Bug#725706: gvfs-fuse: make gvfs-fuse work out of the box
Michael Biebl
biebl at debian.org
Mon Oct 7 16:58:58 UTC 2013
Am 07.10.2013 18:24, schrieb Michael Biebl:
> Am 07.10.2013 17:55, schrieb Josselin Mouette:
>> Le lundi 07 octobre 2013 à 17:22 +0200, Laurent Bigonville a écrit :
>>> It would be nice if gvfs-fuse was working out of the box.
>>>
>>> Currently 2 things are blocking this:
>>>
>>> - The /dev/fuse being owned by root:fuse with 0660 permissions
>>> - /bin/fusermount being owned by root:fuse with 4750 permission
>>>
>>> If this matter, upstream udev rule is creating /dev/fuse with
>>> permissions 0666 (owned by root:root) and upstream Makefile is
>>> installing /bin/fusermount with 4755 permission (owned by root:root
>>> again)
>>>
>>> The correct ways of doing things here still probably need to be
>>> discussed.
>>
>> An easy way to do that without lowering too much security is to
>> make /usr/lib/gvfs/gvfs-fuse-daemon 2755 root:fuse. This way only gvfs
>> could use the fuse capabilities.
>
> just some minor correction here: the daemon is called
> /usr/lib/gvfs/gvfsd-fuse
>
>> Another possibility is to make /dev/fuse managed by udev-acl, but this
>> doesn’t solve the fusermount issue (it would require hiding it behind a
>> D-Bus service to do things properly).
>
> Splitting /usr/lib/gvfs/gvfsd-fuse into a user part and a D-Bus system
> service (which does the privileged mounting) is definitely more work. If
> we go that route, we don't need the udev-acl/uaccess permissions for
> /dev/fuse.
The following worked for me:
1/ sudo chown root:fuse /usr/lib/gvfs/gvfsd-fuse
2/ sudo chmod 2755 /usr/lib/gvfs/gvfsd-fuse
3/ echo 'KERNEL=="fuse", TAG+="uaccess"' >
/etc/udev/rules.d/61-fuse-permissions.rules
Without 3/, I got a permission denied error from fusermount:
$ /usr/lib/gvfs/gvfsd-fuse -d -f /run/user/1000/gvfs-fuse/
fusermount: failed to open /dev/fuse: Permission denied
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20131007/ec2c2120/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list