Fuse packages now with use fuse-group and suid binary (Was: RFC: fuse packages)
Jeremy Katz
katzj at redhat.com
Tue Nov 8 04:02:09 UTC 2005
On Mon, 2005-11-07 at 20:00 +0100, Thorsten Leemhuis wrote:
> $ mount /home/thl/test
> fusermount: mount failed: Operation not permitted
[snip]
> Anything I did wrong? I'm open for suggestions.
Hmmm, looking closer at the smbfs stuff, it seems that it works the same
way :(
[katzj at bree samba]$ mount /home/katzj/samba
Password:
Anonymous login successful
smbmnt must be installed suid root for direct user mounts (500,500)
smbmnt failed: 1
Going to look at the mount code, it seems that it drops privileges
before calling helper programs for security reasons. This goes back a
long time...
> > I really don't like the idea of fuse being different
> > from every other thing that's shipped :/
>
> Me neither -- but if we don't a a fuse group a lot of people will simply
> to "chmod 4755 /usr/bin/fusermount" to allow what fuse is designed for
> (afaics). This that is much worse than adding the fuse-group (imho).
This is the approach taken for, eg, samba. So I'd lean towards sticking
with it. To be honest, users probably don't really care about mounting
and are just as well off using gnome-vfs or kio stuff depending on their
desktop environment.
Jeremy
More information about the fedora-extras-list
mailing list