Git Product home page Git Product logo

readally's Introduction

Readally

"Readally" is a portmanteau combining "read-only" and "read all".

Similar to bindfs, Readally is a FUSE FileSystem that exposes an altered version of a given directory (aka "the original directory").

Specifically, Readally makes it:

  • 100% read-only: any attempt to write or change anything is met with errno 30, i.e. EROFS: Read-only file system;
  • 100% readable: although each file retains its original owner, group and mode, any file can still be read by any user -- essentially, standard Unix permissions are ignored.

What for?

Unprivileged backup is one possible use case: the process that backs up your data no longer needs to run as root to read the entirety of a given filesystem.

Solutions like bindfs or ID-mapped mounts also allow this but they alter perceived file ownership, which is not always desirable.

Is this not dangerous?

Anything that alters file ownership and/or the behaviour of Unix permissions is dangerous. From this perspective, Readally is as dangerous as bindfs or ID-mapped mounts.

Consequently, these solutions should be used with caution. A typical approach is to protect the mountpoint's parent directory with regular Unix permissions reflecting who is allowed to access the dataset exposed through Readally.

Example:

drwxr-xr-x root   root   /
drwxr-xr-x root   root   mnt
dr-x------ backup root   only_backup_shall_pass
drwx------ root   root   readally_mountpoint
-rw------- root   root   actual_data

Options

one-file-system

Similar to find's -xdev and du's -x, --one-file-system, this option makes Readally ignore any file related to a filesystem other than the one holding the original directory.

Default value: disabled.

banned-types

This option makes Readally ignore a given list of filetypes. Here, filetypes are neither file extensions nor MIME types but rather find-like file types:

Filetypes you likely want to keep:

  • f: regular files
  • l: symbolic links

Filetypes you likely want to ignore:

  • b: block devices
  • c: character devices
  • p: named pipes / FIFOs
  • s: sockets

Alien filetypes:

  • D: Solaris Doors
  • P: Solaris event ports
  • W : whiteouts
  • ?: unknown

Default value: bcpsDPW? i.e. by default Readally exposes only directories, regular files and symbolic links.

Implementation

How to use it

readally [-o OPTIONS] [--foreground] /original/directory /mount/point

fstab syntax:

/original/directory    /mount/point    fuse.readally    banned-types=DPW?,one-file-system    0 0

readally's People

Contributors

xavierog avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.