4

Usecase:

I have a lot of production data and copying it for dev purposes would be unreal. I was thinking that OverlayFS could be a solution until a problem with permissions arised.

Let's assume i have following folder structure:

  • /data/prod - production data (files+subfolders) owned by prod:prod having 664
  • /data/prod-overlay/dev1/{overlay,upper,lower} - data for developers (user dev1:dev1 in this case)

Dev users can read prod data but not modify.

My question is:

Is it possible to make files in /data/overlayfs/developer1/overlay writable even when permissions of original files do not allow it? Or is there any other (simple) way to achieve such behaviour while keeping prod data read-only for dev users?

For example:

There is a file /data/prod/subfolder/file (prod:prod, 664) and user dev1 wants to remove or change /data/prod-overlay/dev1/overlay/subfolder/file.

Note: dev1 can remove file /data/prod-overlay/dev1/overlay/file (with rm -f) probably because he is the owner of the overlay folder.

Improve this question

1 Answer 1

Reset to default
5

Finally found the answer for my question. 🎉

The solution is to use overlayfs in combination with bindfs that allows mount one folder as another folder with different perms/owner/etc.

# sudo bindfs --map=origOwner/newOwner:@origGroup/@newGroup /srcFolder /dstMountpoint mkdir /data/prod-overlay/dev1/prod # mountpoint sudo bindfs --map=prod/dev1:@prod/@dev1 /data/prod-overlay/dev1/overlay /data/prod-overlay/dev1/prod
Improve this answer
1
  • Is there a way to do it without bindfs? Bindfs is a FUSE filesystem and is not as performant as using overlayfs, plus it's an extra dependency which I would like to avoid. Commented Apr 15 at 19:58

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.