Le lundi 07 octobre 2013 à 17:22 +0200, Laurent Bigonville a écrit : > It would be nice if gvfs-fuse was working out of the box. > > Currently 2 things are blocking this: > > - The /dev/fuse being owned by root:fuse with 0660 permissions > - /bin/fusermount being owned by root:fuse with 4750 permission > > If this matter, upstream udev rule is creating /dev/fuse with > permissions 0666 (owned by root:root) and upstream Makefile is > installing /bin/fusermount with 4755 permission (owned by root:root > again) > > The correct ways of doing things here still probably need to be > discussed.
An easy way to do that without lowering too much security is to make /usr/lib/gvfs/gvfs-fuse-daemon 2755 root:fuse. This way only gvfs could use the fuse capabilities. Another possibility is to make /dev/fuse managed by udev-acl, but this doesn’t solve the fusermount issue (it would require hiding it behind a D-Bus service to do things properly). Cheers, -- .''`. Josselin Mouette : :' : `. `' `- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
