Head Up: Prepare for dropping fuse group in the nearest future

Alexander Larsson alexl at redhat.com
Thu Feb 7 09:51:01 UTC 2008

On Wed, 2008-02-06 at 23:03 -0500, Warren Togami wrote:
> Peter Lemenkov wrote:
> > Hello All!
> > 
> > Due to landing of upcoming Gnome release in Fedora 9 I decided to drop
> > fuse group.
> > 
> > The main reason is that future Gnome VFS will use fuse as a backend,
> > and we wil be forced to add all users into fuse group (if we allow
> > them to use Gnome VFS) what will made the existence of fuse group
> > useless..
> > 
> > Any objections?
> Is it really necessary to drop the fuse group for GNOME to do what it 
> wants to do?  Sounds like it wont be.

Removing the fuse group is not the only possibility. We can instead add
all users to the fuse group, or put up a dialog on login saying your
setup is broken and that you need to be added to the fuse groups. But
these are just ways of working around the problem introduced by Fedora
with the fuse group, and make our distribution look schizo and broken.

Fedora fears that fuse has a security problem, so instead of being
willing to fix this we forbid users not in the fuse group to use it.
Now, Gnome (and many other things) start using fuse because it lets you
implement very desireable features. 

The result of this is either:
a) Fedora users don't get these desireable features
b) Most users will eventually get added to the fuse group, after much
grinding of teeth and searching in forums for why things are not

In case b, we're still not safe from any possible security problems with
fuse, all we've done is punched our users in the face. If we think the
security problems with fuse are so great that we prefer a) then a better
approach would be to not ship it or not install it. Using a group for
fuse access is just false security.

More information about the fedora-devel-list mailing list