On 2020-09-16 01:59, Andrei POPESCU wrote:
On Sb, 12 sep 20, 15:00:57, Bob Weber wrote:
Warning: If you forget to open and mount the file encrypted.img to
$HOME/Private/ and you copy files to $HOME/Private/ it will appear to work
correctly but they will not be encrypted! If you don't move the files out
of $HOME/Private/ before you correct the mistake and mount encrypted.img you
will not see those files in $HOME/Private/ until you unmount encrypted.img.
Regardless if encrypted or not, I think it is good practice to have all
mountpoints (NOT filesystems) owned by root and permission 0000.
That's an interesting suggestion. /f1 is a mount point on my
workstation for the root filesystem on one of my servers:
2020-09-16 12:34:14 root@tinkywinky ~
# grep f1 /etc/fstab
f1:/ /f1
fuse.sshfs ro,noauto 0 0
It is not mounted:
2020-09-16 12:34:20 root@tinkywinky ~
# mount | grep f1
The permissions on the mount point are default, as set by mkdir(1):
2020-09-16 12:35:42 root@tinkywinky ~
# ll -d /f1
drwxr-xr-x 2 root root 4096 2020-09-16 12:33:41 /f1/
If I change the mode of the mount point to 0000:
2020-09-16 12:51:28 root@tinkywinky ~
# chmod 0000 /f1
2020-09-16 12:53:08 root@tinkywinky ~
# ls -la /f1
total 8
d--------- 2 root root 4096 Sep 16 12:53 .
drwxr-xr-x 26 root root 4096 Aug 30 13:39 ..
Root can still create files inside the mount point:
2020-09-16 12:53:09 root@tinkywinky ~
# echo 'hello, world!' > /f1/hello
2020-09-16 12:53:41 root@tinkywinky ~
# ls -la /f1
total 12
d--------- 2 root root 4096 Sep 16 12:53 .
drwxr-xr-x 26 root root 4096 Aug 30 13:39 ..
-rw-r--r-- 1 root root 14 Sep 16 12:53 hello
2020-09-16 12:53:44 root@tinkywinky ~
# cat /f1/hello
hello, world!
Is there some advantage other than making a long listing visually
distinctive when the mount point is not in use?
David
