octoleo/restic
2
2
Fork 0
mirror of https://github.com/octoleo/restic.git synced 2024-11-26 06:46:34 +00:00
Code Issues Releases Wiki Activity

mount: Turn on DefaultPermissions for --allow-other`

Browse Source 
This commit changes the logic slightly: checking the permissions in the
fuse mount when nobody else besides the current user can access the fuse
mount does not sense. The current user has access to the repo files in
addition to the password, so they can access all data regardless of what
the fuse mount does.

Enabling `--allow-root` allows the root user to access the files in the
fuse mount, for this user no permission checks will be done anyway.

The code now enables `DefaultPermissions` automatically when
`--allow-other` is set, it can be disabled with
`--no-default-permissions` to restore the old behavior.
This commit is contained in:
Alexander Neumann 2019-01-06 20:55:49 +01:00
parent d4ff5b6bf4
commit 830511460a
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
changelog/unreleased/pull-2017
View File

@ -1,12 +1,11 @@
Enhancement: mount: Enforce FUSE Unix permissions by default
Enhancement: mount: Enforce FUSE Unix permissions with allow-other
By default, `mount` will now respect the Unix permissions of the files within
snapshots (this is done through the "DefaultPermissions" FUSE option).
The fuse mount (`restic mount`) now lets the kernel check the permissions of
the files within snapshots (this is done through the `DefaultPermissions` FUSE
option) when the option `--allow-other` is specified.
To restore the old behavior, we've added the `--no-default-permissions` option.
This allows alll users that have access to the mountpoint to access all
files within the snapshots. Normal FUSE rules apply, so `--allow-root`
or `--allow-other` can be used to allow users besides the mounting user to
access the mountpoint.
This allows all users that have access to the mount point to access all
files within the snapshots.
https://github.com/restic/restic/pull/2017

3
cmd/restic/cmd_mount.go
View File

@ -120,11 +120,12 @@ func mount(opts MountOptions, gopts GlobalOptions, mountpoint string) error {
if opts.AllowOther {
mountOptions = append(mountOptions, systemFuse.AllowOther())
}
// let the kernel check permissions unless it is explicitly disabled
if !opts.NoDefaultPermissions {
mountOptions = append(mountOptions, systemFuse.DefaultPermissions())
}
}
c, err := systemFuse.Mount(mountpoint, mountOptions...)
if err != nil {