Am 07.10.2013 18:24, schrieb Michael Biebl: > Am 07.10.2013 17:55, schrieb Josselin Mouette: >> Le lundi 07 octobre 2013 à 17:22 +0200, Laurent Bigonville a écrit : >>> It would be nice if gvfs-fuse was working out of the box. >>> >>> Currently 2 things are blocking this: >>> >>> - The /dev/fuse being owned by root:fuse with 0660 permissions >>> - /bin/fusermount being owned by root:fuse with 4750 permission >>> >>> If this matter, upstream udev rule is creating /dev/fuse with >>> permissions 0666 (owned by root:root) and upstream Makefile is >>> installing /bin/fusermount with 4755 permission (owned by root:root >>> again) >>> >>> The correct ways of doing things here still probably need to be >>> discussed. >> >> An easy way to do that without lowering too much security is to >> make /usr/lib/gvfs/gvfs-fuse-daemon 2755 root:fuse. This way only gvfs >> could use the fuse capabilities. > > just some minor correction here: the daemon is called > /usr/lib/gvfs/gvfsd-fuse > >> Another possibility is to make /dev/fuse managed by udev-acl, but this >> doesn’t solve the fusermount issue (it would require hiding it behind a >> D-Bus service to do things properly). > > Splitting /usr/lib/gvfs/gvfsd-fuse into a user part and a D-Bus system > service (which does the privileged mounting) is definitely more work. If > we go that route, we don't need the udev-acl/uaccess permissions for > /dev/fuse.
The following worked for me: 1/ sudo chown root:fuse /usr/lib/gvfs/gvfsd-fuse 2/ sudo chmod 2755 /usr/lib/gvfs/gvfsd-fuse 3/ echo 'KERNEL=="fuse", TAG+="uaccess"' > /etc/udev/rules.d/61-fuse-permissions.rules Without 3/, I got a permission denied error from fusermount: $ /usr/lib/gvfs/gvfsd-fuse -d -f /run/user/1000/gvfs-fuse/ fusermount: failed to open /dev/fuse: Permission denied -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
