File: mountpoint.sgml

package info (click to toggle)
linuxconf 1.26r4-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 56,432 kB
  • ctags: 27,217
  • sloc: cpp: 158,803; perl: 7,484; sh: 4,134; java: 3,105; ansic: 2,492; makefile: 2,216; python: 109
file content (273 lines) | stat: -rw-r--r-- 8,486 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
 
<!doctype linuxdoc system>
<article>
<title>Mapping a filesystem into the main tree

<sect>Purpose

<p>	At this point, we are trying to logically connect a
	filesystem (a local partition or a server volume) with the
	directory tree. The filesystem can be located anywhere.

	The following situation is not uncommon:

	<itemize>
	<item>You have a large directory, say /home/jack, which
		is getting bigger and bigger.
	<item>You are out of disk space.
	<item>You buy a second hard drive, create a single partition
		on it (/dev/hdb1 for example).
	<item>You rename /home/jack to /home/jack.backup
	<item>You map /dev/hdb1 to /home/jack.
	<item>You copy /home/jack.backup to /home/jack.
	</itemize>

	After that, you may delete /home/jack.backup. You get the
	same logical file layout, but now have space on the first
	drive and a lot of space for /home/jack to grow on the second.

<sect>Task
<p>
	To achieve the connection, you have to:

	<enum>
	<item>Select a hard drive partition.
	<item>Identify the type of filesystem. <em/Ext2/ for <em/Linux/ and
		<em/Umsdos/ for DOS drives.
	<item>Pick a mount point. It can be any directory or subdirectory.
	</enum>

<sect>General options
<p>
	The general options are not needed most of the time. They allow
	for increased flexibility and security.

	<itemize>
	<item>Read-only

		It is possible to protect a partition from writing. Even
		the superuser won't be able to write there. This is seldom
		used on a normal hard drive partition though.

	<item>User mountable

		This is generally used with the following option, and
		is useful for removable media. It allows anyone to
		activate the connection at any time. Normally, only root
		(the superuser) can establish a mount.

	<item>Do not mount at boot time

		Especially useful for removable media, it prevents the system
		from trying to establish a mount at boot time.

	<item>No program allowed to execute

		This is a security feature, which is especially useful for
		removable media. If you set the <tt/user mountable/ option on a
		removable media, it allows any user to come and install a set of
		files, specifically setup, to give him full access to your
		system (administrator privileges).  This option would prevent
		this situation from occurring.

	<item>No special device file support

		This is a security feature.

		Special devices are generally created with proper access rights
		in the /dev directory. They may be created in other places too,
		with the mknod command. This feature prevents mounting
		media with special devices created with relaxed security. Such
		devices would defeat all security on the system.

	<item>No setuid programs allowed

		This is yet another security feature. It is a compromise between
		full access and the above option (no execution allowed).

		If you set this option, the system will deny privileged
		programs their special rights. A privileged program
		is one that switches the user to another identity while
		it is running (generally root).  This allows the user
		to do special tasks that only the supervisor can do.

	<item>User quota enabled

		This flag tells the kernel to enable quota accounting on the
		filesystem. Quota accounting maintains, for each user in real
		time, the amount of disk space used and the amount of files
		and directories they own. Limits may be imposed on some or
		all users.

		This is controlled separately for each file system. The
		file quota.user is created in the root of the
		filesystem (linuxconf will create it for you if you activate
		this feature). The utility
		quotacheck is run to initialize the file with the current state
		of the filesystem. The kernel, from now on, will silently update
		this for each user account.

		This is useful for preventing a single user from filling the disk.

	<item>Group quota enabled

		This is the same feature as user quota enabled, but
		for groups. The group quotas
		hold the sum of the quotas of all file members of the group. A
		file quota.group is created when this feature is enabled and
		the utility quotacheck is used to initialize the file.

		While a user may be under his personal quota limit, the quota
		of his group may be over its limit. The user will be prevented
		from creating new files and/or growing them.

	</itemize>

<sect><em/(U)Ms-DOS/ and <em/Hpfs/ (<em>OS/2</em>) options
<p>
<sect1>Security features
<p>
	Both <em/Ms-DOS/ and <em>OS/2</em> are single-user operating systems.
	Their respective filesystems lack most of the features expected in
	a multi-user operating system like <em/Linux/.

	For one, there is no file ownership. This means that when
	a <em/DOS/ hard drive is mounted into the <em/Linux/ filesystem tree,
	files will be available to every user on the machine.

	Keep in mind that <em/Linux/ is a multi-user system. It is fairly
	easy to create user accounts on your system for co-workers so they
	can share your CPU or system resources. It would be unpleasant to
	find out later that everyone has access to every personal file
	you have in your <em/DOS/ partitions.

	<em/Linux/ offers a neat solution to this. You can logically
	apply an ownership and permission flag to all files and directories
	on <em/DOS/ partitions. No special data is written to the
	partitions. It is simply a presentation mode used by <em/Linux/.

	Here are the options you can control

	<itemize>
	<item>Default user ID

		You can assign one owner to all files and directories
		in the filesystem. The default owner is root.

	<item>Default group ID

		You can assign one group to all files and directories
		in the file system. The default group is root.

	<item>Default permissions

		You can selectively turn on or off every one of the nine
		<em/UNIX/ style permission bits. Permission bits are
		expressed as three groups of three bits each. Each group
		has the following layout:

		<itemize>
		<item>Read access
		<item>Write access
		<item>Execute access
		</itemize>

		The groups are

		<itemize>
		<item>Owner permission bits
		<item>Group permission bits
		<item>Other users (not the owner and not a member of the
			group) permission bits.
		</itemize>

		These bits are expressed in octal notation. A "one" indicates
		that the corresponding permission is off. For example a
		value of 007, enable full access to the owner and the group but
		disable all access for other users. A value of 022 provides
		full access to the owner, but disables writing for all other users.

	</itemize>

<sect1>Translation mode
<p>

	Text files are stored in a slightly different format on
	<em/Ms-DOS/ and <em>OS/2</em>, compared to <em/UNIX/ and
	<em/Linux/. The difference lies in the way end-of-file
	is identified.

	<em/Ms-DOS/ uses a sequence of two characters, an
	ASCII <tt/Carriage-return/ followed by an ASCII <tt/Line Feed/.
	<em/UNIX/ use only a single <tt/Line Feed/.

	The <tt/Ms-DOS/, <tt/Umsdos/ and <tt/Hpfs/ file-systems share
	one option to make life easier when sharing files on a hard
	drive between <em/Linux/ and <em/Ms-DOS/ or <em>OS/2</em>.

	Here are the modes available:

	<itemize>
	<item>binary -	This means no translation at all.
	<item>auto - The translation will be activated on all files except
		those with a special extension.

		Here are the known binary extensions:

		<itemize>
		<item>  Program code

		APP BIN COM DLL DRV EXE LIB OBJ OVL OVR
		PIF SYS

		<item> Common archivers

		ARC ARJ DEB GZ  LHA LZH TAR TAZ TGZ TPZ
		TZ  TZP Z   ZIP ZOO

		<item> Graphics

		BMP GIF GL  JPG PCX TIF

		<item> TeX

		DVI GF PK PXL TFM VF

		</itemize>

	<item>text

		The translation will be done on all files. This option
		should be used with care.

	</itemize>

	Once a translation mode is selected, it is done both at read
	and write times. This makes it nearly transparent to <em/Linux/
	applications.

	Please note that the current trend is towards flexible utilities
	(editors) which can handle both formats instead of using
	a filesystem trick like this one.

<sect>Other options
<p>
	New filesystems and filesystem features do appear once in a while.
	These filesystems may have options unknown to <em/Linuxconf/.

	To cope with this, there is an extra option line. Normally
	filesystem options are a group of keyword/value pairs, separated
	by a comma.

	<tscreen><verb>
		opt1=val,opt2=none,opt3,opt4=2
	</verb></tscreen>

<sect>Comment

<p>	You can write anything you want here, including an explanation about
	the option combination you have selected.


</article>