RFC: fuse packages
Thorsten Leemhuis
fedora at leemhuis.info
Wed Nov 2 20:10:16 UTC 2005
Am Samstag, den 29.10.2005, 14:32 -0400 schrieb Jeremy Katz:
> On Sat, 2005-10-29 at 19:36 +0200, Thorsten Leemhuis wrote:
> I'd do one of the following:
>[...]
> b) Put the utilities in the fuse package, libs in -libs. There are a
> number of packages at least in Core which go this route
Done.
> > - where store the Docs?
All docs in fuse now, only COPYING.lib in %doc of fuse-libs
> > - should the devel package named fuse-libs-devel or fuse-devel?
> fuse-devel is the normal pattern
Changed.
> > - fuse installs %{_bindir}/fusermount with 4755 -- do we allow that in
> > extras? And should we add a group "fuse" and allow only members of that
> > group access to fuse?
>
> Why does fusermount need to be suid? None of the other mount "helpers"
> for things like cifs or smb are. They get invoked by mount which is
> suid and does checking to see if the user should be able to do the mount
> they're asking for.
This can work this way with fuse, too -- I just tried it with an updated
version of my package.
But Fuse explicitly wants to allow the user to mount things that are not
configured in /etc/fstab. I don't really like this but it seems to be
one of the fuse design goals (AFAICS).
In the default install every user can mount a fuse-filesystem -- e.g.
with sshfs mount each and every machine that can be reached by the user
via ssh. That's IMHO to lax.
AFAICS we have three solutions:
1) do it as upstream does (suid root)
2) create a fusemount group -- only members of that group are allowed to
mount fuse-filesystems that are not in /etc/fstab
3) only allow fuse for things listed in /etc/fstab
I tent to do 3) and can also live with 2) (if that's possible -- I
suppose it is but did not try yet). I don't like 1).
Other opinions?
> > - Fuse needs a device file /dev/fuse [...]
> You probably want to add a fuse file to /etc/udev/makedev.d
I new I was missing something. Thanks jeremy, works fine afaics.
--
Thorsten Leemhuis <fedora at leemhuis.info>
More information about the fedora-extras-list
mailing list