-2

Let's say I start a shell and I choose to show the content of the folder /user/content_A inside another folder /target

Now I start a second shell session, I want to show the content of another folder /user/content_B inside the same folder /target.

How would you achieve this? Symlink tricks? Fuse?

Thanks a lot!

dddjef
  • 1
  • Way too many options. Honestly, the easiest thing is probably private mount-table entries, but this is more a [unix.se] question than a SO one anyhow. (When you actually start writing it yourself and have a narrow question about a function call you're using or other specific piece of code, *then* it'll be a fit for Stack Overflow). – Charles Duffy Mar 07 '19 at 22:55
  • In terms of places to start, though -- see [`unshare`](http://man7.org/linux/man-pages/man1/unshare.1.html) as a tool for actually setting up a private mount-table namespace. You might need to have a setuid-root helper that calls it, sets up your mounts, and then drops permissions again, depending on the details of what you're up to. – Charles Duffy Mar 07 '19 at 22:57
  • Good Idea, I will start there – dddjef Mar 07 '19 at 22:57
  • (One advantage of the private-namespace approach is that it doesn't have a runtime performance penalty the way fuse does; that said, if you wanted to use fuse for other reasons, you *could* mitigate fuse's performance penalty by only having fuse return a single symlink pointing to content that's mounted with a native, or otherwise lower-overhead, filesystem). – Charles Duffy Mar 07 '19 at 23:00
  • At the risk of plugging one of my own git repos, see the README demonstrating `with-bind-mount` in https://github.com/charles-dyfis-net/ns-exec-tools (noting that the tool should be run under `unshare --mount` so it doesn't change the rest of the system). – Charles Duffy Mar 07 '19 at 23:04
  • Is the unshare command need root privileges to achieve this? – dddjef Mar 07 '19 at 23:09
  • Short answer: Probably. `unshare(CLONE_FS)` isn't explicitly documented as requiring `CAP_SYS_ADMIN`, but even if your kernel does allow it you'll need root *anyhow* to actually create the bind mount. Thus, a setuid wrapper that does the necessary privileged work (after appropriate sanity checks) and then drops permissions back to the original account is appropriate. – Charles Duffy Mar 07 '19 at 23:21

1 Answers1

0

User specific view of a directory tree can be easily done in Fuse as the uid/gid of the caller is always available to you via the fuse_context struct: fuse_get_context()->uid and fuse_get_context()->gid. You can use it in your implementation of readdir.

Oren Kishon
  • 509
  • 6
  • 8