On Thu, Sep 12, 2019 at 6:59 AM Chakra Divi <chakragithub@xxxxxxxxx> wrote: > > Hi Miklos, > > On Wed, Sep 11, 2019 at 5:05 PM Miklos Szeredi <miklos@xxxxxxxxxx> wrote: >> >> On Wed, Sep 11, 2019 at 12:15 PM Chakra Divi <chakragithub@xxxxxxxxx> wrote: >> > >> > In current code in fuse write request current_fsuid is sent, >> > however this creates an issue in sudo execution context. >> > Changes to consider uid and gid from file struture pointer >> > that is created as part of open file instead of current_fsuid,gid >> > >> > Steps to reproduce the issue: >> > 1) create user1 and user2 >> > 2) create a file1 with user1 on fusemount >> > 3) change the file1 permissions to 600 >> > 4) execute the following command >> > user1@linux# sudo -u user2 whoami >> /fusemnt/file1 >> > Here write fails with permission denied error >> >> Not sure what's the issue here. If filesystem wants to check open >> creds, it should do so with the creds sent at open. >> >> Does that solve your problem? >> > > Are you saying that our filesystem should store the credentials in open call, ignore the credentials in write request and use open credentials instead Yes. And even that would be dubious in case of mmap-ed writes or with FUSE_WRITEBACK_CACHE because the information about which open file instance received the modification is lost. So generally credential checking on writeback is useless. Not sure what NFS does, because there's no way to get around those rules. Thanks, Miklos
