"Readally" is a portmanteau combining "read-only" and "read all".
Similar to bindfs, Readally is a FUSE FileSystem that exposes an altered version of a given directory (aka "the original directory").
Specifically, Readally makes it:
- 100% read-only: any attempt to write or change anything is met with errno 30, i.e.
EROFS: Read-only file system
; - 100% readable: although each file retains its original owner, group and mode, any file can still be read by any user -- essentially, standard Unix permissions are ignored.
Unprivileged backup is one possible use case: the process that backs up your data no longer needs to run as root to read the entirety of a given filesystem.
Solutions like bindfs or ID-mapped mounts also allow this but they alter perceived file ownership, which is not always desirable.
Anything that alters file ownership and/or the behaviour of Unix permissions is dangerous. From this perspective, Readally is as dangerous as bindfs or ID-mapped mounts.
Consequently, these solutions should be used with caution. A typical approach is to protect the mountpoint's parent directory with regular Unix permissions reflecting who is allowed to access the dataset exposed through Readally.
Example:
drwxr-xr-x root root /
drwxr-xr-x root root mnt
dr-x------ backup root only_backup_shall_pass
drwx------ root root readally_mountpoint
-rw------- root root actual_data
Similar to find's -xdev
and du's -x, --one-file-system
, this option makes Readally ignore any file related to a filesystem other than the one holding the original directory.
Default value: disabled.
This option makes Readally ignore a given list of filetypes.
Here, filetypes are neither file extensions nor MIME types but rather find
-like file types:
Filetypes you likely want to keep:
f
: regular filesl
: symbolic links
Filetypes you likely want to ignore:
b
: block devicesc
: character devicesp
: named pipes / FIFOss
: sockets
Alien filetypes:
D
: Solaris DoorsP
: Solaris event portsW
: whiteouts?
: unknown
Default value: bcpsDPW?
i.e. by default Readally exposes only directories, regular files and symbolic links.
- Python with fusepy
readally [-o OPTIONS] [--foreground] /original/directory /mount/point
fstab syntax:
/original/directory /mount/point fuse.readally banned-types=DPW?,one-file-system 0 0