Mounting drives on a server for Posit Team

Overview

Workbench and Connect will work with the underlying linux system to make resources available to users. This includes things like mounted drives.

Neither Workbench nor Connect natively mount drives, this isn’t done through a config. Drive mounts are done through linux operations.

NFS

Typically we see this looking like

1. Create a local directory
2. mount -t nfs -o optionshere sharehost:sharepath

The important bit would be to set permissions with chown, chmod, and maybe facl for either the rstudio-connect user, or the alternate user they choose, for example something like:

sudo chown user:group /folder
chmod 764 /folder

Change the code (764) for what the folder is being locked down to in order to prevent other users from being able to access it. Those lines will make that user the owner of the folder, and then chmod 764 should give only the owner access. But I recommend referencing your linux team.

It can also involve fstab or AutoFS.

Some specific situations may have some complexity: specific formats, cloud situations, or verifying NFS export options, but in general the mounting process is much simpler than installing the posit products and configuring them and is the same as what would be done on any linux server.

If running in kubernetes then the mount needs to be added to each job pod and it gets more complicated.

SMB/CIFS

For SMB/CIFS this could look like mounting via PAM, discussed here: https://support.posit.co/hc/en-us/articles/360044190234-How-to-mount-a-Windows-SMB-CIFS-share-via-PAM

Alternatively, the SMB/CIFS could be mounted directly with cifs-utils using a service account if traceability or access controls aren’t needed with sudo mount -t cifs -o username=<user>,password=<password> //<server>/<share> /mnt/<mountpoint>.

Multiprotocol NAS is another option for a more enterprise solution.

Copying a project from one users home directory to another

Reference: https://support.posit.co/hc/en-us/articles/12959116352663-Transferring-project-ownership-in-Posit-Workbench

This will recursively copy the project from user1’s home directory to user2’s home directory

`sudo cp -R /home/user1/project /home/user2/``

And this will change the owner recursively to user2

sudo chown -R user2:user2 /home/user2/project

Permissions

When mounting on the server it will need the appropriate permissions so that users are able to access the contents of the drive.

For example for content running on Posit Connect the rstudio-connect user will need access to the drive, for example via chmod 644. Alternatively the drive could be mapped so that an alternate linux user has access and a user with admin access through the Connect UI can set the runAs user to the selected linux user. This will provide more security around protecting the files that are mounted.

Logging user actions

For customers wanting to log user actions on NFS shares that is done through linux admin utilities, like auditd.

Alternatively kerberized NFS shares can be used for centralized logging/auditing but is significantly more admin overhead.

Failures

Checking mounted drives and noexec option

Check if /home on the server, or is it a network mount (NFS or CIFS). In NFS, for example, there can be the use of access control lists which can impact permissions. Similarly, when working in a system that has a mounted share drive then would want to check that libraries are being written to that share so you get persistence. Typically this means writing to inside the home directory. Check mounted drives with: df -h

Check /etc/fstab to see if the home directories are mounted with noexec

For example, this shows that the home directories were mounted with noexec: /dev/mapper/rhel-home /home xfs defaults,noexec,nosuid,nodev 0 0

This resulted in this error message:

library(stringi)Error: package or namespace load failed for 'stringi' in dyn.load(file, DLLpath = DLLpath, ...):
unable to load shared object '/home/username/x86_64-pc-linux-gnu-library/4.3/stringi/libs/stringi.so':
  /home/username/R/x86_64-pc-linux-gnu-library/4.3/stringi/libs/stringi.so: failed to map segment from shared object

Resources

A linux based forum like serverfault can be useful for getting more answers for linux topics like this.

• https://www.golinuxcloud.com/linux-mount-nfs/
• https://planetscale.com/blog/io-devices-and-latency#storage-in-the-cloud
• https://solutions.posit.co/admin-training/courses/workbench/04_datasources.html#smbcifs
• Really interesting community post with script for automounting windows shares: https://community.rstudio.com/t/active-directory-ad-permissions-and-file-share-mounting-for-rsp/5427/5
• Example for mounting a drive: https://superuser.com/questions/134734/how-to-mount-a-drive-from-terminal-in-ubuntu