I am writing a networked file server which will be accessed through a FS ru=
nning on FUSE. In this case, it is the server who needs to perform the acc=
ess control and I am not sure what would be the best way to handle this.
- I was assuming that before every system call the FUSE access() method wil=
l get called with the appropriate mode flags. I can then simply forward thi=
s request (With the appropriate uid/gid) to the server and perform necessar=
y permission checking at the server. I did some quick tests and it looks li=
ke the FUSE access() method is not getting called at all. I am using FUSE 2=
.5.3 and linux 2.6.13-15. I am not using the default_permissions flag. I am=
using some wrong version, or is my assumption wrong?=20
- Without the access method I am not sure what would be the best place to p=
erform access checks. I guess I can just call my FS access() method from ea=
ch of the FS system call handlers, i.e., from my_read() I can call my_acces=
s(path, 4). But then I won't be able to check for execute permissions.
- My third question is somewhat related to UNIX permission checks as well a=
s the access() method. Suppose I issue a read /a/b/foo.txt request. To read=
foo.txt I need 'x' permission on /a, 'x' permission on /b and 'r' permissi=
on on foo.txt. My question is: on a read, will access() be called three tim=
es in the following order access("/a", ..) access("/a/b",..) access("/a/b/f=
oo.txt", ..)? Or will it be just called once access("a/b/foo.txt", ..) and =
then at the server side I need to do the hierarchical checking? In short, f=
or every request, at the server do I perform the hierarchical check or just=
check the permissions only for the requested file?
Thanks in advance.
PC Magazine=92s 2007 editors=92 choice for best web mail=97award-winning Wi=
ndows Live Hotmail.
Get latest updates about Open Source Projects, Conferences and News.