blob: 009643c1eb707c771960659c609b8e981e7a288b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
General Information
===================
FUSE (Filesystem in USErspace) is a simple interface for userspace
programs to export a virtual filesystem to the linux kernel. FUSE
also aims to provide a secure method for non privileged users to
create and mount their own filesystem implementations.
You can download the source code releases from
http://sourceforge.net/projects/avf
or alternatively you can use CVS to get the very latest development
version by setting the cvsroot to
:pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf
and checking out the 'fuse' module.
Installation
============
See the file 'INSTALL'
IMPORTANT NOTE: If you run a system with untrusted users, installing
this program is not recommended, as it could be used to breach
security (see the 'Security' section for explanation).
How To Use
==========
FUSE is made up of three main parts:
- A kernel filesystem module (kernel/fuse.o)
- A userspace library (lib/libfuse.a)
- A mount/unmount program (util/fusermount)
Here's how to create your very own virtual filesystem in five easy
steps (after installing FUSE):
1) Edit the file example/fusexmp.c to do whatever you want...
2) Build the fusexmp program
3) run 'example/fusexmp /mnt/whatever -d'
4) ls -al /mnt/whatever
5) Be glad
If it doesn't work out, please ask! Also see the file 'include/fuse.h' for
detailed documentation of the library interface.
The fusermount program accepts a couple of additional options (see
'fusermount -h'). You can add these options after a '--' like this:
example/fusexmp /mnt/whatever -d -- -l
Security
========
If you run 'make install', the fusermount program is installed
set-user-id to root. This is done to allow normal users to mount
their own filesystem implementations.
There must however be some limitations, in order to prevent Bad User from
doing nasty things. Currently those limitations are:
- The user can only mount on a mountpoint, for which it has write
permission
- The mountpoint is not a sticky directory which isn't owned by the
user (like /tmp usually is)
- No other user (including root) can access the contents of the mounted
filesystem.
Currently the first two conditions are checked by the fusermount
program before doing the mount. This is in fact not perfectly secure,
since there is a window of time, after fusermount has checked the
mountpoint and before the mount actually takes place, when the user is
able to change the mountpoint (e.g. by changing symbolic links).
The preferred method would be if the kernel would check the
permissions. There is a patch for this for the 2.6.X kernel (where X
>= 3) in the patch directory. If you apply this patch then the suid
bit can be removed from the fusermount program.
Comments about this are appreciated.
|
