Merge pull request #66 from trapexit/pseudo-file-permissions

restrict who can setxattr the pseudo file. closes #64
2025-03-15 02:35:12 +08:00 · 2015-03-13 20:45:25 -04:00 · 2015-03-13 20:45:25 -04:00 · 7552ad6781
commit 7552ad6781
parent 4ea49fcfbb 4b204b8fba
2 changed files with 16 additions and 11 deletions
--- a/src/getattr.cpp
+++ b/src/getattr.cpp
@ -48,10 +48,10 @@ _getattr_controlfile(struct stat &buf)
  buf.st_dev     = 0;
  buf.st_ino     = 0;
-  buf.st_mode    = (S_IFREG|S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+  buf.st_mode    = (S_IFREG|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
  buf.st_nlink   = 1;
-  buf.st_uid     = ::geteuid();
+  buf.st_uid     = ::getuid();
-  buf.st_gid     = ::getegid();
+  buf.st_gid     = ::getgid();
  buf.st_rdev    = 0;
  buf.st_size    = 0;
  buf.st_blksize = 1024;
--- a/src/setxattr.cpp
+++ b/src/setxattr.cpp
@ -283,15 +283,20 @@ namespace mergerfs
             int         flags)
    {
      const config::Config      &config = config::get();
      const struct fuse_context *fc     = fuse_get_context();
      if(fusepath == config.controlfile)
        {
          if((fc->uid != ::getuid()) && (fc->gid != ::getgid()))
            return -EPERM;
          return _setxattr_controlfile(config::get_writable(),
                                       attrname,
                                       string(attrval,attrvalsize),
                                       flags);
        }
      {
        const struct fuse_context *fc = fuse_get_context();
        const ugid::SetResetGuard ugid(fc->uid,fc->gid);
        const rwlock::ReadGuard   readlock(&config.srcmountslock);