forked from TrueCloudLab/restic
Merge pull request 2017 from kylewlacy/fuse_default_permissions_option
mount: Add default-permissions flag to set FUSE option
This commit is contained in:
commit
2996c110f1
2 changed files with 25 additions and 7 deletions
11
changelog/unreleased/pull-2017
Normal file
11
changelog/unreleased/pull-2017
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
Enhancement: mount: Enforce FUSE Unix permissions with allow-other
|
||||||
|
|
||||||
|
The fuse mount (`restic mount`) now lets the kernel check the permissions of
|
||||||
|
the files within snapshots (this is done through the `DefaultPermissions` FUSE
|
||||||
|
option) when the option `--allow-other` is specified.
|
||||||
|
|
||||||
|
To restore the old behavior, we've added the `--no-default-permissions` option.
|
||||||
|
This allows all users that have access to the mount point to access all
|
||||||
|
files within the snapshots.
|
||||||
|
|
||||||
|
https://github.com/restic/restic/pull/2017
|
|
@ -56,6 +56,7 @@ type MountOptions struct {
|
||||||
OwnerRoot bool
|
OwnerRoot bool
|
||||||
AllowRoot bool
|
AllowRoot bool
|
||||||
AllowOther bool
|
AllowOther bool
|
||||||
|
NoDefaultPermissions bool
|
||||||
Host string
|
Host string
|
||||||
Tags restic.TagLists
|
Tags restic.TagLists
|
||||||
Paths []string
|
Paths []string
|
||||||
|
@ -71,6 +72,7 @@ func init() {
|
||||||
mountFlags.BoolVar(&mountOptions.OwnerRoot, "owner-root", false, "use 'root' as the owner of files and dirs")
|
mountFlags.BoolVar(&mountOptions.OwnerRoot, "owner-root", false, "use 'root' as the owner of files and dirs")
|
||||||
mountFlags.BoolVar(&mountOptions.AllowRoot, "allow-root", false, "allow root user to access the data in the mounted directory")
|
mountFlags.BoolVar(&mountOptions.AllowRoot, "allow-root", false, "allow root user to access the data in the mounted directory")
|
||||||
mountFlags.BoolVar(&mountOptions.AllowOther, "allow-other", false, "allow other users to access the data in the mounted directory")
|
mountFlags.BoolVar(&mountOptions.AllowOther, "allow-other", false, "allow other users to access the data in the mounted directory")
|
||||||
|
mountFlags.BoolVar(&mountOptions.NoDefaultPermissions, "no-default-permissions", false, "for 'allow-other', ignore Unix permissions and allow users to read all snapshot files")
|
||||||
|
|
||||||
mountFlags.StringVarP(&mountOptions.Host, "host", "H", "", `only consider snapshots for this host`)
|
mountFlags.StringVarP(&mountOptions.Host, "host", "H", "", `only consider snapshots for this host`)
|
||||||
mountFlags.Var(&mountOptions.Tags, "tag", "only consider snapshots which include this `taglist`")
|
mountFlags.Var(&mountOptions.Tags, "tag", "only consider snapshots which include this `taglist`")
|
||||||
|
@ -118,6 +120,11 @@ func mount(opts MountOptions, gopts GlobalOptions, mountpoint string) error {
|
||||||
|
|
||||||
if opts.AllowOther {
|
if opts.AllowOther {
|
||||||
mountOptions = append(mountOptions, systemFuse.AllowOther())
|
mountOptions = append(mountOptions, systemFuse.AllowOther())
|
||||||
|
|
||||||
|
// let the kernel check permissions unless it is explicitly disabled
|
||||||
|
if !opts.NoDefaultPermissions {
|
||||||
|
mountOptions = append(mountOptions, systemFuse.DefaultPermissions())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
c, err := systemFuse.Mount(mountpoint, mountOptions...)
|
c, err := systemFuse.Mount(mountpoint, mountOptions...)
|
||||||
|
|
Loading…
Reference in a new issue