Making immutable mount points with chattr

I am running Duplicati on an Ubuntu server, backing up to a cloud destination as well as a local USB removable drive with mount point “/media/duplicati_a”.

I’m using the alternate-target-path and alternate-destination-marker options with marker files inside each backup directory so that Duplicati can tell if the USB drive is mounted or not before starting.

A recent question here got me wondering what would happen if I pulled or unmounted the USB drive in the middle of a backup operation. Since the mount point is a subdirectory of /, which is a different disk, I wonder if Duplicati would continue to write to /media/duplicati_a (which could in theory fill up my rather small root partition). I don’t know if Duplicati only checks for the marker file at the beginning of the job or before every attempt to upload a file to the destination.

One solution appears to be making the mount point immutable, with “chattr +i /media/duplicati_a”, so that if there’s nothing mounted to that directory, all writes will fail. I’ve tested trying to write to the mount point with nothing mounted and it fails as expected (good), but I haven’t yet tried unmounting the drive in the middle of a backup to see what happens. I thought I’d run this idea by the experts here and see if anyone had any thoughts on this method to ensure nothing can be written to the mount point if the drive isn’t connected? Since chattr +i ensures even root can’t write to the mount point, this seems like good protection.

2 Likes

Interesting idea that sounds like another potential solution for the issue I had where the job would write to the mount point folder if the job started before the USB drive was mounted: