434881 – fuse is busted for unprivileged user

Bug 434881 - fuse is busted for unprivileged user

Summary: fuse is busted for unprivileged user

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	fuse
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Peter Lemenkov
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-25 23:39 UTC by David Zeuthen
Modified:	2013-03-06 03:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:	2.7.3-2.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-13 07:41:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David Zeuthen 2008-02-25 23:39:17 UTC

$ sshfs hook.local:/ `pwd`/hook
fusermount: mount failed: Operation not permitted

$ pwd
/home/davidz

[davidz@oneill ~]$ ls -l |grep hook
drwxrwxr-x  2 davidz davidz      4096 2007-12-07 17:45 hook

$ rpm -q fuse fuse-sshfs
fuse-2.7.3-1.fc9.i386
fuse-sshfs-1.9-3.fc9.i386

This works fine when running as uid 0. What gives? Thanks.

Comment 1 Jason Farrell 2008-02-26 13:13:40 UTC

Broken in F8 updates-testing as well. Can no longer mount my ~/secure dir.

[jaf@nano:0j:125h:0e:11.25MB ~]$ rpm -qa \*fuse\*
fuseiso-20070708-2.fc8
fuse-sshfs-1.9-2.fc8
fuse-libs-2.7.3-1.fc8
fuse-2.7.3-1.fc8
fuse-encfs-1.4.1.1-1.fc8
fuse-devel-2.7.3-1.fc8
[jaf@nano:0j:126h:0e:11.25MB ~]$ encfs ~/.secure ~/secure
EncFS Password:
fusermount: mount failed: Operation not permitted
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message
[jaf@nano:0j:127h:1e:11.25MB ~]$ lsmod|grep fuse
fuse                   41301  5
[jaf@nano:0j:128h:0e:11.25MB ~]$ chkconfig --list fuse
fuse            0:off   1:off   2:off   3:on    4:on    5:on    6:off
[jaf@nano:0j:129h:0e:11.25MB ~]$ ll /dev/fuse
crw-rw-rw- 1 root fuse 10, 229 2008-02-26 07:54 /dev/fuse
[jaf@nano:0j:130h:0e:11.25MB ~]$ groups
jaf wheel crack fuse vboxusers
[jaf@nano:0j:131h:0e:11.25MB ~]$ rpm -q --changelog fuse|grep group
- Removed usergroup fuse
- Add hint to README.fedora and that you have to be member of the group "fuse"
- Use groupadd instead of fedora-groupadd
- Use a fuse group to restict access to fuse-filesystems

Comment 2 David Zeuthen 2008-02-26 18:15:45 UTC

Isn't /bin/fusermount supposed to be setuid root?

Anyway, making it setuid root works for me.

Of course you need to check this is safe; I didn't check the source code nor
what upstream recommends.

Comment 3 Peter Lemenkov 2008-02-28 10:56:26 UTC

Upstream recommendation is to setuid root for fusermount. I fixed this issue in
latest fuse build - let's wait until it arrives in repo.

Comment 4 Fedora Update System 2008-02-28 11:38:14 UTC

fuse-2.7.3-2.fc7 has been submitted as an update for Fedora 7

Comment 5 Fedora Update System 2008-02-28 11:38:49 UTC

fuse-2.7.3-2.fc8 has been submitted as an update for Fedora 8

Comment 6 Fedora Update System 2008-02-28 21:36:22 UTC

fuse-2.7.3-2.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fuse'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-2046

Comment 7 Fedora Update System 2008-03-13 07:41:52 UTC

fuse-2.7.3-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2008-03-13 07:44:52 UTC

fuse-2.7.3-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.