| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 1 | General Information |
| 2 | =================== |
| 3 | |
| 4 | FUSE (Filesystem in USErspace) is a simple interface for userspace |
| 5 | programs to export a virtual filesystem to the linux kernel. FUSE |
| 6 | also aims to provide a secure method for non privileged users to |
| 7 | create and mount their own filesystem implementations. |
| 8 | |
| 9 | You can download the source code releases from |
| 10 | |
| 11 | http://sourceforge.net/projects/avf |
| 12 | |
| 13 | or alternatively you can use CVS to get the very latest development |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 14 | version by setting the cvsroot to |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 15 | |
| 16 | :pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf |
| 17 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 18 | and checking out the 'fuse' module. |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 19 | |
| 20 | Installation |
| 21 | ============ |
| 22 | |
| 23 | See the file 'INSTALL' |
| 24 | |
| 25 | IMPORTANT NOTE: If you run a system with untrusted users, installing |
| 26 | this program is not recommended, as it could be used to breach |
| 27 | security (see the 'Security' section for explanation). |
| 28 | |
| 29 | How To Use |
| 30 | ========== |
| 31 | |
| 32 | FUSE is made up of three main parts: |
| 33 | |
| 34 | - A kernel filesystem module (kernel/fuse.o) |
| 35 | |
| 36 | - A userspace library (lib/libfuse.a) |
| 37 | |
| 38 | - A mount/unmount program (util/fusermount) |
| 39 | |
| 40 | |
| 41 | Here's how to create your very own virtual filesystem in five easy |
| Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame^] | 42 | steps (after installing FUSE): |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 43 | |
| 44 | 1) Edit the file example/fusexmp.c to do whatever you want... |
| 45 | |
| 46 | 2) Build the fusexmp program |
| 47 | |
| Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame^] | 48 | 3) run 'example/fusexmp /mnt/whatever -d' |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 49 | |
| 50 | 4) ls -al /mnt/whatever |
| 51 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 52 | 5) Be glad |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 53 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 54 | If it doesn't work out, please ask! Also see the file 'include/fuse.h' for |
| 55 | detailed documentation of the library interface. |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 56 | |
| Miklos Szeredi | ddc862a | 2002-01-09 13:46:10 +0000 | [diff] [blame^] | 57 | You can also mount your filesystem like this: |
| 58 | |
| 59 | fusermount /mnt/whatever example/fusexmp -d |
| 60 | |
| 61 | The fusermount program now accepts a couple of additional options. |
| 62 | Run it with the '-h' option to see a description. |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 63 | |
| 64 | Security |
| 65 | ======== |
| 66 | |
| 67 | If you run 'make install', the fusermount program is installed |
| 68 | set-user-id to root. This is done to allow normal users to mount |
| 69 | their own filesystem implementations. |
| 70 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 71 | There must however be some limitations, in order to prevent Bad User from |
| 72 | doing nasty things. Currently those limitations are: |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 73 | |
| 74 | - The user can only mount on a mountpoint, for which it has write |
| 75 | permission |
| 76 | |
| 77 | - The mountpoint is not a sticky directory which isn't owned by the |
| 78 | user (like /tmp usually is) |
| 79 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 80 | - No other user (including root) can access the contents of the mounted |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 81 | filesystem. |
| 82 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 83 | When linux will have private namespaces (as soon as version 2.5 comes out |
| 84 | hopefully) then this third condition is useless and can be gotten rid of. |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 85 | |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 86 | Currently the first two conditions are checked by the fusermount program |
| 87 | before doing the mount. This has the nice feature, that it's totally |
| 88 | useless. Here's why: |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 89 | |
| 90 | - user creates /tmp/mydir |
| 91 | - user starts fusermount |
| 92 | - user removes /tmp/mydir just after fusermount checked that it is OK |
| 93 | - user creates symlink: ln -s / /tmp/mydir |
| 94 | - fusermount actually mounts user's filesystem on '/' |
| 95 | - this is bad :( |
| 96 | |
| 97 | So to make this secure, the checks must be done by the kernel. And so |
| 98 | there is a patch (patch/ms_permission.patch) which does exactly this. |
| 99 | This is against 2.4.14, but applies to some earlier kernels (not too |
| Miklos Szeredi | 0a7077f | 2001-11-11 18:20:17 +0000 | [diff] [blame] | 100 | much earlier though), and possibly some later. |
| Miklos Szeredi | 8cffdb9 | 2001-11-09 14:49:18 +0000 | [diff] [blame] | 101 | |