From: Orac <mj...@ab...> - 2006-10-18 08:01:08
|
Hi Miklos. This is a feature which I implemented into fuse a while ago, but which occurs to me might be useful to put up for discussion/inclusion here. Basically, what I implemented was a service-style mount, where a service user-id creates and owns the mount and the mount-point and is therefore also the only one who can unmount it. However data access rights are set at creation to an alternate user-id. This allows the security of the single-user access that fuse gives whilst separating the mount owner from the mount user. It's a fairly simple addition, but I found it very useful in not compromising the security of a system whilst allowing the services to build mounts for users. If the idea interests you, I can post here the small amount of code I used to implement this. Matthew. |