Owner, Permission, Group for /mnt

[Aeloth]

What permissions should the /mnt folder have?? I'm solving one container where I want it to have access to /mnt and I currently have the permissions (see image). And I don't want a security problem.

 

 

 

 

[itimpi]

That looks non-standard so something must be changing it.   It normally has owner and group both as 'root'.  All folders directly under / should have the same permissions in my experience.

 

You could try booting in Safe Mode and checking again.  That would tell you if a plugin is changing it.

[Aeloth]

I don't have the option to run in safe mode at the moment, that won't happen until tomorrow/the day after. However, shouldn't it be a problem to change them now?? chgrp root /mnt && chown root /mnt

 

[Frank1940]

@itimpi and @Aeloth, I do know that Dockers can be setup to run with root privileges.  I did it with binhex-Krusader and the method to do so is posted as a "Recommended Posts' in the support thread.  (I not longer use that Docker container since the introduction of Dynamix File Manager plugin.)   And, of course, it is possible to setup a Docker container to have access to the root of the Unraid file system.  (Doing so should be done only by the actual Administrator of the individual server who realizes the risks involved.   Hopefully, there is not a Docker container being distributed via the Apps plugin that does so without that Administrator's knowledge!  I would class that container as Malware...)

[Aeloth]

The change may have been historical, to me it was a container that is not in Apps but in dockerhub, it is a container that should help with backups using Veeam but I need it to have access to /mnt to be able to backup to unassigned drives. However I was struggling with the container not wanting to mount /mnt, eventually solved by reinstalling the container. But I fixed the permissions on /mnt as they should be and so far no container or plugin has changed it. I hope it's ok now.

 

 

[Frank1940]

27 minutes ago, Aeloth said:

it is a container that should help with backups using Veeam but I need it to have access to /mnt to be able to backup to unassigned drives.

 

Set up the container to run with root privileges.  (If you do so, in the interest of security, I would put a strong password on the container GUI and start-and-stop the container when its use was required.)  Here is the way I once did this:

 

       https://forums.unraid.net/topic/71764-support-binhex-krusader/page/17/#comment-780475

 

Edited February 23 by Frank1940

[Aeloth]

This container doesn't have any GUI, if you want to look at it, it's pk1057/veeam12 on DockerHub. I have Root Privileges set, I have strong passwords there too, hopefully that will be enough, the container will only work on a local network in a home environment.

 

[Aeloth]

Is it possible to use permissions like this in a container?? PUID=99 PGID=100

I don't really understand this yet.

[Frank1940]

2 minutes ago, Aeloth said:

Is it possible to use permissions like this in a container?? PUID=99 PGID=100

I don't really understand this yet.

 

Yes those variables are the 'numbers' for nobody (=99)  and users group (=100).  This should allow to do anything you want to the resources under /mnt  

 

It is not the container that is the only security problem.  It is the fact that now all of the members of the  users  group now have access back to the root of the file system as well as the anonymous user--  nobody.  This is called an "elevation of privileges" in security language.  Some of us run our Unraid servers in a secured environment so this is not a big security issue unless one of the client computers is compromised.