Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
W wendelin.core
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1
    • Issues 1
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge requests 4
    • Merge requests 4
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI/CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • nexedi
  • wendelin.core
  • Merge requests
  • !34

Open
Created Nov 26, 2024 by Levin Zimmermann@levin.zimmermannMaintainer
  • Report abuse
Report abuse

wcfs: Add 'allowother' flag to improve support for multi-user deployments

  • Overview 3
  • Commits 1
  • Changes 1

Hello Kirill,

I want to open this MR so that we don't forget about this patch. In its current version, it comes without any test. I have two ideas about adding tests:

  1. Very simply only testing that WCFS starts ok when setting allow_others flag.
  2. Testing if another user can access WCFS.

Idea 2. is more comprehensive and would actually test if the flag is effective, but it also needs increased capacities of WCFS binary to succeed and seems to be outside the scope of the 'allow-others' - patch.

Idea 1. seems to be straight-forward, but even here we'd need to add user_allow_other to /etc/fuse (or run WCFS in tests as root) in order to make the test succeed. All of these options (running WCFS as root or, running tests as root, or expecting environment where '/etc' has been edited before running tests) don't look very good to me. Is there any other possibility that I'm missing here?

Best, Levin


By default, FUSE prohibits file access [1] by users other than the one that mounted the file system. This is a security feature. In order to use WCFS in multi-user deployments, where other users need to access WCFS, we therefore need to explicitly set the 'allow_other' FUSE option. This patch allows setting this option with a new WCFS flag. Besides setting the flag, it's necessary to add 'user_allow_other' to '/etc/fuse.conf'. Otherwise the flag is effectless.

[1] See 'allow_other' option at https://www.kernel.org/doc/html/latest/filesystems/fuse.html

Assignee
Assign to
Reviewer
Request review from
None
Milestone
None
Assign milestone
Time tracking
Source branch: add-allow-other-flag
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7