Added option --realistic-permissions.

5 files changed, 60 insertions, 20 deletions

diff --git a/ChangeLog b/ChangeLog
index 8bd5527..864bbbc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 2012-01-24  Martin Pärtel <martin dot partel at gmail dot com>
 
 	* Added --hide-hard-links.
+	* Moved some questionable default behavior to new
+	  option --realistic-permissions.
 
 2010-08-07  Martin Pärtel <martin dot partel at gmail dot com>
 
diff --git a/src/bindfs.1 b/src/bindfs.1
index d92c55d..0f91a39 100644
--- a/src/bindfs.1
+++ b/src/bindfs.1
@@ -196,7 +196,17 @@ The read/write permissions are checked against the (possibly modified)
 file permissions inside the mount.
 
 
-.SH MISCELLANEOUS WORKAROUNDS
+.SH MISCELLANEOUS OPTIONS
+
+.TP
+.B \-\-realistic\-permissions, \-o realistic\-permissions
+Hides read/write/execute permissions for a mirrored file when the mounter
+doesn't have read/write/execute access to the underlying file.
+Useless when mounting as root, since root will always have full access.
+
+(Prior to version 1.10 this option was the default behavior.
+I felt it violated the principle of least surprise badly enough
+to warrant a small break in backwards-compatibility.)
 
 .TP
 .B \-\-ctime\-from-mtime, \-o ctime\-from\-mtime
diff --git a/src/bindfs.c b/src/bindfs.c
index f68c412..ffefdbb 100644
--- a/src/bindfs.c
+++ b/src/bindfs.c
@@ -1,5 +1,5 @@
 /*
-    Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com>
+    Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com>
 
     This file is part of bindfs.
 
@@ -117,8 +117,9 @@ static struct settings {
     gid_t *mirrored_members;
     int num_mirrored_members;
 
-    int ctime_from_mtime;
+    int realistic_permissions;
 
+    int ctime_from_mtime;
     int hide_hard_links;
     
 } settings;
@@ -251,13 +252,15 @@ static int getattr_common(const char *procpath, struct stat *stbuf)
     /* Apply user-defined permission bit modifications */
     stbuf->st_mode = permchain_apply(settings.permchain, stbuf->st_mode);
 
-    /* Check that we can really do what we promise */
-    if (access(procpath, R_OK) == -1)
-        stbuf->st_mode &= ~0444;
-    if (access(procpath, W_OK) == -1)
-        stbuf->st_mode &= ~0222;
-    if (access(procpath, X_OK) == -1)
-        stbuf->st_mode &= ~0111;
+    /* Check that we can really do what we promise if --realistic-permissions was given */
+    if (settings.realistic_permissions) {
+        if (access(procpath, R_OK) == -1)
+            stbuf->st_mode &= ~0444;
+        if (access(procpath, W_OK) == -1)
+            stbuf->st_mode &= ~0222;
+        if (access(procpath, X_OK) == -1)
+            stbuf->st_mode &= ~0111;
+    }
 
     /* Hide hard links */
     if (settings.hide_hard_links)
@@ -944,7 +947,8 @@ static void print_usage(const char *progname)
            "  --xattr-ro                Read-only xattr operations.\n"
            "  --xattr-rw                Read-write xattr operations (the default).\n"
            "\n"
-           "Workarounds:\n"
+           "Miscellaneous:\n"
+           "  --realistic-permissions   Hide permission bits for actions mounter can't do.\n"
            "  --ctime-from-mtime        Read file properties' change time\n"
            "                            from file content modification time.\n"
            "  --hide-hard-links         Always report a hard link count of 1.\n"
@@ -994,6 +998,7 @@ enum OptionKey {
     OPTKEY_XATTR_NONE,
     OPTKEY_XATTR_READ_ONLY,
     OPTKEY_XATTR_READ_WRITE,
+    OPTKEY_REALISTIC_PERMISSIONS,
     OPTKEY_CTIME_FROM_MTIME,
     OPTKEY_HIDE_HARD_LINKS
 };
@@ -1067,10 +1072,12 @@ static int process_option(void *data, const char *arg, int key,
         settings.xattr_policy = XATTR_READ_WRITE;
         return 0;
 
+    case OPTKEY_REALISTIC_PERMISSIONS:
+        settings.realistic_permissions = 1;
+        return 0;
     case OPTKEY_CTIME_FROM_MTIME:
         settings.ctime_from_mtime = 1;
         return 0;
-
     case OPTKEY_HIDE_HARD_LINKS:
         settings.hide_hard_links = 1;
         return 0;
@@ -1148,6 +1155,7 @@ int main(int argc, char *argv[])
         OPT2("--xattr-none", "xattr-none", OPTKEY_XATTR_NONE),
         OPT2("--xattr-ro", "xattr-ro", OPTKEY_XATTR_READ_ONLY),
         OPT2("--xattr-rw", "xattr-rw", OPTKEY_XATTR_READ_WRITE),
+        OPT2("--realistic-permissions", "realistic-permissions", OPTKEY_REALISTIC_PERMISSIONS),
         OPT2("--ctime-from-mtime", "ctime-from-mtime", OPTKEY_CTIME_FROM_MTIME),
         OPT2("--hide-hard-links", "hide-hard-links", OPTKEY_HIDE_HARD_LINKS),
         FUSE_OPT_END
@@ -1181,6 +1189,7 @@ int main(int argc, char *argv[])
     settings.num_mirrored_users = 0;
     settings.mirrored_members = NULL;
     settings.num_mirrored_members = 0;
+    settings.realistic_permissions = 0;
     settings.ctime_from_mtime = 0;
     settings.hide_hard_links = 0;
     atexit(&atexit_func);
diff --git a/tests/common.rb b/tests/common.rb
index b7ce79f..dc77ddf 100755
--- a/tests/common.rb
+++ b/tests/common.rb
@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 #
-#   Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com>
+#   Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com>
 #
 #   This file is part of bindfs.
 #
@@ -31,15 +31,17 @@ TESTDIR_NAME = 'tmp_test_bindfs'
 $only_these_tests = nil
 
 # Prepares a test environment with a mounted directory
-def testenv(bindfs_args, &block)
+def testenv(bindfs_args, options = {}, &block)
 
+    options = {
+        :title => bindfs_args
+    }.merge(options)
+  
     # todo: less repetitive and more careful error handling and cleanup
 
-    testcase_title = bindfs_args
+    return unless $only_these_tests == nil or $only_these_tests.member? options[:title]
 
-    return unless $only_these_tests == nil or $only_these_tests.member? testcase_title
-
-    puts "--- #{testcase_title} ---"
+    puts "--- #{options[:title]} ---"
     puts "[  #{bindfs_args}  ]"
 
     begin
@@ -94,7 +96,7 @@ def testenv(bindfs_args, &block)
     begin
         yield
     rescue Exception => ex
-        $stderr.puts "ERROR: testcase `#{testcase_title}' failed"
+        $stderr.puts "ERROR: testcase `#{options[:title]}' failed"
         $stderr.puts ex
         $stderr.puts ex.backtrace
         testcase_ok = false
diff --git a/tests/test_bindfs.rb b/tests/test_bindfs.rb
index ea2e7e2..f184880 100755
--- a/tests/test_bindfs.rb
+++ b/tests/test_bindfs.rb
@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 #
-#   Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com>
+#   Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com>
 #
 #   This file is part of bindfs.
 #
@@ -80,6 +80,23 @@ testenv("--create-with-perms=og=r:ogd+x") do
     assert { File.stat('mnt/dir').mode & 0077 == 0055 }
 end
 
+testenv("-p 0777 --realistic-permissions", :title => '--realistic-permissions') do
+    touch('src/noexecfile')
+    touch('src/execfile')
+    chmod(0600, 'src/noexecfile')
+    chmod(0700, 'src/execfile')
+    
+    assert { File.stat('mnt/noexecfile').mode & 0777 == 0666 }
+    assert { File.stat('mnt/execfile').mode & 0777 == 0777 }
+end
+
+testenv("-p 0777", :title => '--realistic-permissions not the default') do
+    touch('src/noexecfile')
+    chmod(0600, 'src/noexecfile')
+    
+    assert { File.stat('mnt/noexecfile').mode & 0777 == 0777 }
+end
+
 testenv("--ctime-from-mtime") do
     sf = 'src/file'
     mf = 'mnt/file'