Mapping a filesystem into the main tree 11.. PPuurrppoossee At this point, we are trying to logically connect a filesystem (a local partition or a server volume) with the directory tree. The filesystem can be located anywhere. The following situation is not uncommon: +o You have a large directory, say /home/jack, which is getting bigger and bigger. +o You are out of disk space. +o You buy a second hard drive, create a single partition on it (/dev/hdb1 for example). +o You rename /home/jack to /home/jack.backup +o You map /dev/hdb1 to /home/jack. +o You copy /home/jack.backup to /home/jack. After that, you may delete /home/jack.backup. You get the same logical file layout, but now have space on the first drive and a lot of space for /home/jack to grow on the second. 22.. TTaasskk To achieve the connection, you have to: 1. Select a hard drive partition. 2. Identify the type of filesystem. _E_x_t_2 for _L_i_n_u_x and _U_m_s_d_o_s for DOS drives. 3. Pick a mount point. It can be any directory or subdirectory. 33.. GGeenneerraall ooppttiioonnss The general options are not needed most of the time. They allow for increased flexibility and security. +o Read-only It is possible to protect a partition from writing. Even the superuser won't be able to write there. This is seldom used on a normal hard drive partition though. +o User mountable This is generally used with the following option, and is useful for removable media. It allows anyone to activate the connection at any time. Normally, only root (the superuser) can establish a mount. +o Do not mount at boot time Especially useful for removable media, it prevents the system from trying to establish a mount at boot time. +o No program allowed to execute This is a security feature, which is especially useful for removable media. If you set the user mountable option on a removable media, it allows any user to come and install a set of files, specifically setup, to give him full access to your system (administrator privileges). This option would prevent this situation from occurring. +o No special device file support This is a security feature. Special devices are generally created with proper access rights in the /dev directory. They may be created in other places too, with the mknod command. This feature prevents mounting media with special devices created with relaxed security. Such devices would defeat all security on the system. +o No setuid programs allowed This is yet another security feature. It is a compromise between full access and the above option (no execution allowed). If you set this option, the system will deny privileged programs their special rights. A privileged program is one that switches the user to another identity while it is running (generally root). This allows the user to do special tasks that only the supervisor can do. +o User quota enabled This flag tells the kernel to enable quota accounting on the filesystem. Quota accounting maintains, for each user in real time, the amount of disk space used and the amount of files and directories they own. Limits may be imposed on some or all users. This is controlled separately for each file system. The file quota.user is created in the root of the filesystem (linuxconf will create it for you if you activate this feature). The utility quotacheck is run to initialize the file with the current state of the filesystem. The kernel, from now on, will silently update this for each user account. This is useful for preventing a single user from filling the disk. +o Group quota enabled This is the same feature as user quota enabled, but for groups. The group quotas hold the sum of the quotas of all file members of the group. A file quota.group is created when this feature is enabled and the utility quotacheck is used to initialize the file. While a user may be under his personal quota limit, the quota of his group may be over its limit. The user will be prevented from creating new files and/or growing them. 44.. ((UU))MMss--DDOOSS aanndd HHppffss (( OOSS//22 )) ooppttiioonnss 44..11.. SSeeccuurriittyy ffeeaattuurreess Both _M_s_-_D_O_S and _O_S_/_2 are single-user operating systems. Their respective filesystems lack most of the features expected in a multi- user operating system like _L_i_n_u_x. For one, there is no file ownership. This means that when a _D_O_S hard drive is mounted into the _L_i_n_u_x filesystem tree, files will be available to every user on the machine. Keep in mind that _L_i_n_u_x is a multi-user system. It is fairly easy to create user accounts on your system for co-workers so they can share your CPU or system resources. It would be unpleasant to find out later that everyone has access to every personal file you have in your _D_O_S partitions. _L_i_n_u_x offers a neat solution to this. You can logically apply an ownership and permission flag to all files and directories on _D_O_S partitions. No special data is written to the partitions. It is simply a presentation mode used by _L_i_n_u_x. Here are the options you can control +o Default user ID You can assign one owner to all files and directories in the filesystem. The default owner is root. +o Default group ID You can assign one group to all files and directories in the file system. The default group is root. +o Default permissions You can selectively turn on or off every one of the nine _U_N_I_X style permission bits. Permission bits are expressed as three groups of three bits each. Each group has the following layout: +o Read access +o Write access +o Execute access The groups are +o Owner permission bits +o Group permission bits +o Other users (not the owner and not a member of the group) permission bits. These bits are expressed in octal notation. A "one" indicates that the corresponding permission is off. For example a value of 007, enable full access to the owner and the group but disable all access for other users. A value of 022 provides full access to the owner, but disables writing for all other users. 44..22.. TTrraannssllaattiioonn mmooddee Text files are stored in a slightly different format on _M_s_-_D_O_S and _O_S_/_2, compared to _U_N_I_X and _L_i_n_u_x. The difference lies in the way end- of-file is identified. _M_s_-_D_O_S uses a sequence of two characters, an ASCII Carriage-return followed by an ASCII Line Feed. _U_N_I_X use only a single Line Feed. The Ms-DOS, Umsdos and Hpfs file-systems share one option to make life easier when sharing files on a hard drive between _L_i_n_u_x and _M_s_-_D_O_S or _O_S_/_2. Here are the modes available: +o binary - This means no translation at all. +o auto - The translation will be activated on all files except those with a special extension. Here are the known binary extensions: +o Program code APP BIN COM DLL DRV EXE LIB OBJ OVL OVR PIF SYS +o Common archivers ARC ARJ DEB GZ LHA LZH TAR TAZ TGZ TPZ TZ TZP Z ZIP ZOO +o Graphics BMP GIF GL JPG PCX TIF +o TeX DVI GF PK PXL TFM VF +o text The translation will be done on all files. This option should be used with care. Once a translation mode is selected, it is done both at read and write times. This makes it nearly transparent to _L_i_n_u_x applications. Please note that the current trend is towards flexible utilities (editors) which can handle both formats instead of using a filesystem trick like this one. 55.. OOtthheerr ooppttiioonnss New filesystems and filesystem features do appear once in a while. These filesystems may have options unknown to _L_i_n_u_x_c_o_n_f. To cope with this, there is an extra option line. Normally filesystem options are a group of keyword/value pairs, separated by a comma. opt1=val,opt2=none,opt3,opt4=2 66.. CCoommmmeenntt You can write anything you want here, including an explanation about the option combination you have selected.