Fuse packages now with use fuse-group and suid binary (Was: RFC: fuse packages)
Thorsten Leemhuis
fedora at leemhuis.info
Mon Nov 7 19:00:42 UTC 2005
Am Montag, den 07.11.2005, 10:39 -0500 schrieb Jeremy Katz:
> On Fri, 2005-11-04 at 20:00 +0100, Thorsten Leemhuis wrote:
> > Am Donnerstag, den 03.11.2005, 10:36 -0500 schrieb Jeremy Katz:
> > > On Wed, 2005-11-02 at 21:10 +0100, Thorsten Leemhuis wrote:
> > > > Am Samstag, den 29.10.2005, 14:32 -0400 schrieb Jeremy Katz:
> > > > > Why does fusermount need to be suid?
> > > > AFAICS we have three solutions:
> > > >
> > > > 1) do it as upstream does (suid root)
> > > > 2) create a fusemount group -- only members of that group are allowed to
> > > > mount fuse-filesystems that are not in /etc/fstab
> > > > 3) only allow fuse for things listed in /etc/fstab
> > > >
> > > > I tent to do 3) and can also live with 2) (if that's possible -- I
> > > > suppose it is but did not try yet). I don't like 1).
> > >
> > > The more I think about it, the more I think that the third is really the
> > > only "reasonable" solution for now.
> >
> > I did not get solution 3 to work correctly. So I chose solution 2 (this
> > is also the scheme that is used by debian afaics). See:
>
> How does it fail?
Try this:
download and recompile
http://www.leemhuis.info/files/fedorarpms/SRPMS.fdr/fuse-2.4.1-2.src.rpm
install fuse, fuse-libs and fuse-devel and recompile
http://www.leemhuis.info/files/fedorarpms/SRPMS.fdr/fuse-sshfs-1.2-2.src.rpm
Add something like this to your /etc/fstab:
sshfs#thl at somemachine: /home/thl/test fuse defaults,user
And add yourself to the fuse-group
$ usermod -a -G fuse $USER
$ ssh localhost #or relogin
Try it:
$ mount /home/thl/test
$ ls /home/thl/test
[...]
$ umount /home/thl/test
Works! Okay, now without suid:
$ exit
$ sudo chmod 0755 /usr/bin/fusermount
$ sudo chmod 0666 /dev/fuse
$ mount /home/thl/test
fusermount: mount failed: Operation not permitted
$ sudo mount /home/thl/test
[asks for password -- did not to that before -- seems sshfs runs at root
now and does not look in /home/thl/.ssh/ for my private key]
$ ls -l /home/thl/test
ls: x: Permission denied
$ ls -l /home/thl
[...]
?--------- ? ? ? ? ? test
$ sudo ls -ld /home/thl/test
drwx------ 1 thl thl 4096 7. Nov 19:47 x
Anything I did wrong? I'm open for suggestions.
BTW, the above leaves two other things aside:
- module autoloading does also not work without suid root
- is 0666 for /dev/fuse secure?
> I really don't like the idea of fuse being different
> from every other thing that's shipped :/
Me neither -- but if we don't a a fuse group a lot of people will simply
to "chmod 4755 /usr/bin/fusermount" to allow what fuse is designed for
(afaics). This that is much worse than adding the fuse-group (imho).
--
Thorsten Leemhuis <fedora at leemhuis.info>
More information about the fedora-extras-list
mailing list