| General Information |
| =================== |
| |
| FUSE (Filesystem in USErspace) is a simple interface for userspace |
| programs to export a virtual filesystem to the linux kernel. FUSE |
| also aims to provide a secure method for non privileged users to |
| create and mount their own filesystem implementations. |
| |
| You can download the source code releases from |
| |
| http://sourceforge.net/projects/avf |
| |
| or alternatively you can use CVS to get the very latest development |
| version by setting the cvsroot to |
| |
| :pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf |
| |
| and checking out the 'fuse' module. |
| |
| Installation |
| ============ |
| |
| See the file 'INSTALL' |
| |
| IMPORTANT NOTE: If you run a system with untrusted users, installing |
| this program is not recommended, as it could be used to breach |
| security (see the 'Security' section for explanation). |
| |
| How To Use |
| ========== |
| |
| FUSE is made up of three main parts: |
| |
| - A kernel filesystem module (kernel/fuse.o) |
| |
| - A userspace library (lib/libfuse.a) |
| |
| - A mount/unmount program (util/fusermount) |
| |
| |
| Here's how to create your very own virtual filesystem in five easy |
| steps (after installing FUSE): |
| |
| 1) Edit the file example/fusexmp.c to do whatever you want... |
| |
| 2) Build the fusexmp program |
| |
| 3) run 'example/fusexmp /mnt/whatever -d' |
| |
| 4) ls -al /mnt/whatever |
| |
| 5) Be glad |
| |
| If it doesn't work out, please ask! Also see the file 'include/fuse.h' for |
| detailed documentation of the library interface. |
| |
| You can also mount your filesystem like this: |
| |
| fusermount /mnt/whatever example/fusexmp -d |
| |
| The fusermount program now accepts a couple of additional options. |
| Run it with the '-h' option to see a description. |
| |
| Security |
| ======== |
| |
| If you run 'make install', the fusermount program is installed |
| set-user-id to root. This is done to allow normal users to mount |
| their own filesystem implementations. |
| |
| There must however be some limitations, in order to prevent Bad User from |
| doing nasty things. Currently those limitations are: |
| |
| - The user can only mount on a mountpoint, for which it has write |
| permission |
| |
| - The mountpoint is not a sticky directory which isn't owned by the |
| user (like /tmp usually is) |
| |
| - No other user (including root) can access the contents of the mounted |
| filesystem. |
| |
| When linux will have private namespaces (as soon as version 2.5 comes out |
| hopefully) then this third condition is useless and can be gotten rid of. |
| |
| Currently the first two conditions are checked by the fusermount program |
| before doing the mount. This has the nice feature, that it's totally |
| useless. Here's why: |
| |
| - user creates /tmp/mydir |
| - user starts fusermount |
| - user removes /tmp/mydir just after fusermount checked that it is OK |
| - user creates symlink: ln -s / /tmp/mydir |
| - fusermount actually mounts user's filesystem on '/' |
| - this is bad :( |
| |
| So to make this secure, the checks must be done by the kernel. And so |
| there is a patch (patch/ms_permission.patch) which does exactly this. |
| This is against 2.4.14, but applies to some earlier kernels (not too |
| much earlier though), and possibly some later. |
| |