Re: Two questions about LUKS in a file container
On Thu 17 Sep 2020 at 13:32:16 (-0700), David Christensen wrote:
> On 2020-09-16 14:38, David Wright wrote:
> > On Wed 16 Sep 2020 at 12:56:36 (-0700), David Christensen wrote:
> > > On 2020-09-16 01:59, Andrei POPESCU wrote:
>
> > > If I change the mode of the mount point to 0000:
>
> > > Is there some advantage other than making a long listing visually
> > > distinctive when the mount point is not in use?
> >
> > Yes. As explained earlier in the thread, it prevents user OP from
> > accidentally scribbling in the unused mountpoint.
>
> The default permissions 0755 already do that:
>
> 2020-09-17 13:21:22 dpchrist@tinkywinky ~
> $ touch /f1/foo
> touch: cannot touch '/f1/foo': Permission denied
Only because root created the mount point, as root would have to do
for a mount point in /.
The blog example uses $HOME/Private/ which would, with a typical
user's umask, be writeable by the user.
> > Another side-effect is that you can't enter the mountpoint directory
> > in, say, mc, which avoids your thinking that the intended filesystem
> > (were it actually mounted) is itself empty.
>
> 2020-09-17 13:23:59 dpchrist@tinkywinky ~
> $ ssh root@localhost
> Linux tinkywinky 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05) x86_64
> Last login: Wed Sep 16 12:31:13 2020 from ::1
>
> 2020-09-17 13:24:03 root@tinkywinky ~
> # chmod 0000 /f1
>
> 2020-09-17 13:24:08 root@tinkywinky ~
> # q
> logout
> Connection to localhost closed.
>
> 2020-09-17 13:24:17 dpchrist@tinkywinky ~
> $ cd /f1
> bash: cd: /f1: Permission denied
>
> Confirmed -- changing mode to 0000 prevents non-root users from
> changing into that directory.
>
> > But—I see that your own intended filesystem for f1 is fuse.sshfs.
> > Can you, as a user, mount this filesystem now? I'd be interested
> > to know how, if you can, because I'm just now thinking about enhancing
> > my udev rule to chown a mount (in favour of me) if the fstab entry
> > is a fuse one (eg ntfs and exfat).
>
> I have always mounted /f1 as root. Trying it as non-root:
>
> 2020-09-17 13:24:24 dpchrist@tinkywinky ~
> $ mount /f1
> mount: only root can mount f1:/ on /f1
Oh, OK. I was hoping you might have cracked how to mount a fuse
filesystem as a user, as described in:
What is FUSE?
~~~~~~~~~~~~~
FUSE is a userspace filesystem framework. […]
One of the most important features of FUSE is allowing secure,
non-privileged mounts. This opens up new possibilities for the use of
filesystems. A good example is sshfs: a secure network filesystem
using the sftp protocol.
https://www.kernel.org/doc/Documentation/filesystems/fuse.txt
But with my experiments (on exFAT), I couldn't get past what looks
like #916987:
$ mount /media/cruzer4g/
FUSE exfat 1.3.0
fusermount: unknown option 'user=david'
$
That was after adding user_allow_other to /etc/fuse.conf (which
I didn't want) to get past:
$ mount /media/cruzer4g/
FUSE exfat 1.3.0
fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf
$
… and after being taking ownership of both mount point and device file.
So I'm mounting with sudo, and appending ,umask=077,uid=1000,gid=1000
to the fstab entry to gain user access to the filesystem.
Do you know if fuse exFAT is a stopgap, and support in the kernel is
eventually coming, or was a fuse implementation necessarily chosen
to support exFAT on account of some particular problem. It seems odd
that pmount, for example, doesn't support exFAT (which would seem
a prime candidate).
The fuse documentation is so fragmentary, scattered and sparse that
I haven't really got a good feel for what is is or how it works.
I'm always thinking that I've missed some option or other that allows
it to work as I expected it to.
Cheers,
David.
Reply to: