diff options
author | Bernd Schubert <bernd.schubert@fastmail.fm> | 2010-05-16 21:22:41 +0200 |
---|---|---|
committer | Bernd Schubert <bernd.schubert@fastmail.fm> | 2010-05-16 21:22:41 +0200 |
commit | 475eed7402aa6e48e24476cb9ec5201942ede602 (patch) | |
tree | c22cd8a33d662549988bde1aa135eca5ed4a98a7 /src | |
parent | 9c27154ec3726e84d09450db6432dea8968ff055 (diff) | |
download | unionfs-fuse-475eed7402aa6e48e24476cb9ec5201942ede602.tar.gz |
Add commit "-o relaxed_permission" changes
Diffstat (limited to 'src')
-rw-r--r-- | src/opts.c | 5 | ||||
-rw-r--r-- | src/opts.h | 2 | ||||
-rw-r--r-- | src/unionfs.c | 20 |
3 files changed, 25 insertions, 2 deletions
@@ -228,6 +228,8 @@ static void print_help(const char *progname) { " -o hide_meta_dir \".unionfs\" is a secret directory not\n" " print by readdir()\n" " -o max_files=number Increase the maximum number of open files\n" + " -o relaxed_permissions Disable permissions checks, but only if\n" + " running neither as UID=0 or GID=0\n" " -o statfs_omit_ro do not count blocks of ro-branches\n" " -o stats show statistics in the file 'stats' under the\n" "\n", @@ -314,6 +316,9 @@ int unionfs_opt_proc(void *data, const char *arg, int key, struct fuse_args *out case KEY_STATFS_OMIT_RO: uopt.statfs_omit_ro = true; return 0; + case KEY_RELAXED_PERMISSIONS: + uopt.relaxed_permissions = true; + return 0; case KEY_STATS: uopt.stats_enabled = 1; return 0; @@ -27,6 +27,7 @@ typedef struct { int retval; char *chroot; // chroot we might go into bool hide_meta_dir; + bool relaxed_permissions; } uopt_t; @@ -37,6 +38,7 @@ enum { KEY_HIDE_METADIR, KEY_MAX_FILES, KEY_NOINITGROUPS, + KEY_RELAXED_PERMISSIONS, KEY_STATFS_OMIT_RO, KEY_STATS, KEY_VERSION diff --git a/src/unionfs.c b/src/unionfs.c index de22d19..9101d7f 100644 --- a/src/unionfs.c +++ b/src/unionfs.c @@ -58,6 +58,7 @@ static struct fuse_opt unionfs_opts[] = { FUSE_OPT_KEY("hide_meta_dir", KEY_HIDE_METADIR), FUSE_OPT_KEY("max_files=%s", KEY_MAX_FILES), FUSE_OPT_KEY("noinitgroups", KEY_NOINITGROUPS), + FUSE_OPT_KEY("relaxed_permissions", KEY_RELAXED_PERMISSIONS), FUSE_OPT_KEY("statfs_omit_ro", KEY_STATFS_OMIT_RO), FUSE_OPT_KEY("stats", KEY_STATS), FUSE_OPT_KEY("--version", KEY_VERSION), @@ -803,10 +804,25 @@ int main(int argc, char *argv[]) { // enable fuse permission checks, we need to set this, even we we are // not root, since we don't have our own access() function - if (fuse_opt_add_arg(&args, "-odefault_permissions")) { - fprintf(stderr, "Severe failure, can't enable permssion checks, aborting!\n"); + int uid = getuid(); + int gid = getgid(); + bool default_permissions = true; + + if (uid != 0 && gid != 0 && uopt.relaxed_permissions) { + default_permissions = false; + } else if (uopt.relaxed_permissions) { + // protec the user of a very critical security issue + fprintf(stderr, "Relaxed permissions disallowed for root!\n"); exit(1); } + + if (default_permissions) { + fprintf(stderr, "Enabling default permissions\n"); + if (fuse_opt_add_arg(&args, "-odefault_permissions")) { + fprintf(stderr, "Severe failure, can't enable permssion checks, aborting!\n"); + exit(1); + } + } unionfs_post_opts(); umask(0); |