Bug#725706: gvfs-fuse: make gvfs-fuse work out of the box
Josselin Mouette
joss at debian.org
Mon Oct 7 15:55:27 UTC 2013
Le lundi 07 octobre 2013 à 17:22 +0200, Laurent Bigonville a écrit :
> It would be nice if gvfs-fuse was working out of the box.
>
> Currently 2 things are blocking this:
>
> - The /dev/fuse being owned by root:fuse with 0660 permissions
> - /bin/fusermount being owned by root:fuse with 4750 permission
>
> If this matter, upstream udev rule is creating /dev/fuse with
> permissions 0666 (owned by root:root) and upstream Makefile is
> installing /bin/fusermount with 4755 permission (owned by root:root
> again)
>
> The correct ways of doing things here still probably need to be
> discussed.
An easy way to do that without lowering too much security is to
make /usr/lib/gvfs/gvfs-fuse-daemon 2755 root:fuse. This way only gvfs
could use the fuse capabilities.
Another possibility is to make /dev/fuse managed by udev-acl, but this
doesn’t solve the fusermount issue (it would require hiding it behind a
D-Bus service to do things properly).
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
More information about the pkg-gnome-maintainers
mailing list