TransWikia.com

OverlayFS - Is it possible to make overlay layer writable by anyone/specific user (different than original owner)?

Unix & Linux Asked by icaine on December 31, 2021

Usecase:

I have a lot of production data and copying it for dev purposes would be unreal. I was thinking that OverlayFS could be a solution until a problem with permissions arised.

Let’s assume i have following folder structure:

  • /data/prod – production data (files+subfolders) owned by prod:prod having 664
  • /data/prod-overlay/dev1/{overlay,upper,lower} – data for developers (user dev1:dev1 in this case)

Dev users can read prod data but not modify.

My question is:

Is it possible to make files in /data/overlayfs/developer1/overlay writable even when permissions of original files do not allow it? Or is there any other (simple) way to achieve such behaviour while keeping prod data read-only for dev users?

For example:

There is a file /data/prod/subfolder/file (prod:prod, 664) and user dev1 wants to remove or change /data/prod-overlay/dev1/overlay/subfolder/file.

Note: dev1 can remove file /data/prod-overlay/dev1/overlay/file (with rm -f) probably because he is the owner of the overlay folder.

One Answer

Finally found the answer for my question. ?

The solution is to use overlayfs in combination with bindfs that allows mount one folder as another folder with different perms/owner/etc.

# sudo bindfs --map=origOwner/newOwner:@origGroup/@newGroup /srcFolder /dstMountpoint

mkdir /data/prod-overlay/dev1/prod  # mountpoint
sudo bindfs --map=prod/dev1:@prod/@dev1 /data/prod-overlay/dev1/overlay /data/prod-overlay/dev1/prod

Answered by icaine on December 31, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP