Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

user process can't access filesystem when not in primary group #465

Closed
jonleivent opened this issue May 14, 2023 · 4 comments
Closed

user process can't access filesystem when not in primary group #465

jonleivent opened this issue May 14, 2023 · 4 comments

Comments

@jonleivent
Copy link

I asked this in the gocryptfs discussions page, and it was suggested that I ask it here:

I have a mounted fuse (gocryptfs) filesystem that a user owns and can access. However,a process with that user's UID but not the user's primary group GID cannot access the filesystem. The filesystem is not mounted with the allow_others option, and I would rather not have to resort to using allow_others. I haven't tried allow_others to see if it changes this behavior, because of the security implications.

Is this expected behavior? Is there an alternative way around it besides using the allow_others mount option?
@hanwen
Copy link
Owner

hanwen commented May 15, 2023

It sounds like something outside of go-fuse control. Does a debug log show that it's trying to check for access? (ACCESS opcode)? Let me check over here.

@hanwen
Copy link
Owner

hanwen commented May 15, 2023
edited
Loading

Double checked this: in this config (without allow_other) the request never reaches the server. So you need some sort of kernel option to allow the request to go through.

If you do use allow_other, then it is up to the FUSE daemon to check requests agains the calling GID/UID. I don't know if go-cryptfs does anything of the sort. @rfjakob

come to think of it, the loopback FS never bothers to set correct UID/GID for requests passed on in the loopback FS.

@rfjakob
Copy link
Contributor

rfjakob commented May 15, 2023 via email

@hanwen
Copy link
Owner

hanwen commented May 15, 2023

#466 for the loopback problem.

@hanwen hanwen closed this as completed May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hanwen @rfjakob @jonleivent