[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/4] export/fuse: Allow other users access to the export
From: |
Kevin Wolf |
Subject: |
Re: [PATCH 0/4] export/fuse: Allow other users access to the export |
Date: |
Mon, 21 Jun 2021 18:12:14 +0200 |
Am 14.06.2021 um 16:44 hat Max Reitz geschrieben:
> Hi,
>
> With the default mount options, FUSE mounts are not accessible to any
> users but the one who did the mount, not even to root. To allow such
> accesses, allow_other must be passed.
>
> This is probably useful to some people (it certainly is to me, e.g. when
> exporting some image as my normal user, and then trying to loop mount it
> as root), so this series adds a QAPI allow-other bool that will make the
> FUSE export code pass allow_other,default_permissions to FUSE.
>
> (default_permissions will make the kernel do the usual UNIX permission
> checks, which is something that makes a lot of sense when allowing other
> users access to the export.)
>
> This also requires our SETATTR code to be able to handle permission
> changes, though, so the user can then run chmod/chown/chgrp on the
> export to adjust its permissions to their need.
>
> The final patch adds a test.
If there is even a use case for leaving the option off (not trusting
root?), it must certainly be the less common case? So I'm not sure if
allow-other should be an option at all, but if it is, enabling it by
default would make more sense to me.
Is there a reason why you picked false as the default, except that it is
the old behaviour?
Kevin
- Re: [PATCH 3/4] export/fuse: Let permissions be adjustable, (continued)
[PATCH 1/4] export/fuse: Add allow-other option, Max Reitz, 2021/06/14
[PATCH 4/4] iotests/308: Test allow-other, Max Reitz, 2021/06/14
[PATCH 2/4] export/fuse: Give SET_ATTR_SIZE its own branch, Max Reitz, 2021/06/14
Re: [PATCH 0/4] export/fuse: Allow other users access to the export,
Kevin Wolf <=