search

mpartel / bindfs

Mount a directory elsewhere with changed permissions.
https://bindfs.org/
GNU General Public License v2.0
449 stars 64 forks source link

Mount directory as a non-root user from /etc/fstab #127

Closed vimist closed 1 year ago

vimist commented 1 year ago

Hi,

I've only recently come across bindfs (thanks for such a useful tool!), so I could very well be misunderstanding or misinterpreting the documentation, but I've been testing various combinations of flags and can't seem to get it to work the way I would like. I've got an example scenario below that should demonstrate my point.

If we run bindfs with no flags (as user) we get the behaviour I'm looking for:

user $ bindfs /somewhere /somewhere_else

Anyone that accesses /somewhere_else will access it with the permissions of user (as user is the user that performed the mount); even if root runs touch /somewhere_else/file the /somewhere/file file will be owned by user and within /somewhere_else root will not be able to access/do anything that user couldn't. This is what I want, but I don't believe it's possible to achieve this effect when mounting using /etc/fstab or when executing bindfs as root.

After running the above bindfs command, if you run mount it shows this:

/somewhere on /somewhere_else type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions,allow_other)

user has the UID 1000 and GID 1000, hence the user_id=1000,group_id=1000. I would like to be able to specify these as mount options, but when I attempt this, I get an error: mounting /somewhere on /somewhere_else failed: Invalid argument; I believe these options are the options that are causing the behaviour I'm looking for.

For the minute I think I'll have to run a script at boot to achieve what I want, but I would like to just be able to add an fstab entry. It's also quite possible I've overlooked one of the existing flags that does this, in which case, apologies for wasting your time.

Thanks for taking the time to read over this! :)

mpartel commented 1 year ago

Sorry for the slow response.

If you are on FUSE 3, then the setuid=... option documented in man fuse looks promising. There's also uid and user_id but I'm not sure what those do.

vimist commented 1 year ago

No problem, I appreciate you taking the time to reply. setuid does indeed do what I was looking for. I don't think I was aware that a lot of the options are inherited from fuse and the normal mount command, so I had only checked the bindfs man page.

In the end, my fstab entry looked something like this:

/somewhere /somewhere_else fuse.bindfs setuid=user 0 0

Now, anyone accessing /somewhere_else does so with the permissions of user. I'm making use of ACLs in /somewhere and (though not thoroughly tested yet) I think there are some issues I've got to work through there, possibly what's detailed in #91.

Thanks for your help!

mpartel commented 1 year ago

I don't think I was aware that a lot of the options are inherited from fuse and the normal mount command, so I had only checked the bindfs man page.

It's far from obvious. I've added a mention of the fuse man page to the bindfs man page (for the next release) :+1: