Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 1 | General Information |
| 2 | =================== |
| 3 | |
| 4 | FUSE (Filesystem in USErspace) is a simple interface for userspace |
| 5 | programs to export a virtual filesystem to the linux kernel. FUSE |
| 6 | also aims to provide a secure method for non privileged users to |
| 7 | create and mount their own filesystem implementations. |
| 8 | |
| 9 | You can download the source code releases from |
| 10 | |
| 11 | http://sourceforge.net/projects/avf |
| 12 | |
| 13 | or alternatively you can use CVS to get the very latest development |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 14 | version by setting the cvsroot to |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 15 | |
| 16 | :pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf |
| 17 | |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 18 | and checking out the 'fuse' module. |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 19 | |
| 20 | Installation |
| 21 | ============ |
| 22 | |
| 23 | See the file 'INSTALL' |
| 24 | |
| 25 | IMPORTANT NOTE: If you run a system with untrusted users, installing |
| 26 | this program is not recommended, as it could be used to breach |
| 27 | security (see the 'Security' section for explanation). |
| 28 | |
| 29 | How To Use |
| 30 | ========== |
| 31 | |
| 32 | FUSE is made up of three main parts: |
| 33 | |
| 34 | - A kernel filesystem module (kernel/fuse.o) |
| 35 | |
| 36 | - A userspace library (lib/libfuse.a) |
| 37 | |
| 38 | - A mount/unmount program (util/fusermount) |
| 39 | |
| 40 | |
| 41 | Here's how to create your very own virtual filesystem in five easy |
Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame] | 42 | steps (after installing FUSE): |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 43 | |
| 44 | 1) Edit the file example/fusexmp.c to do whatever you want... |
| 45 | |
| 46 | 2) Build the fusexmp program |
| 47 | |
Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame] | 48 | 3) run 'example/fusexmp /mnt/whatever -d' |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 49 | |
| 50 | 4) ls -al /mnt/whatever |
| 51 | |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 52 | 5) Be glad |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 53 | |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 54 | If it doesn't work out, please ask! Also see the file 'include/fuse.h' for |
| 55 | detailed documentation of the library interface. |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 56 | |
Miklos Szeredi | e970f30 | 2004-02-25 08:39:42 +0000 | [diff] [blame] | 57 | The fusermount program accepts a couple of additional options (see |
| 58 | 'fusermount -h'). You can add these options after a '--' like this: |
Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame] | 59 | |
Miklos Szeredi | e970f30 | 2004-02-25 08:39:42 +0000 | [diff] [blame] | 60 | example/fusexmp /mnt/whatever -d -- -l |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 61 | |
| 62 | Security |
| 63 | ======== |
| 64 | |
| 65 | If you run 'make install', the fusermount program is installed |
| 66 | set-user-id to root. This is done to allow normal users to mount |
| 67 | their own filesystem implementations. |
| 68 | |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 69 | There must however be some limitations, in order to prevent Bad User from |
| 70 | doing nasty things. Currently those limitations are: |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 71 | |
| 72 | - The user can only mount on a mountpoint, for which it has write |
| 73 | permission |
| 74 | |
| 75 | - The mountpoint is not a sticky directory which isn't owned by the |
| 76 | user (like /tmp usually is) |
| 77 | |
Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 78 | - No other user (including root) can access the contents of the mounted |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 79 | filesystem. |
| 80 | |
Miklos Szeredi | e970f30 | 2004-02-25 08:39:42 +0000 | [diff] [blame] | 81 | Currently the first two conditions are checked by the fusermount |
| 82 | program before doing the mount. This is in fact not perfectly secure, |
| 83 | since there is a window of time, after fusermount has checked the |
| 84 | mountpoint and before the mount actually takes place, when the user is |
| 85 | able to change the mountpoint (e.g. by changing symbolic links). |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 86 | |
Miklos Szeredi | e970f30 | 2004-02-25 08:39:42 +0000 | [diff] [blame] | 87 | The preferred method would be if the kernel would check the |
| 88 | permissions. There is a patch for this for the 2.6.X kernel (where X |
| 89 | >= 3) in the patch directory. If you apply this patch then the suid |
| 90 | bit can be removed from the fusermount program. |
Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 91 | |
Miklos Szeredi | e970f30 | 2004-02-25 08:39:42 +0000 | [diff] [blame] | 92 | Comments about this are appreciated. |