fuser icon indicating copy to clipboard operation
fuser copied to clipboard

Published 20 hours ago verified publisher icon cberner

Why auto_unmount must be used with allow_other or allow_root?

Open publicqi opened this issue 2 years ago • 5 comments

In 0009aa184b9c91fbeacb6f364d28571192af70ae this code was added:

        let (file, mount) = Mount::new(mountpoint, options)?;
        // If AutoUnmount is requested, but not AllowRoot or AllowOther we enforce the ACL
        // ourself and implicitly set AllowOther because fusermount needs allow_root or allow_other
        // to handle the auto_unmount option
        let (file, mount) = if options.contains(&MountOption::AutoUnmount)
            && !(options.contains(&MountOption::AllowRoot)
                || options.contains(&MountOption::AllowOther))
        {
            let mut modified_options = options.to_vec();
            modified_options.push(MountOption::AllowOther);
            Mount::new(mountpoint, &modified_options)?
        } else {
            Mount::new(mountpoint, options)?
        };

Previously with fuser==0.7.0, my code with the only option MountOption::AutoUnmount runs well. When I updated it to fuser=0.12.0, it will add a MountOption::AllowOther, and since my /etc/fuse.conf doesn't allow that, it cannot mount.

In https://github.com/libfuse/libfuse/blob/master/util/fusermount.c#L774, I don't see why auto_unmount must be used with allow_other or allow_root.

publicqi avatar Feb 21 '23 14:02 publicqi

Did you check that your code worked (properly unmounted the mountpoint on exit) with 0.7 even when not run as root? The description of that commit describes why I changed it: it would silently fail when it didn't have permission

cberner avatar Feb 21 '23 16:02 cberner

When my program exits, sudo mount -l does not show the mountpoint so I guess it's properly exited?

I also noticed that fusermount is a suid that runs as root. I'm not sure if this is universal, but I checked on 3 machines and they all are suid so they should have the permission to unmount.

publicqi avatar Feb 21 '23 16:02 publicqi

Same here, I tested it with fuser==0.12.0, even HEAD 39d4177e809c7ee3b6757136fee8a28d5f41f040, commenting that line https://github.com/cberner/fuser/blob/master/src/session.rs#L81 seems to work fine, it gets properly unmounted as far as I can tell.

sirloon avatar Jun 05 '23 23:06 sirloon

I suspect different distros might have different behaviors (because of capabilities maybe)? I tested on Debian and Ubuntu and they unmounted fine, but I'm not sure for other distributions.

publicqi avatar Jun 05 '23 23:06 publicqi

I can confirm that filesystems aren't getting unmounted on exit on OSX.

inferiorhumanorgans avatar Sep 03 '23 07:09 inferiorhumanorgans