diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | src/bindfs.1 | 12 | ||||
| -rw-r--r-- | src/bindfs.c | 31 | ||||
| -rwxr-xr-x | tests/common.rb | 16 | ||||
| -rwxr-xr-x | tests/test_bindfs.rb | 19 |
5 files changed, 60 insertions, 20 deletions
@@ -1,6 +1,8 @@ 2012-01-24 Martin Pärtel <martin dot partel at gmail dot com> * Added --hide-hard-links. + * Moved some questionable default behavior to new + option --realistic-permissions. 2010-08-07 Martin Pärtel <martin dot partel at gmail dot com> diff --git a/src/bindfs.1 b/src/bindfs.1 index d92c55d..0f91a39 100644 --- a/src/bindfs.1 +++ b/src/bindfs.1 @@ -196,7 +196,17 @@ The read/write permissions are checked against the (possibly modified) file permissions inside the mount. -.SH MISCELLANEOUS WORKAROUNDS +.SH MISCELLANEOUS OPTIONS + +.TP +.B \-\-realistic\-permissions, \-o realistic\-permissions +Hides read/write/execute permissions for a mirrored file when the mounter +doesn't have read/write/execute access to the underlying file. +Useless when mounting as root, since root will always have full access. + +(Prior to version 1.10 this option was the default behavior. +I felt it violated the principle of least surprise badly enough +to warrant a small break in backwards-compatibility.) .TP .B \-\-ctime\-from-mtime, \-o ctime\-from\-mtime diff --git a/src/bindfs.c b/src/bindfs.c index f68c412..ffefdbb 100644 --- a/src/bindfs.c +++ b/src/bindfs.c @@ -1,5 +1,5 @@ /* - Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com> + Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com> This file is part of bindfs. @@ -117,8 +117,9 @@ static struct settings { gid_t *mirrored_members; int num_mirrored_members; - int ctime_from_mtime; + int realistic_permissions; + int ctime_from_mtime; int hide_hard_links; } settings; @@ -251,13 +252,15 @@ static int getattr_common(const char *procpath, struct stat *stbuf) /* Apply user-defined permission bit modifications */ stbuf->st_mode = permchain_apply(settings.permchain, stbuf->st_mode); - /* Check that we can really do what we promise */ - if (access(procpath, R_OK) == -1) - stbuf->st_mode &= ~0444; - if (access(procpath, W_OK) == -1) - stbuf->st_mode &= ~0222; - if (access(procpath, X_OK) == -1) - stbuf->st_mode &= ~0111; + /* Check that we can really do what we promise if --realistic-permissions was given */ + if (settings.realistic_permissions) { + if (access(procpath, R_OK) == -1) + stbuf->st_mode &= ~0444; + if (access(procpath, W_OK) == -1) + stbuf->st_mode &= ~0222; + if (access(procpath, X_OK) == -1) + stbuf->st_mode &= ~0111; + } /* Hide hard links */ if (settings.hide_hard_links) @@ -944,7 +947,8 @@ static void print_usage(const char *progname) " --xattr-ro Read-only xattr operations.\n" " --xattr-rw Read-write xattr operations (the default).\n" "\n" - "Workarounds:\n" + "Miscellaneous:\n" + " --realistic-permissions Hide permission bits for actions mounter can't do.\n" " --ctime-from-mtime Read file properties' change time\n" " from file content modification time.\n" " --hide-hard-links Always report a hard link count of 1.\n" @@ -994,6 +998,7 @@ enum OptionKey { OPTKEY_XATTR_NONE, OPTKEY_XATTR_READ_ONLY, OPTKEY_XATTR_READ_WRITE, + OPTKEY_REALISTIC_PERMISSIONS, OPTKEY_CTIME_FROM_MTIME, OPTKEY_HIDE_HARD_LINKS }; @@ -1067,10 +1072,12 @@ static int process_option(void *data, const char *arg, int key, settings.xattr_policy = XATTR_READ_WRITE; return 0; + case OPTKEY_REALISTIC_PERMISSIONS: + settings.realistic_permissions = 1; + return 0; case OPTKEY_CTIME_FROM_MTIME: settings.ctime_from_mtime = 1; return 0; - case OPTKEY_HIDE_HARD_LINKS: settings.hide_hard_links = 1; return 0; @@ -1148,6 +1155,7 @@ int main(int argc, char *argv[]) OPT2("--xattr-none", "xattr-none", OPTKEY_XATTR_NONE), OPT2("--xattr-ro", "xattr-ro", OPTKEY_XATTR_READ_ONLY), OPT2("--xattr-rw", "xattr-rw", OPTKEY_XATTR_READ_WRITE), + OPT2("--realistic-permissions", "realistic-permissions", OPTKEY_REALISTIC_PERMISSIONS), OPT2("--ctime-from-mtime", "ctime-from-mtime", OPTKEY_CTIME_FROM_MTIME), OPT2("--hide-hard-links", "hide-hard-links", OPTKEY_HIDE_HARD_LINKS), FUSE_OPT_END @@ -1181,6 +1189,7 @@ int main(int argc, char *argv[]) settings.num_mirrored_users = 0; settings.mirrored_members = NULL; settings.num_mirrored_members = 0; + settings.realistic_permissions = 0; settings.ctime_from_mtime = 0; settings.hide_hard_links = 0; atexit(&atexit_func); diff --git a/tests/common.rb b/tests/common.rb index b7ce79f..dc77ddf 100755 --- a/tests/common.rb +++ b/tests/common.rb @@ -1,6 +1,6 @@ #!/usr/bin/env ruby # -# Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com> +# Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com> # # This file is part of bindfs. # @@ -31,15 +31,17 @@ TESTDIR_NAME = 'tmp_test_bindfs' $only_these_tests = nil # Prepares a test environment with a mounted directory -def testenv(bindfs_args, &block) +def testenv(bindfs_args, options = {}, &block) + options = { + :title => bindfs_args + }.merge(options) + # todo: less repetitive and more careful error handling and cleanup - testcase_title = bindfs_args + return unless $only_these_tests == nil or $only_these_tests.member? options[:title] - return unless $only_these_tests == nil or $only_these_tests.member? testcase_title - - puts "--- #{testcase_title} ---" + puts "--- #{options[:title]} ---" puts "[ #{bindfs_args} ]" begin @@ -94,7 +96,7 @@ def testenv(bindfs_args, &block) begin yield rescue Exception => ex - $stderr.puts "ERROR: testcase `#{testcase_title}' failed" + $stderr.puts "ERROR: testcase `#{options[:title]}' failed" $stderr.puts ex $stderr.puts ex.backtrace testcase_ok = false diff --git a/tests/test_bindfs.rb b/tests/test_bindfs.rb index ea2e7e2..f184880 100755 --- a/tests/test_bindfs.rb +++ b/tests/test_bindfs.rb @@ -1,6 +1,6 @@ #!/usr/bin/env ruby # -# Copyright 2006,2007,2008,2009,2010 Martin Pärtel <martin.partel@gmail.com> +# Copyright 2006,2007,2008,2009,2010,2012 Martin Pärtel <martin.partel@gmail.com> # # This file is part of bindfs. # @@ -80,6 +80,23 @@ testenv("--create-with-perms=og=r:ogd+x") do assert { File.stat('mnt/dir').mode & 0077 == 0055 } end +testenv("-p 0777 --realistic-permissions", :title => '--realistic-permissions') do + touch('src/noexecfile') + touch('src/execfile') + chmod(0600, 'src/noexecfile') + chmod(0700, 'src/execfile') + + assert { File.stat('mnt/noexecfile').mode & 0777 == 0666 } + assert { File.stat('mnt/execfile').mode & 0777 == 0777 } +end + +testenv("-p 0777", :title => '--realistic-permissions not the default') do + touch('src/noexecfile') + chmod(0600, 'src/noexecfile') + + assert { File.stat('mnt/noexecfile').mode & 0777 == 0777 } +end + testenv("--ctime-from-mtime") do sf = 'src/file' mf = 'mnt/file' |