1

For example, I want to redirect the directory /data between users. When user1 access /data, it accesses /data1 actually. When user2 access /data, he accesses /data2 actually.

What technology should I use? cgroups? unionfs? others? I'm sorry I'm a newbie.

More advanced, redirection between processes. process1 accesses /data1 as /data , process2 accesses /data2 as /data . How can I do that?

jackyyy
  • 11
  • 4

3 Answers3

1

There are Linux filesystem namespaces that can do what you want. You would create a new namespace and mount /data inside it as a bind mount to the real /data1 or /data2.

However, this is kind of tricky to do right now, as far as I know, and needs a lot of tooling that most Linux distros may not be using.

Most Unix software uses environment variables to find their data directories. In something like this, you'd have 

export JACKSPROGRAMDATA=/data1

in the user's $HOME/.profile (or .bash_profile), and jacksprogram would use getenv(JACKSPROGRAMDATA) to read the value.

Zan Lynx
  • 53,022
  • 10
  • 79
  • 131
  • Sorry, /data is just an example here, it may be an important directory and hard-coded in most applications – jackyyy Jul 20 '15 at 23:44
  • @jackyyy: Then it sounds like you do want namespaces. Actually using them isn't too bad. But getting each user that logs in into their own and setting up the mounts might be. – Zan Lynx Jul 20 '15 at 23:47
0

In Linux, you can use bind mounts to map directory or file to another path, and per-process mount namespaces to do it for specific process.

Bind mounts are implemented in -o bind option of mount. Mount namespace can be employed e.g. using unshare tool which is part of util-linux package.

See examples in this answer.

Community
  • 1
  • 1
gavv
  • 4,649
  • 1
  • 23
  • 40
0

Mount namespaces allow to setup a different view of the filesystem private to all processes run within that namespace. You can then use mount --bind within that namespace to map directories.

For example, on user login you can create a namespace dedicated to that user. Within that namespace, you can use mount --bind to mount the directory /opt/data/$USER on top of data. You can then run the user shell in that namespace. For that shell and any other process started within that shell, any read or write in /data/ will end up reading and writing from /opt/data/$USER instead.

To automate the setup, you can use the pam_namespace pam module. A configuration file /etc/security/namespace.conf similar to this:

/data     /opt/data/$USER               level      root,adm

could be all you need to make this work.

Alternatively, you could use an utility like faketree to do this interactively from the shell or in your CI/CD pipelines:

faketree --mount /opt/data/$USER:/data -- /bin/bash

(does not require root, uses namespaces)

You can read more about faketree in the main repository for the tool or in this blog post.

rabexc
  • 571
  • 4
  • 11