[Bug 216391] [fusefs] fs mounted with option default_permission + allow_other not doing permission check as expected

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jan 23 03:13:44 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216391

            Bug ID: 216391
           Summary: [fusefs] fs mounted with option default_permission +
                    allow_other not doing permission check as expected
           Product: Base System
           Version: 11.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: hiyorin at gmail.com

## Environment
# uname -a
FreeBSD bsd_test 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29
01:43:23 UTC 2016 root at releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
amd64

Tested on both real hardware and a VirtualBox VM. The VM is a fresh install of
default FreeBSD 11.

## Description
According to manual of mount.fuse, mounted filesystem with option
"default_permission" should let the OS to do file permission checking using the
file mode and "allow_other" should allow access of mounted data by other user.

However it seems the permission check is not working as expected on FreeBSD. I
have tried to reproduce it on CentOS7 and it works as expected. 

Note: unionfs is used in How-To-Repeat section as an example only. I also tried
encfs and it has the same problem too. Since both of unionfs and encfs seems
not implemented any of permission check by itself. I believe it is the problem
in the fuse implementation of FreeBSD.


## How-To-Repeat
=> as root user
# cd /_test
# mkdir a
# mkdir b
# echo "1" > a/1
# echo "2" > a/2
# chmod 600 a/1
# mkdir u
# unionfs -o default_permissions,allow_other a=RW:b=RO u
# ll u
total 8
-rw-------  1 root  wheel  2 Jan 18 21:23 1
-rw-r--r--  1 root  wheel  2 Jan 18 21:23 2
# cat a/1
1

# Problem
=> as normal user
% cd /_test
% cat a/1
cat: a/1: Permission denied
% cat u/1
1

# Expected
=> as normal user
% cd /_test
% cat a/1
cat: a/1: Permission denied
% cat u/1
cat: u/1: Permission denied

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list