Bug 434881 - fuse is busted for unprivileged user
fuse is busted for unprivileged user
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: fuse (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Lemenkov
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-25 18:39 EST by David Zeuthen
Modified: 2013-03-05 22:54 EST (History)
5 users (show)

See Also:
Fixed In Version: 2.7.3-2.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-13 03:41:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Zeuthen 2008-02-25 18:39:17 EST
$ sshfs hook.local:/ `pwd`/hook
fusermount: mount failed: Operation not permitted

$ pwd
/home/davidz

[davidz@oneill ~]$ ls -l |grep hook
drwxrwxr-x  2 davidz davidz      4096 2007-12-07 17:45 hook

$ rpm -q fuse fuse-sshfs
fuse-2.7.3-1.fc9.i386
fuse-sshfs-1.9-3.fc9.i386

This works fine when running as uid 0. What gives? Thanks.
Comment 1 Jason Farrell 2008-02-26 08:13:40 EST
Broken in F8 updates-testing as well. Can no longer mount my ~/secure dir.

[jaf@nano:0j:125h:0e:11.25MB ~]$ rpm -qa \*fuse\*
fuseiso-20070708-2.fc8
fuse-sshfs-1.9-2.fc8
fuse-libs-2.7.3-1.fc8
fuse-2.7.3-1.fc8
fuse-encfs-1.4.1.1-1.fc8
fuse-devel-2.7.3-1.fc8
[jaf@nano:0j:126h:0e:11.25MB ~]$ encfs ~/.secure ~/secure
EncFS Password:
fusermount: mount failed: Operation not permitted
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message
[jaf@nano:0j:127h:1e:11.25MB ~]$ lsmod|grep fuse
fuse                   41301  5
[jaf@nano:0j:128h:0e:11.25MB ~]$ chkconfig --list fuse
fuse            0:off   1:off   2:off   3:on    4:on    5:on    6:off
[jaf@nano:0j:129h:0e:11.25MB ~]$ ll /dev/fuse
crw-rw-rw- 1 root fuse 10, 229 2008-02-26 07:54 /dev/fuse
[jaf@nano:0j:130h:0e:11.25MB ~]$ groups
jaf wheel crack fuse vboxusers
[jaf@nano:0j:131h:0e:11.25MB ~]$ rpm -q --changelog fuse|grep group
- Removed usergroup fuse
- Add hint to README.fedora and that you have to be member of the group "fuse"
- Use groupadd instead of fedora-groupadd
- Use a fuse group to restict access to fuse-filesystems
Comment 2 David Zeuthen 2008-02-26 13:15:45 EST
Isn't /bin/fusermount supposed to be setuid root?

Anyway, making it setuid root works for me.

Of course you need to check this is safe; I didn't check the source code nor
what upstream recommends.
Comment 3 Peter Lemenkov 2008-02-28 05:56:26 EST
Upstream recommendation is to setuid root for fusermount. I fixed this issue in
latest fuse build - let's wait until it arrives in repo.
Comment 4 Fedora Update System 2008-02-28 06:38:14 EST
fuse-2.7.3-2.fc7 has been submitted as an update for Fedora 7
Comment 5 Fedora Update System 2008-02-28 06:38:49 EST
fuse-2.7.3-2.fc8 has been submitted as an update for Fedora 8
Comment 6 Fedora Update System 2008-02-28 16:36:22 EST
fuse-2.7.3-2.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fuse'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-2046
Comment 7 Fedora Update System 2008-03-13 03:41:52 EDT
fuse-2.7.3-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2008-03-13 03:44:52 EDT
fuse-2.7.3-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.