| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame^] | 1 | General Information |
| 2 | =================== |
| 3 | |
| 4 | FUSE (Filesystem in USErspace) is a simple interface for userspace |
| 5 | programs to export a virtual filesystem to the linux kernel. FUSE |
| 6 | also aims to provide a secure method for non privileged users to |
| 7 | create and mount their own filesystem implementations. |
| 8 | |
| 9 | You can download the source code releases from |
| 10 | |
| 11 | http://sourceforge.net/projects/avf |
| 12 | |
| 13 | or alternatively you can use CVS to get the very latest development |
| 14 | version: set the cvsroot to |
| 15 | |
| 16 | :pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf |
| 17 | |
| 18 | and check out the 'fuse' module. |
| 19 | |
| 20 | Installation |
| 21 | ============ |
| 22 | |
| 23 | See the file 'INSTALL' |
| 24 | |
| 25 | IMPORTANT NOTE: If you run a system with untrusted users, installing |
| 26 | this program is not recommended, as it could be used to breach |
| 27 | security (see the 'Security' section for explanation). |
| 28 | |
| 29 | How To Use |
| 30 | ========== |
| 31 | |
| 32 | FUSE is made up of three main parts: |
| 33 | |
| 34 | - A kernel filesystem module (kernel/fuse.o) |
| 35 | |
| 36 | - A userspace library (lib/libfuse.a) |
| 37 | |
| 38 | - A mount/unmount program (util/fusermount) |
| 39 | |
| 40 | |
| 41 | Here's how to create your very own virtual filesystem in five easy |
| 42 | steps: |
| 43 | |
| 44 | 1) Edit the file example/fusexmp.c to do whatever you want... |
| 45 | |
| 46 | 2) Build the fusexmp program |
| 47 | |
| 48 | 3) run 'util/fusermount /mnt/whatever example/fusexmp -d' |
| 49 | |
| 50 | 4) ls -al /mnt/whatever |
| 51 | |
| 52 | 5) Be glad! |
| 53 | |
| 54 | If it doesn't work out, you can ask the me. (Oh yeah, and you need to |
| 55 | do 'insmod kernel/fuse.o' before running your program, in case you |
| 56 | forgot). |
| 57 | |
| 58 | See the file 'include/fuse.h' for documentation of the library interface. |
| 59 | |
| 60 | |
| 61 | Security |
| 62 | ======== |
| 63 | |
| 64 | If you run 'make install', the fusermount program is installed |
| 65 | set-user-id to root. This is done to allow normal users to mount |
| 66 | their own filesystem implementations. |
| 67 | |
| 68 | There must however be some limitations to forbid the Bad User to do |
| 69 | Naughty Things with your Beautiful system. Currently those |
| 70 | limitations are: |
| 71 | |
| 72 | - The user can only mount on a mountpoint, for which it has write |
| 73 | permission |
| 74 | |
| 75 | - The mountpoint is not a sticky directory which isn't owned by the |
| 76 | user (like /tmp usually is) |
| 77 | |
| 78 | - If the user doing the mount is not root, then no other user |
| 79 | (including root) can access the contents of the mounted |
| 80 | filesystem. |
| 81 | |
| 82 | When linux will have private namespaces (as soon as version 2.5 comes |
| 83 | out) then this third condition is useless and can be gotten rid of. |
| 84 | |
| 85 | Currently the first two conditions are checked by the fusermount |
| 86 | program before doing the mount. This has the nice feature, that it's |
| 87 | totally useless. Here's why: |
| 88 | |
| 89 | - user creates /tmp/mydir |
| 90 | - user starts fusermount |
| 91 | - user removes /tmp/mydir just after fusermount checked that it is OK |
| 92 | - user creates symlink: ln -s / /tmp/mydir |
| 93 | - fusermount actually mounts user's filesystem on '/' |
| 94 | - this is bad :( |
| 95 | |
| 96 | So to make this secure, the checks must be done by the kernel. And so |
| 97 | there is a patch (patch/ms_permission.patch) which does exactly this. |
| 98 | This is against 2.4.14, but applies to some earlier kernels (not too |
| 99 | much earlier though), and possibly some later (I couldn't know, could |
| 100 | I?). |
| 101 | |