Fuse packages now with use fuse-group and suid binary (Was: RFC: fuse packages)
Jeremy Katz
katzj at redhat.com
Mon Nov 7 15:39:05 UTC 2005
On Fri, 2005-11-04 at 20:00 +0100, Thorsten Leemhuis wrote:
> Am Donnerstag, den 03.11.2005, 10:36 -0500 schrieb Jeremy Katz:
> > On Wed, 2005-11-02 at 21:10 +0100, Thorsten Leemhuis wrote:
> > > Am Samstag, den 29.10.2005, 14:32 -0400 schrieb Jeremy Katz:
> > > > Why does fusermount need to be suid?
> > > AFAICS we have three solutions:
> > >
> > > 1) do it as upstream does (suid root)
> > > 2) create a fusemount group -- only members of that group are allowed to
> > > mount fuse-filesystems that are not in /etc/fstab
> > > 3) only allow fuse for things listed in /etc/fstab
> > >
> > > I tent to do 3) and can also live with 2) (if that's possible -- I
> > > suppose it is but did not try yet). I don't like 1).
> >
> > The more I think about it, the more I think that the third is really the
> > only "reasonable" solution for now.
>
> I did not get solution 3 to work correctly. So I chose solution 2 (this
> is also the scheme that is used by debian afaics). See:
How does it fail? I really don't like the idea of fuse being different
from every other thing that's shipped :/
Jeremy
More information about the fedora-extras-list
mailing list