Time
8 hours 30 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:03
all right. Hello and welcome to module 104.3.
00:07
Gonna talk here about mounting and mounting file systems, and the convict file naturally can be found underneath the etc. Directory that C. F s tap
00:17
The file has a few fields not too many to worry about, pretty easy to deal with.
00:22
And we control lots of different aspect of the mounting process,
00:26
whether or not we want a false system to mount when we boot.
00:30
If we do want it to mount, you can set several different options to control
00:36
security characteristics and use your behavior.
00:40
We could also specify the order of mounting, which will talk about here in just a moment.
00:45
First of all, weaken in the options section. We can specify auto
00:50
just what it sounds like it will automatically mount. That's typically what you want for a production system
00:56
unless you've got a file systems that you only occasionally used for things like development work or archive data,
01:03
other things that you just don't need at all times.
01:06
There, there by you would specify no auto in those cases.
01:11
Now we can tell the system that only route user can mount a false system by using no user.
01:19
If I specify user than anybody can mounted, that's in a regular group.
01:23
We can also control whether or not binaries are executed,
01:27
which could be a very good security benefit if you think about it. Because
01:32
if I if we allow regular users to execute binary programs from their home directory,
01:40
then they could potentially execute dangerous programs or malware. So we wantto think closely about that
01:47
rewrite. Read only these self evident as far as what those mean,
01:51
and then we can also deal with the sink or a sink. Option.
01:56
Sink is a little bit safer, in a sense, because any time you read or write from a file
02:00
or change anything, the effects are more or less immediately written to that follow system.
02:07
Casing will cue up a little bit of that information before actually making those changes. So it's a minor thing to think about.
02:13
Could be good for performance reasons, however, to use the A sink option.
02:19
So the F s tabbed files I was mentioning has all the different options that we need to specify for a file system.
02:25
We're going
02:27
tell it, what will we mounted where will be mounted which directory, which might point
02:31
false system type and then the options, which we were just looking at and slide a little bit back from here.
02:38
Also, the dump command could be used to back up a file system
02:42
by setting up a Krahn job in some other factors that will allow you to do that.
02:46
Most modern linens environments are probably not using the built in backup feature your most likely using a
02:53
an application for backups. But you do have a native functionality here to perform backups.
02:59
You could also use scripts that you concoct using the find command of the Tar Command, running them with crown jobs and so on. There's lots of different options there,
03:09
and then our last point is about the order of mounting file systems.
03:15
The order is important because there may be certain file system that need to be in place before certain service's confront or programs. Could we started, our demons could be running,
03:24
and the order, if you're building a multi tier application or something could be could be important.
03:34
Last thing to think about is users being allowed to mount their own media.
03:39
Typically, this is a thumb drive.
03:42
They're obviously lots of risks with allowing users to do this. But
03:46
if you if you want to have the capability, you can, uh,
03:50
you can create that.
03:54
All right, so let's have a look at the
03:58
Yep, that's Tab Foe.
04:03
All right,
04:12
go ahead and edit this.
04:19
You'll notice that we have our root ball system here and a swap
04:25
already to find.
04:28
You may think this is a good best practice the way I do, but
04:32
I always like to
04:36
open a couple of extra lines, put some common characters. They're just so I could separate
04:42
My custom file system mounts from anything that's already included with the operating system. It's good to keep them separate
04:49
just visually it anyway, it's easier to find what you're looking for.
04:55
So my first file system is underneath Deb S. D. B one.
05:00
So I'm specifying the device file,
05:03
then the Mount Point itself, which is my data. In this case.
05:09
This is
05:11
a E x t three file system,
05:15
and
05:17
I can pick defaults,
05:20
which gives me some reasonable options
05:24
that I can explore. Remember, we talked about the auto mount option. That's that's more the default settings.
05:30
I can also specify. Re only read right
05:33
Prohibit the execution of binaries, which could be good for security reasons.
05:41
I can set up Thea Fall systems also
05:45
be backed up by putting the dump command in this field.
05:49
If I don't want to use the dump command,
05:51
then I can just leave that field as zero.
05:56
Maybe I'm doing my backups with
05:58
third party software, as I mentioned earlier.
06:00
And then we have the last field.
06:03
The last field is the file system check field. So
06:09
if I've got a zero here,
06:11
that means don't perform file system check when the system boots
06:15
Usually this what actions they usually typically it set for
06:20
this valley will be set to one.
06:23
If I am specifying my root file system, you'll notice Currently it's set to zero here.
06:30
That's fine.
06:30
I consented to one. If I want a guarantee that route gets checked upon Buddha
06:36
and then I probably would set it to two. If it's some other file system,
06:41
so too is more appropriate in this case.
06:45
And I'm gonna add my second file system.
06:47
The best would be to
06:49
and this is a mount point called My data too.
06:56
This one is. Looks sorry about that.
07:00
Virtual machines. A little bit sluggish right now, for some reason.
07:03
All right, so except fast is the file system here.
07:06
And
07:09
this one. I want Thio.
07:12
There's a couple things. If I've got a
07:15
user follow system, user mounted false system, we can have some options there. Which I'll talk about it a little bit.
07:21
But maybe I want to make sure this one is mounted. We not f w Sorry about that
07:29
rewriteable.
07:30
And maybe I want to also
07:34
enforce the no exact
07:39
parameter.
07:44
So those are my my characteristics of my data to once I mounted
07:49
and then zero because I'm not dumping it. And two, because it's a
07:54
secondary
07:55
fall system. Oops. It's not part of my operating system, so
08:01
I'm gonna give it a label of two.
08:07
I think right now my file systems are still mounted from a
08:11
previous exercise. They are so I can see my date on my data to there
08:20
Amount those using the you Mount Command,
08:26
because if I change the parameters for the file system, I need a mounted and re mounted
08:31
in order for that thio work correctly.
08:37
Now what I can do to test what I've just created is to reboot the system
08:43
and everything should mount up correctly when I reboot. This is a good test.
08:46
I can certainly amount the file systems manually. But a reboot is a better test because I want to verify that in the future, when the system reboots,
08:54
everything will work as expected.
08:56
So I'm just gonna issue the reboot. Come in quickly.
09:01
I'm gonna go ahead and pause here, since this will take a moment.
09:22
All right, so the reboot has concluded and gonna run my
09:26
discreet comeon.
09:28
And there's much of our systems
09:31
happily mounted as I specified.
09:33
And of course, you can do different tests. You can set this for read. Only try to create a file. You could try to put it behind her program there, try to run it
09:41
to satisfy yourself that those controls actually do work.
09:46
Now let's have a look at
09:50
our next topic,
09:52
which is user multiple false systems.
09:54
Now there are definitely some security considerations to think about.
09:58
Having users being able to mount their own file systems could be a great convenience for the administrator, because they don't have to deal with
10:07
necessarily doing this work for each user individually.
10:09
But we have to make sure that we
10:11
put the right controls in place so that this doesn't become a security risk and
10:18
doesn't cause any kind of potential impact to production.
10:22
So a couple of a default settings to consider
10:26
the no exact setting is by default.
10:31
Now, if I put a the user option in that C. F s tab and I follow it with the exact option than I could override this.
10:41
But that might be important as a default, because typically we don't want users running programs from their own
10:46
personal directories.
10:48
We may not be able to have proper controls in place, and that's bad for security. Overall,
10:54
Another feature to think about is, uh, this is in general, actually, is the no. A time no access time feature,
11:03
whether it's you surmountable or our system operating system Mount Herbal.
11:07
We want to consider using this because if if we don't generate access time information,
11:15
then we can get a little bit better performance. So for
11:18
applications where you've got a lot of files that are being written to regularly in large numbers of files, database applications. Something of that nature.
11:28
This might be an interesting option to consider.
11:31
Then we have the actual commands themselves. You'll notice we see Soo Do
11:37
is a perfect
11:41
command to use in this case
11:43
because I can set up sue commands which allow a user to make their own directory
11:48
like a slash media user one USB.
11:52
The mixture command with the dash P will make all the intermediary directors for you.
11:56
So if any of these directories does not exist, make your best people will create them as needed so I can create a whole directory treat.
12:05
Then we're gonna The user would typically change the ownership of that mount point to their to their own I d. So change ownership to use her one,
12:13
and we make it rewriteable and execute herbal
12:16
for the actual permissions.
12:20
You wouldn't do this for most follow systems when its user amount herbal is probably what you want.
12:26
I could also run the D message command to find my USB device if I'm not sure what it's called.
12:31
But it might be something like we see here, Dev stc one
12:35
so I can just put this this line right here right into my Etsy F s tab.
12:43
So I allow divest E C one to be mounted.
12:46
Actually, home store wouldn't be the right folder here. Will be slash media slash user one slash USB
12:54
and to make a little error there. But
12:56
you get the idea
12:56
I specified. That is User Montel.
13:00
I can specify the you mask which you haven't
13:03
talked about too much yet.
13:05
I'm even specifying a character set that I'd like to to use. The no auto option means that this will not automatically MT
13:13
when I boot, which is probably what we want for a user multiple system because they may not have their media actually attached
13:22
at the time that with the system boots. So in order to avoid errors, no auto safer
13:28
and then we're not gonna mother dumped command. That's why we've got a zero here and we're not gonna force a file system check.
13:35
So once this entries in F s tab, then I can just run the Mount Command
13:39
and
13:41
allow that file system to be accessible to users.
13:46
So just as long as we pay attention to the
13:50
security considerations, this should be a safe thing to dio
13:52
Okay, so we've covered some of the details as the F S tab did a quick little test to make sure that we can see that it works.
14:00
And we also touched on the mount and you mount commands for mounting an amounting file Systems.
14:05
Next, we'll talk about disc quotas. See in the next section. Thank you.

Up Next

CompTIA Linux+

Our self-paced online Linux+ training prepares students with the knowledge to become a certified Linux+ expert, spanning a curriculum that covers Linux maintenance tasks, user assistance and installation and configuration.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor