0

I have two chained FUSE filesystems that are intended to work together, both running as root: process P attempts to access file F first through FS1; FS1 looks to FS2. Now FS2 needs to obtain the context information (pid, user, and group) of P (rather than FS1) in order to verify that P has permission to access the files.

What is the recommended way to do this?

John Hinrichsen
  • 239
  • 3
  • 4
  • If they're both running as root, neither one knows who P is. What's the point of running in User Space if you're going to run as root? If you've got ssh access and you want FS2 to know who you are, log in directly. If you can only reach FS2 through FS1, use ssh to tunnel. – LinuxDisciple Apr 07 '16 at 21:57
  • My question is about FUSE filesystems in general, and not sshfs (implied by details in your comment.) – John Hinrichsen Apr 07 '16 at 22:29
  • I see now that I wrongly inferred sshfs. – LinuxDisciple Apr 07 '16 at 23:47
  • After doing some research, I think I have the answer: to call setfsuid and setfsgid in FS1 before performing filesystem operations that will invoke FS2. If this works I will explain the details in an answer. – John Hinrichsen Apr 08 '16 at 14:56

1 Answers1

0

This question is effectively answered here: Change UID/GID only of one thread in Linux

Filesystem operations (open, stat, etc.) from within FS1 that access files owned by FS2 need to be performed as the user of the calling process in order to ensure that filesystem permissions are respected. The canonical way to do this is by using the thread-specific APIs setfsuid and setfsgid to allow FS1, when running as root, to perform the filesystem operations as if it were running as the non-root user. On failure of the fs call, errno should be captured immediately. After that, setfsuid and setfsgid should be used to revert the effective uid/gid back to root/root.

See the fs_unlink example here: https://sourceforge.net/p/fuse/mailman/message/29362682/

Community
  • 1
  • 1
John Hinrichsen
  • 239
  • 3
  • 4