wcfs: Add 'allowother' flag to improve support for multi-user deployments
Hello Kirill,
I want to open this MR so that we don't forget about this patch. In its current version, it comes without any test. I have two ideas about adding tests:
- Very simply only testing that WCFS starts ok when setting
allow_othersflag. - Testing if another user can access WCFS.
Idea 2. is more comprehensive and would actually test if the flag is effective, but it also needs increased capacities of WCFS binary to succeed and seems to be outside the scope of the 'allow-others' - patch.
Idea 1. seems to be straight-forward, but even here we'd need to add user_allow_other to /etc/fuse (or run WCFS in tests as root) in order to make the test succeed.
All of these options (running WCFS as root or, running tests as root, or expecting environment where '/etc' has been edited before running tests) don't look very good to me.
Is there any other possibility that I'm missing here?
Best, Levin
By default, FUSE prohibits file access [1] by users other than the one that mounted the file system. This is a security feature. In order to use WCFS in multi-user deployments, where other users need to access WCFS, we therefore need to explicitly set the 'allow_other' FUSE option. This patch allows setting this option with a new WCFS flag. Besides setting the flag, it's necessary to add 'user_allow_other' to '/etc/fuse.conf'. Otherwise the flag is effectless.
[1] See 'allow_other' option at https://www.kernel.org/doc/html/latest/filesystems/fuse.html