[Pkg-ltsp-devel] Bug#574516: ltspfs: patches required for robust operation (including non-fuse-group users)

[David Adam]

Package: ltspfs
Version: 0.5.3
Followup-For: Bug #574516


We've been trying to get LOCALDEV mounting working without adding all
our users to the fuser group. It can be accomplished with a file mode
change, editing a udev script, and a patch to lbmount.

 * chmod o+x /usr/bin/fusermount

 * add appropriate permissions flags to udev for /dev/fuse by editing
   /etc/udev/rules.d/91-permissions.rules to include 'MODE="0666",' on
   the KERNEL=="fuse" line.

 * patch src/lbmount.c as follows:

--- a/src/lbmount.c
+++ b/src/lbmount.c
@@ -259,6 +259,10 @@
                  pwent->pw_name);
         
         mkdir_safe(mediamount);
+        // use the calling user's group (so they don't have to be in the fuse group)
+        chown(mediamount, -1, pwent->pw_gid);
+        // restrictive umasks may deny group read permissions
+        chmod(mediamount, 0750);
 
         /* Now, create the media dir underneath the uid dir */
         
---

(note that this patch also makes lbmount more robust in the face of
restrictive umasks such as 077)

I'm not sure this patch should go into stock lbmount but perhaps a more
general version could be implemented.

Initially the chown() call set the owner to uidReal as well, but I wasn't sure
if this precipitated the exact race condition that mkdir_safe() was intended to
avoid. If it doesn't, perhaps a patch without the chmod() lines which uses
  chown(mediamount, uidReal, pwent->pw_gid();
would be more amenable for upstream use.