This answer works on Debian (tested on lenny and squeeze). After investigation, it seems to work only thanks to a Debian patch; users of other distributions such as Ubuntu may be out of luck.
You can use mount --bind
. Mount the “real” filesystem under a directory that's not publicly accessible. Make a read-only bind mount that's more widely accessible. Make a read-write bind mount for the part you want to expose with read-write access.
mkdir /media/hidden /media/hidden/sdz99
chmod 700 /media/hidden
mount /dev/sdz99 /media/hidden/sdz99
mount -o bind,ro /media/hidden/sdz99/world-readable /media/world-readable
mount -o bind /media/hidden/sdz99/world-writable /media/world-writable
In your use case, I think you can do:
mkdir /var/smb/hidden
mv /var/smb/snapshot /var/smb/hidden
mkdir /var/smb/snapshot
chmod 700 /var/smb/hidden
chmod 755 /var/smb/hidden/snapshot
mount -o bind,ro /var/smb/hidden/snapshot /var/smb/hidden/snapshot
I.e. put the real snapshot
directory under a restricted directory, but give snapshot
read permissions for everyone. It won't be directly accessible because its parent has restricted access. Bind-mount it read-only in an accessible location, so that everyone can read it through that path.
(Read-only bind mounts only became possible several years after bind mounts were introduced, so you might remember a time when they didn't work. I don't know offhand since when they work, but they already worked in Debian lenny (i.e. now oldstable).)
For those people viewing this more recently, I've written a small FUSE filesystem called HomeFS that forwards calls to a directory relative to the calling users' home directories.
That is, if you have a user Tyler and a user Sarah with a HomeFS mountpoint at /usr/share/bigsoft/config
and a relative directory of .config/bigsoft
, when Tyler does ls /usr/share/bigsoft
he will see the contents of /home/tyler/.config/bigsoft
and Sarah will see the contents of /home/sarah/.config/bigsoft
.
Primarily, this is to work around proprietary software which insists its variable files be in some 'install directory', like how some Windows software tends to work.
Best Answer
The right to access a serial port is determined by the permissions of the device file (e.g.
/dev/ttyS0
). So all you need to do is either arrange for the device to be owned by you, or (better) put yourself in the group that owns the device, or (if Fedora supports it, which I think it does) arrange for the device to belong to the user who's logged in on the console.For example, on my system (not Fedora),
/dev/ttyS0
is owned by the userroot
and the groupdialout
, so to be able to acesss the serial device, I would add myself to thedialout
group: