From: Simeon B. <bl...@gm...> - 2013-09-07 21:02:42
|
Hi, I have noticed that the access syscall, if executed on sshfs mounts, always seems to return 0 (ie, "permission allowed"), even if I do not actually have the required permissions. I am using sshfs 2.4 and fuse 2.9.3. This was my test program: #include <unistd.h> #include <stdio.h> int main() { int read = access("some_file",R_OK); int write = access("some_file",W_OK); int exec = access("some_file",X_OK); printf("executable: %d %d %d\n",read, write, exec); return 0; } where some_file had previously had "chmod 0" done to it. I notice also that man 2 access states: "access() may not work correctly on NFS file systems with UID mapping enabled, because UID mapping is done on the server and hidden from the client, which checks permissions. Similar problems can occur to FUSE mounts." However, access returns 0 whether uid mapping is enabled or disabled, and even if it is enabled in such a way that I cannot read the directory the tested file is in. Is this a bug in sshfs, or is using access at all frowned upon? The reason I care is that Qt seems to use access to check some permissions of a file. kdelibs saves files by creating a temporary file, writing to it, copying, using qt, the old file's permissions, and then renaming the new file on top of the old. The end result is that the saved file will go from mode 600 to mode 700, which I would rather it didn't, so I'm trying to work out if this is a bug in Qt or sshfs. Thanks, Simeon |
From: Miklos S. <mi...@sz...> - 2013-09-23 12:16:48
|
On Sat, Sep 7, 2013 at 11:02 PM, Simeon Bird <bl...@gm...> wrote: > Hi, > > I have noticed that the access syscall, if executed on sshfs mounts, > always seems to return 0 (ie, "permission allowed"), even if I do not > actually have the required permissions. I am using sshfs 2.4 and fuse 2.9.3. > > This was my test program: > > #include <unistd.h> > #include <stdio.h> > > int main() > { > int read = access("some_file",R_OK); > int write = access("some_file",W_OK); > int exec = access("some_file",X_OK); > printf("executable: %d %d %d\n",read, write, exec); > return 0; > } > > where some_file had previously had "chmod 0" done to it. > > I notice also that man 2 access states: > > "access() may not work correctly on NFS file systems with UID mapping > enabled, because UID mapping is done on the server and hidden from > the client, which checks permissions. Similar problems can occur to > FUSE mounts." > > However, access returns 0 whether uid mapping is enabled or disabled, > and even if it is enabled in such a way that I cannot read the directory > the tested file is in. > > Is this a bug in sshfs, or is using access at all frowned upon? > > The reason I care is that Qt seems to use access to check some > permissions of a file. kdelibs saves files by creating a temporary file, > writing to it, copying, using qt, the old file's permissions, and then > renaming the new file on top of the old. The end result is that the > saved file will go from mode 600 to mode 700, which I would rather it > didn't, so I'm trying to work out if this is a bug in Qt or sshfs. There's no "access" call in the SFTP, the protocol. So the best we can do currently is always return success from access(). Thanks, Miklos |
From: Simeon B. <bl...@gm...> - 2013-10-06 16:13:43
|
>> However, access returns 0 whether uid mapping is enabled or disabled, >> and even if it is enabled in such a way that I cannot read the directory >> the tested file is in. >> >> Is this a bug in sshfs, or is using access at all frowned upon? >> >> The reason I care is that Qt seems to use access to check some >> permissions of a file. kdelibs saves files by creating a temporary file, >> writing to it, copying, using qt, the old file's permissions, and then >> renaming the new file on top of the old. The end result is that the >> saved file will go from mode 600 to mode 700, which I would rather it >> didn't, so I'm trying to work out if this is a bug in Qt or sshfs. > > There's no "access" call in the SFTP, the protocol. So the best we > can do currently is always return success from access(). Is it not possible to emulate it somehow? eg, access(file, R_OK) returns posix read permissions anded with am_i_owner(), am_i_in_group() or similar. Or even just try to open the file? I guess I'm missing some reason why this is not allowed? Simeon |
From: Miklos S. <mi...@sz...> - 2013-10-08 13:19:46
|
On Sun, Oct 6, 2013 at 6:13 PM, Simeon Bird <bl...@gm...> wrote: >>> However, access returns 0 whether uid mapping is enabled or disabled, >>> and even if it is enabled in such a way that I cannot read the directory >>> the tested file is in. >>> >>> Is this a bug in sshfs, or is using access at all frowned upon? >>> >>> The reason I care is that Qt seems to use access to check some >>> permissions of a file. kdelibs saves files by creating a temporary file, >>> writing to it, copying, using qt, the old file's permissions, and then >>> renaming the new file on top of the old. The end result is that the >>> saved file will go from mode 600 to mode 700, which I would rather it >>> didn't, so I'm trying to work out if this is a bug in Qt or sshfs. >> >> There's no "access" call in the SFTP, the protocol. So the best we >> can do currently is always return success from access(). > > Is it not possible to emulate it somehow? eg, access(file, R_OK) returns > posix read permissions anded with am_i_owner(), am_i_in_group() or > similar. Or even just try to open the file? I guess I'm missing some > reason why this is not allowed? You could try: sshfs -oidmap=user,default_permissions ... or if that doesn't work then grabb /etc/passwd and /etc/group from the remote and use -oidmap=file,uidfile=passwd,gidfile=group,default_permissions ... Thanks, Miklos |
From: Simeon B. <bl...@gm...> - 2013-10-12 14:54:15
|
On 08/10/13 09:19, Miklos Szeredi wrote: > On Sun, Oct 6, 2013 at 6:13 PM, Simeon Bird <bl...@gm...> wrote: >>>> However, access returns 0 whether uid mapping is enabled or disabled, >>>> and even if it is enabled in such a way that I cannot read the directory >>>> the tested file is in. >>>> >>>> Is this a bug in sshfs, or is using access at all frowned upon? >>>> >>>> The reason I care is that Qt seems to use access to check some >>>> permissions of a file. kdelibs saves files by creating a temporary file, >>>> writing to it, copying, using qt, the old file's permissions, and then >>>> renaming the new file on top of the old. The end result is that the >>>> saved file will go from mode 600 to mode 700, which I would rather it >>>> didn't, so I'm trying to work out if this is a bug in Qt or sshfs. >>> >>> There's no "access" call in the SFTP, the protocol. So the best we >>> can do currently is always return success from access(). >> >> Is it not possible to emulate it somehow? eg, access(file, R_OK) returns >> posix read permissions anded with am_i_owner(), am_i_in_group() or >> similar. Or even just try to open the file? I guess I'm missing some >> reason why this is not allowed? > > You could try: > > sshfs -oidmap=user,default_permissions ... > > or if that doesn't work then grabb /etc/passwd and /etc/group from the > remote and use -oidmap=file,uidfile=passwd,gidfile=group,default_permissions Thanks - default_permissions fixed it. Simeon |