using automount instead of putting hundreds
> of entries into fstab would be more the Linux way of doing things.  Even if
> I had to put an entry for each user in a map, that would be a better
> solution to me than using fstab, since they all wouldn't be mounted at the
> same time, all the time.
>
>
>
> Dir to be accessed by all users:  /home/stuff/everyone
>
>
>
> Mounted to: /home/users/*/everyone

What would be the map key in this case?

Perhaps you could do something like ...

auto.master:

/home	/etc/autofs.home

autofs.home:

*	/ :/home/users/& :/home/stuff/&/everyone

I haven't tried this so I'm not sure it will work.
Give it a try. It will be interesting to see how chroot affects 
this as that will probably affect the path that autofs gets back at mount 
request time.

Note that it can't work with anything less than 4.1.4 for the : escape to 
work in multi-maps.

Ian

Re: mount -o bind

[raven]

On Wed, 20 Apr 2005 raven@themaw.net wrote:

> On Mon, 18 Apr 2005, Lucas Peet wrote:
>
>>  Hello,
>> 
>> 
>> 
>>  Does autofs / automount have the ability to bind one directory to another
>>  like 'mount -o bind dir1 dir2'?  And if so, can this be handled by using
>>  wildcards in the maps?  Here is my situation:
>> 
>> 
>> 
>>  I have a large directory of user's home directories.  These are in a 
>>  chroot
>>  jail, so making soft links isn't an option, and hard links won't work for
>>  directories.  I need to bind (mount) a directory that lives outside the
>>  chroot jail to a directory / mount point inside each home directory.  The
>>  users will only be accessing this directory for short periods (to copy a
>>  file or two), and I think it would be more practical to have autofs mount 
>>  it
>>  whenever they needed access to it, and unmount it when they're done.
>> 
>> 
>> 
>>  I'm not sure on the exact number of mounted filesystems Linux can handle 
>>  (or
>>  if a directory mounded via -o bind counts towards that, though I'd assume 
>>  it
>>  would), but I would think that using automount instead of putting hundreds
>>  of entries into fstab would be more the Linux way of doing things.  Even 
>>  if
>>  I had to put an entry for each user in a map, that would be a better
>>  solution to me than using fstab, since they all wouldn't be mounted at the
>>  same time, all the time.
>> 
>> 
>> 
>>  Dir to be accessed by all users:  /home/stuff/everyone
>> 
>> 
>> 
>>  Mounted to: /home/users/*/everyone
>
> What would be the map key in this case?
>
> Perhaps you could do something like ...
>
> auto.master:
>
> /home	/etc/autofs.home
>
> autofs.home:
>
> *	/ :/home/users/& :/home/stuff/&/everyone

You might also need a -bind for this.

*	-bind :/home/users/& :/home/stuff/&/everyone

Alternately:

*	/ localhost:/home/users/& localhost:/home/stuff/&/everyone

might work.

>
> I haven't tried this so I'm not sure it will work.
> Give it a try. It will be interesting to see how chroot affects this as that 
> will probably affect the path that autofs gets back at mount request time.
>
> Note that it can't work with anything less than 4.1.4 for the : escape to 
> work in multi-maps.

And another thing.
This would mount two directories at a time. When the mount times out both 
would be umounted.

>
> Ian

RE: mount -o bind

[Lucas Peet]

On Wed, 20 Apr 2005 raven@themaw.net wrote:

> What would be the map key in this case?

I *think* the key would be the user's home directory?

> Perhaps you could do something like ...
>
> auto.master:
> /home	/etc/autofs.home
>
> autofs.home:
> *	/ :/home/users/& :/home/stuff/&/everyone

I don't understand a whole lot about autofs just yet (I'm learning though!)
but I'm not sure if that's what I'm after.

Say I have a 200GB drive in the system for a central shared filestore,
mounted as /data.  I have this shared via Samba on the network.  I want this
to be available as /home/users/lpeet/data (for each user in /home/users) so
it can be accessed via FTP as well.

> I haven't tried this so I'm not sure it will work.
> Give it a try. It will be interesting to see how chroot affects this as
that 
> will probably affect the path that autofs gets back at mount request time.

The chroot environment isn't system wide - it's only in place when
connecting through FTP.  Do you still think that will affect the path?

> Note that it can't work with anything less than 4.1.4 for the : escape to 
> work in multi-maps.

I'm upgrading now.  :)

> And another thing.
> This would mount two directories at a time. When the mount times out both 
> would be umounted.

So...does this mean that since there's only one mapping, using a wildcard,
that if say one user logs in, access the directory, that automount will
mount the directory for every user or just the user that requested it to be
mounted?  At the same time, if the timeout occurs for one user, will it
unmount the directory for all the users? Or will it leave the directory
mounted for all the users and wait until the last user has stopped accessing
it, and unmount it for all the users at that time?

Thanks,

-Lucas

RE: mount -o bind

[Jim Carter]

On Tue, 19 Apr 2005, Lucas Peet wrote:
> Say I have a 200GB drive in the system for a central shared filestore,
> mounted as /data.  I have this shared via Samba on the network.  I want this
> to be available as /home/users/lpeet/data (for each user in /home/users) so
> it can be accessed via FTP as well.

If ftpd chroots to the user's homedir, and the user then refers to 
~user/data, if a automount process were already mounted on that directory 
with a suitable map, it could bind-mount outside directories onto 
subdirectories of ~user/data.  But I'm sure you don't want to pre-create 
one automount process per user.  

What you really want is for the FTP daemon to run a script when setting up 
a session, which could bind-mount the /data directory, and to run another 
script at session end, to unmount it.  But I went over the man page for 
vsftpd and I didn't see any such facility.  Possibly a less paranoid FTP 
daemon might do it for you, with a corresponding weakening of security.

Why are you doing the chroot?  Do you need to protect the users from each 
other?  Or is the main focus on keeping the users out of central system 
files?  Said another way, if a hacker gets on as user X, he can trash 
X's homedir or steal his secret stuff, but assuming that he's exploiting 
something that lets him get through UNIX file permissions (but not a 
chroot), which files do you particularly want to keep safe?  The reason I 
ask is, you might consider a directory structure like this:

/home/users/user1
/home/users/user2...
/home/users/data      (bind mount from /data, or just mount it here)

Then if the chroot for everyone was to /home/users, everyone could get at 
the shared directory any time they wanted.  But they could also attempt to 
get at any other user's homedir, and you would have to trust UNIX file 
permissions to keep those files safe, as well as the ones in 
/home/users/data.  Whereas, the hacker would have to break the chroot (as 
well as UNIX file permissions) to get at /etc and the contained host and 
user keys.

> So...does this mean that since there's only one mapping, using a wildcard,
> that if say one user logs in, access the directory, that automount will
> mount the directory for every user or just the user that requested it to be
> mounted?  At the same time, if the timeout occurs for one user, will it
> unmount the directory for all the users? Or will it leave the directory
> mounted for all the users and wait until the last user has stopped accessing
> it, and unmount it for all the users at that time?

Each bind mount would be created individually, and would time out 
individually, even though /data would potentially be mounted for multiple 
users.  However, I'm having trouble figuring out on which directory the 
automount process should be mounted.  I haven't used multi-mounts before, 
so be very cautious about what follows (I probably should keep my mouth 
shut here but...)  Perhaps you want a mount point of automount, let's call 
it /ftp, and the map row would look like:

/ftp/* -bind /home/users/& /home/users/&/data

So how does automount know *what* to mount on /ftp/&/data?  If 
/home/users/&/data is a symlink to /data, it's clear what to mount, but 
you'll end up mounting /data onto /data, which is useless at best and 
probably not healthy.  If /home/users/&/data is a directory then there's no 
magic for what to mount on it.  If by accident it's missing, you get nasty 
messages cluttering up your logs.  So this solution probably isn't going to 
fly.  Sorry.


James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)

RE: mount -o bind

[raven]

On Tue, 19 Apr 2005, Jim Carter wrote:

>
> /ftp/* -bind /home/users/& /home/users/&/data

That would be something like

auto.master

/ftp	/etc/autofs.multi

and in autofs.multi

*	-bind	/users/&	:/home/users/&	\
 		/users/&/data	:/home/users/&/data

Which, on access (when ftp daemon changes to login directory) by, 
say user iank, should mount

/home/users/iank	on 	/ftp/users/iank
/home/users/iank/data	on	/ftp/users/iank/data

and after logout should umount both mounts on timeout.

the "*" wildcard key is replaced in the mount entry to form the mounts.
Only directories that are walked on should be mounted.

Ian

RE: mount -o bind

[raven]

On Tue, 19 Apr 2005, Lucas Peet wrote:

>
> On Wed, 20 Apr 2005 raven@themaw.net wrote:
>
>> What would be the map key in this case?
>
> I *think* the key would be the user's home directory?
>
>> Perhaps you could do something like ...
>>
>> auto.master:
>> /home	/etc/autofs.home
>>
>> autofs.home:
>> *	/ :/home/users/& :/home/stuff/&/everyone
>
> I don't understand a whole lot about autofs just yet (I'm learning though!)
> but I'm not sure if that's what I'm after.
>
> Say I have a 200GB drive in the system for a central shared filestore,
> mounted as /data.  I have this shared via Samba on the network.  I want this
> to be available as /home/users/lpeet/data (for each user in /home/users) so
> it can be accessed via FTP as well.
>
>> I haven't tried this so I'm not sure it will work.
>> Give it a try. It will be interesting to see how chroot affects this as
> that
>> will probably affect the path that autofs gets back at mount request time.
>
> The chroot environment isn't system wide - it's only in place when
> connecting through FTP.  Do you still think that will affect the path?

See following message but ...

In the case that I describe the chroot will cause the mount.
Both the needed directories will be mounted before chroot completes so in 
the case I've described it should be OK.

What kernel are you using?
This could make a difference.

>
>> Note that it can't work with anything less than 4.1.4 for the : escape to
>> work in multi-maps.

That's the ":" escape I'm talking about.
If you use localhost the mounts should be bind mounts anyway, giving the 
same result.

>
> I'm upgrading now.  :)
>
>> And another thing.
>> This would mount two directories at a time. When the mount times out both
>> would be umounted.
>
> So...does this mean that since there's only one mapping, using a wildcard,
> that if say one user logs in, access the directory, that automount will
> mount the directory for every user or just the user that requested it to be
> mounted?  At the same time, if the timeout occurs for one user, will it
> unmount the directory for all the users? Or will it leave the directory
> mounted for all the users and wait until the last user has stopped accessing
> it, and unmount it for all the users at that time?

They would be mounted on demand.
See following post.

Ian