0 Using mount - bind safely (with rollback) - kevwells.com

Using mount – – bind safely (with rollback)

by

Purpose: Present one reliable pattern for bind-mounting a directory elsewhere, then make it read-only, persist it in /etc/fstab, and roll back cleanly.

1) Basic bind mount

# Example: expose /srv/app/upload at /var/www/app/upload
sudo mkdir -p /var/www/app/upload
sudo mount --bind /srv/app/upload /var/www/app/upload

2) Make it read-only

Bind mounts ignore -o ro on first mount; you must remount:

sudo mount -o remount,bind,ro /var/www/app/upload

3) Persist in /etc/fstab

# <source>              <target>                 type  options         dump pass
/srv/app/upload        /var/www/app/upload       none  bind            0    0
/var/www/app/upload    /var/www/app/upload       none  remount,bind,ro 0    0

Test reload with sudo mount -a. If anything fails, revert the lines and re-run.

4) Rollback

sudo umount /var/www/app/upload
# remove the two fstab lines and run:
sudo mount -a

5) Pitfalls

  • Backups: avoid recursing into both source and target (exclude one of them).
  • Permissions: the target inherits the source; fix ownership on the source, not the target.
  • Use --rbind only when you truly want to include submounts.

Need a review of your webroot layout and bind/overlay use? Request a call.

Security gaps in Linux and cloud systems risk downtime, data compromise, lost business — and compliance failures.

With 20+ years’ experience and active UK Security Check (SC) clearance, I harden Linux and cloud platforms for government, corporate, and academic sectors — ensuring secure, compliant, and resilient infrastructure.

Contact for Contract Assignments

No related posts.