Permissions on /dev/fuse

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Permissions on /dev/fuse

Franco Broi
Hi

Just built the latest kernel (2.6.13.1) with fuse version 2.4.0-pre2 but
I can only start my filesystems as root.

I checked the permissions on fusermount and it's setuid root.
/dev/fuse was 660 so I changed /dev/fuse to 666 and it now works but
this doesn't seem right.

I've not built FUSE for a while so I might have missed something.

Thanks
Franco



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

Miklos Szeredi
> Just built the latest kernel (2.6.13.1) with fuse version 2.4.0-pre2 but
> I can only start my filesystems as root.
>
> I checked the permissions on fusermount and it's setuid root.
> /dev/fuse was 660 so I changed /dev/fuse to 666 and it now works but
> this doesn't seem right.

Hmm, it used to work differently, but IMO it's more logical this way.

The sysadmin can control mounting of FUSE filesystems via permissions
on /dev/fuse.

It can be controlled via permissions on fusermount as well, but the
long term goal is to make unprivileged mounting possible, and then
fusermount won't be needed anymore.

The other thing why this is needed, is because now the kernel can
autoload the fuse module when /dev/fuse is opened.  So it's better if
the user can't trigger this autoloading by calling fusermount, unless
the sysadmin sets the proper permissions on /dev/fuse.

Miklos



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

Franco Broi

>
> The other thing why this is needed, is because now the kernel can
> autoload the fuse module when /dev/fuse is opened.  So it's better if
> the user can't trigger this autoloading by calling fusermount, unless
> the sysadmin sets the proper permissions on /dev/fuse.

But the device file doesn't exist until you run modprobe?

I'm not very familiar with the workings of udev, do you know what I need
to change to have the device file appear each time I reboot?



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

Miklos Szeredi
> > The other thing why this is needed, is because now the kernel can
> > autoload the fuse module when /dev/fuse is opened.  So it's better if
> > the user can't trigger this autoloading by calling fusermount, unless
> > the sysadmin sets the proper permissions on /dev/fuse.
>
> But the device file doesn't exist until you run modprobe?

Catch 22 :)

> I'm not very familiar with the workings of udev, do you know what I need
> to change to have the device file appear each time I reboot?

Try adding fuse to /etc/modules.

Miklos


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

jens m. noedler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Miklos Szeredi wrote at 09/13/2005 09:52 AM:

I also got 660 permissions for /dev/fuse with -pre2 and Debian Sarge.
The same is true for 2.6.14-rc1.

>> I'm not very familiar with the workings of udev, do you know what
>> I need to change to have the device file appear each time I
>> reboot?
>
> Try adding fuse to /etc/modules.

Results in 660 for /dev/fuse. Maybe udev can be configured to set 666
permissions for this device, but I think 666 as default would be nice
for a userspace filesystem. :-)

Greetings, Jens

- --
jens m. noedler
  [hidden email]
  pgp: 0x9f0920bb
  http://noedler.de

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDKGZOBoFc9p8JILsRAjYqAJ9bAe8zZ0cDJOmwbLz4vVM1JYcSTACfS0Sh
flADJL8sp4Zw9XWBgAkO0lY=
=/O5+
-----END PGP SIGNATURE-----



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

Miklos Szeredi
> I also got 660 permissions for /dev/fuse with -pre2 and Debian Sarge.
> The same is true for 2.6.14-rc1.
>
> >> I'm not very familiar with the workings of udev, do you know what
> >> I need to change to have the device file appear each time I
> >> reboot?
> >
> > Try adding fuse to /etc/modules.
>
> Results in 660 for /dev/fuse. Maybe udev can be configured to set 666
> permissions for this device, but I think 666 as default would be nice
> for a userspace filesystem. :-)

Yes, but if you use udev, it's a udev config issue.  Do you know how
to configure udev to have different default permissions for a device?

Thanks,
Miklos


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

jens m. noedler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo,

Miklos Szeredi schrieb am 09/15/2005 12:18 PM:

>>Results in 660 for /dev/fuse. Maybe udev can be configured to set 666
>>permissions for this device, but I think 666 as default would be nice
>>for a userspace filesystem. :-)
>
> Yes, but if you use udev, it's a udev config issue.  Do you know how
> to configure udev to have different default permissions for a device?

Add 'KERNEL="fuse", MODE="0666"' to '/etc/udev/permissions.rules' and
restart udev. But with udev and FUSE 2.3 it was 0666 by default...

Bye, Jens

- --
jens m. noedler
  [hidden email]
  pgp: 0x9f0920bb
  http://noedler.de

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDKVz5BoFc9p8JILsRAtg8AJ9B8zhH5PCM9xHQUhR1WZAeSRntpACbBksN
dfBO+yTYz8bdx0d/9zE+Cks=
=dHQT
-----END PGP SIGNATURE-----


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on /dev/fuse

Miklos Szeredi
> >>Results in 660 for /dev/fuse. Maybe udev can be configured to set 666
> >>permissions for this device, but I think 666 as default would be nice
> >>for a userspace filesystem. :-)
> >
> > Yes, but if you use udev, it's a udev config issue.  Do you know how
> > to configure udev to have different default permissions for a device?
>
> Add 'KERNEL="fuse", MODE="0666"' to '/etc/udev/permissions.rules' and
> restart udev.

Thanks.  I see there's also /etc/udev/rules.d, so maybe it's possible
to install something there by default.

> But with udev and FUSE 2.3 it was 0666 by default...

I think not.  It probably worked with 2.3 because fusermount didn't
check the permissions on /dev/fuse.

Miklos




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel