Ask Your Question

Mount Point Permissions

asked 2016-12-21 09:04:16 -0500

puser gravatar image

updated 2016-12-27 16:46:01 -0500

Stefan gravatar image

I am having a very frustrating problem with mounting.

Mounting requires a directory to exist. So I create a directory

file { '/app':
  ensure => directory,
  mode   => '0755',

Now I mount the logical filesytem to the directory

mount { '/app':
  ensure  => mounted,
  device  => "/dev/${lv_attribute[vg]}/${lv_attribute[name]}",
  options => defaults,
  dump    => $dump,
  pass    => $pass,
  fstype  => $fs_type,

So far so good. The problem I now have is I have a directory with permissions 755 and a mount with permissions ??? (default). Probably the umask of root. How do I set the permissions of the mount after the fact? I have already set the mode on the File so I can't call it twice. The only thing I have come up with is to have it run twice, but then the directory will match the permissions of the mount which is NOT what I want.

Has anyone encountered this yet or come up with a solution? I basically want a directory with xxx permissions and a mount on that directory with yyy permissions.

Is the mount is ever removed for whatever reason then I will have a directory with yyy permissions.

edit retag flag offensive close merge delete


You do not you suffer from `systemd`, do you? (`ls -l /sbin/init`) If you do, have a look at `systemd.mount(5)`

Kai Burghardt gravatar imageKai Burghardt ( 2016-12-21 15:15:52 -0500 )edit

2 Answers

Sort by » oldest newest most voted

answered 2016-12-28 15:52:33 -0500

Some tweaks to stivesso's answer:

  1. You're doing a chown(1) to the user with the ID 755. You wanna do a chmod(1).
  2. And /bin/mkdir -m 0755 /app (mkdir(1) has a “mode” parameter), unless your exec provider is 'shell' and you want to separate the chmod(1).
  3. There's also a umask attribute.
  4. defaults (as the mount option) should be clearly marked as a string.
  5. You wanna use resource references to read resource attributes.

Eventually you'd end up with:

$_foo = '/app'

$_cmd = @("EOT"/L)
  /bin/mkdir -v -m 0755 ${Mount[$_foo]['name']} && \
  /bin/chown -v username:groupname ${Mount[$_foo]['name']}

exec { $_foo:
  command  => $_cmd,
  creates  => Mount[$_foo]['name'],
  provider => 'shell',
  before   => Mount[$_foo],

mount { $_foo:
  ensure  => 'mounted',
  device  => "/dev/${lvattribute[vg]}/${lvattribute[name]}",
  fstype  => 'auto', # or whatever fstype it is
  options => 'defaults',
  dump    => 0, # 0 = do not dump
  pass    => 0, # 0 = do not do fsck

file { $_foo: 
  ensure  => 'directory', 
  mode    => '0644',
  require => Mount['/app'],
  • Added -v verbose flag to mkdir/chown, because I want to have everything (not just the errmsg) in the logs, if something went wrong.
  • Separated the command into a heredoc-variable, because I want long lines to be split up, and unfortunately heredocs don't work for resource definitions.
edit flag offensive delete link more



Greeeaaat (I'm still wondering how I missed the chown-chmod :-) Thanks)

stivesso gravatar imagestivesso ( 2016-12-28 22:48:02 -0500 )edit

answered 2016-12-21 11:40:32 -0500

stivesso gravatar image

updated 2016-12-28 22:40:06 -0500

It is indeed a tricky situation, because you can change ownership of the filesystem directory system by using chown (exec) on the filesystem's mount point. But during the next puppet run it will change it again to 0755 and then chown will rewrite...

Anyway, my suggestion is to do it exactly as you'd be doing manually on System. Meaning, first, create the directory (using exec - mkdir) and give it the appropriate permission (unless it exists already). Then, mount the filesystem accordingly after the directory was created and finally set that directory permission. (See the metaparameters (before and require) added for exec and mount to control that ordering... Making sure that Filesystem permission is only applied after the mount)

Turning to Puppet, that will be something like:

    exec {'create_folder':
      command => 'mkdir /app && chmod 755 /app',
      unless      => 'test -d /app',
      path         => '/usr/bin:/usr/sbin:/bin',
      before      => Mount["/app"],

    mount { "/app": 
      ensure   => 'mounted',
      device   => "/dev/${lvattribute[vg]}/${lvattribute[name]}",
      options => defaults,
      dump    => $dump,
      pass      => $pass,
      fstype   => $fs_type,

  file { "/app": 
    ensure   => "directory", 
    mode     => "644", # or the one you want for the FS - YYY 
    require  => Mount[ "/app"],
edit flag offensive delete link more


the command (single apersand) seems odd. I'd go with a single '/bin/mkdir -m 0755 /app'. Instead of the `unless` it is easier to simply specify `creates => '/app'`

Stefan gravatar imageStefan ( 2016-12-27 16:47:52 -0500 )edit

Oops my mistake, it was in facts &&... corrected now, thanks

stivesso gravatar imagestivesso ( 2016-12-27 18:39:40 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-12-21 09:04:16 -0500

Seen: 131 times

Last updated: Dec 28 '16