How to create a read-only link to a directory?

One of my scripts dynamically creates a symlink like so:

ln -s /home/hosting/projects/images /home/hosting/projects/demo/images

How can I make it so that the access through link is read-only?


Solution 1:

You can create a read-only bind-mount.

mount --bind /path/to/source/ /path/to/dest/
mount -o bind,remount,ro /path/to/dest

Yes, this must be done in two steps in kernels after Linux kernels 2.6.25 (see the link above for why).

Or, alternatively, as an /etc/fstab line example ref:

/path/to/source/ /path/to/dest/ none bind,ro

In either approach, a bind mount lives in the Virtual Filesystem layer (VFS), so this it's not specific to any filesystem, nor do you really 'mount' anything. So, basically, this is creating a sort of symbolic link for you, but this doesn't show up as such.

And to reply on the comment below on data loss... no, these instructions do not remove any files. In case you have files present on the destination path, this mount will lay over this. Just unmount to be able to list your files in the path on the filesystem underneath. Even better; in general, avoid mounting on top of an non-empty destination path.

Solution 2:

to mount bind readonly with one command:

mount --bind -r /path/to/source/ /path/to/dest/

to unmount

umount /path/to/dest/