Let’s Talk File (#6) – Hiding the .etc and lost+found Directories
Mon, 22 Jul 2024 20:45:35 -0000
|Read Time: 0 minutes
Introduction
A PowerStore file system includes two directories located at the root of the file system named .etc and lost+found. They are used to store configuration files and fsck (file system check) recovery files, respectively. The .etc directory is hidden while the lost+found directory is not. These directories are reserved for system use and are not intended to store user data. If a user connects to an SMB share or NFS export created on the root of the file system, they can see these directories from their client.
Figure 1. The .etc and lost+found directories on an SMB share
Some administrators prefer not to expose these directories to their end users. This has several benefits such as:
- Prevents these system directories from being accidentally modified or deleted
- Prevents users from storing their user files in these system directories
- Allows users to start with an empty directory structure
This blog will walk you through how to accomplish this.
How it’s done
Because the .etc and lost+found directories are located in the root of the file system, they can only be accessed if an SMB share or NFS export is created on the root of the file system. To prevent access to the root of the file system, administrators can create a share or export on a subdirectory instead.
Figure 2. Directory structure used to hide .etc and lost+found directories
In this example, a share or export can be created on /fs/share1 instead of /fs/ (file system root). When connecting to a share or export that is located on a subdirectory that is under the root of the file system, users can only see the contents of that subdirectory. They cannot navigate to or view any of the contents above it, which includes the .etc and lost+found folders. This method can be used to prevent user access to these directories.
Share/export provisioning
You can only create an SMB share or NFS export on a subdirectory that already exists. If the subdirectory does not exist, the share or export creation fails because the path is not available.
When provisioning a new file system, create the initial SMB share or NFS export on the root of the file system. This is temporary and only used for a client to access the file system and create the subdirectory. In this example, we use SMB shares but the process is the same for NFS exports.
Figure 3. Creating the initial SMB share
When the initial share on the root of the file system is created, map/mount the share/export on a client and then create the subdirectory.
Figure 4. Creating a subdirectory under the root of the file system on an SMB share
After you’ve created the subdirectory, unmap/unmount the share/export from the client and delete the original share/export.
Figure 5. Deleting the initial SMB share
After you’ve deleted the temporary share or export, you can create a new share/export using the subdirectory. In the Local Path field, ensure that you enter the correct path to the subdirectory. As a reminder, all directories in the path must exist.
Figure 6. Creating the new SMB share on the subdirectory
After you’ve created the new share/export, map/mount the share/export on a client. Confirm that it is an empty directory and that the .etc and lost+found directories are not displayed.
Figure 7. Mapping the new SMB share created on the subdirectory
Conclusion
In this blog, we covered the benefits of preventing user access to the .etc and lost+found folders. We also walked through how easy it is to configure your SMB shares and NFS exports on a PowerStore system to facilitate this. This is an effective method to ensure that system directories are not tampered with and provides a cleaner experience for end users.
Resources
Author: Wei Chen, Technical Staff, Engineering Technologist
Interested in reading more from this author? Check out Wei Chen on the Info Hub.