How can I quickly detect files that are shadowed by a mounted filesystem

Solution 1:

In the future, you can run chattr +i /mountpoint (with the mount unmounted). This changes the mount point's directory to immutable. The result is that you'd error-out on new write activity. It protects the mount point in other situations as well.

Solution 2:

Ophir,

I don't know how to achieve what you are asking for, but I do have advice for you :)

When you are preparing a mount point set its permissions to the strictest possible mask. Mount your filesystem to the mount point and set permissions on the mount point (with mounted filesystem) to the desired set. Let me illustrate:

# mkdir -m0 /mnt/mountpoint
# mount -t ext4 /dev/sdb1 /mnt/mountpoint
# chown -h user:group /mnt/mountpoint
# chmod 0750 /mnt/mountpoint

The thing is that a filesystem preserves owner/permission information, so each time you mount that filesystem your mount point will inherit owner/group/permissions from the mounted filesystem.

This trick may help you to protect and easily detect when the filesystem is not mounted. If your application is running under root, it would be able to write to a directory with permissions set to 000, but this is a good check (to check for mount point's permissions) to realise that we are writing to the wrong place.

I hope this will help.

P.S. @ewwhite has provided a better option of protecting the mount point with 'chattr +i' than setting it to 'chmod 0'.