Attempting to set the user/group without setuid/setgid or dropping pr…

…ivileges
silverdaz · Nov 22, 2024 · db48ee7 · db48ee7
1 parent dfafde6
commit db48ee7
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -18,4 +18,4 @@ Requirements:
 
 ## Example
 
-...
+We include a simple [example](example). It shows how to prepend/append data, decrypt a Crypt4GH file, or not (ie passthrough).
diff --git a/src/main.c b/src/main.c
@@ -39,6 +39,8 @@ static void usage(struct fuse_args *args)
 "    -o entry_timeout=S     seconds for which lookup names are cached [default: one day]\n"
 "    -o attr_timeout=S      seconds for which directories/files attributes are cached [default: one day]\n"
 "    -o dotdot              Shows '.' and '..' directories [default: ignored]\n"
+"    -o user_id=N           user id of the mount point [default: caller's uid]\n"
+"    -o group_id=N          group id of the mount point [default: caller's gid]\n"
 "\n"
 "Crypt4GH Options (if enabled):\n"
 "    -o seckey=<path>       Absolute path to the Crypt4GH secret key\n"
@@ -69,6 +71,10 @@ static struct fuse_opt fs_opts[] = {
 
 	CRYPT4GH_SQLITE_OPT("dotdot",       show_dotdot, 1),
 
+	/* Mount group id */
+	CRYPT4GH_SQLITE_OPT("user_id=%u", uid, 0), // chill... it's not root
+	CRYPT4GH_SQLITE_OPT("group_id=%u", gid, 0),
+
 	/* in case Crypt4GH is enabled */
 	CRYPT4GH_SQLITE_OPT("seckey=%s"             , seckeypath         , 0),
 	CRYPT4GH_SQLITE_OPT("passphrase_from_env=%s", passphrase_from_env, 0),
@@ -283,8 +289,8 @@ int main(int argc, char *argv[])
   config.entry_timeout = DEFAULT_ENTRY_TIMEOUT;
   config.attr_timeout = DEFAULT_ATTR_TIMEOUT;
 
-  config.uid = getuid();
-  config.gid = getgid();
+  config.uid = getuid(); /* current user */
+  config.gid = getgid(); /* current group */
 
   /* General options */
   if (fuse_opt_parse(&args, &config, fs_opts, fs_opt_proc) == -1)
@@ -312,6 +318,20 @@ int main(int argc, char *argv[])
     exit(1);
   }
 
+  if ( config.uid < 0 )
+    {
+      fprintf(stderr, "Invalid user IDs\n");
+      fprintf(stderr, "see `%s -h' for usage\n", argv[0]);
+      exit(1);
+    }
+
+  if ( config.gid < 0 )
+    {
+      fprintf(stderr, "Invalid group IDs\n");
+      fprintf(stderr, "see `%s -h' for usage\n", argv[0]);
+      exit(1);
+    }
+
   fuse_opt_insert_arg(&args, 1, "-ofsname=" FS_NAME);
 
   if(config.debug)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,4 +18,4 @@ Requirements:

		## Example

		...
		We include a simple [example](example). It shows how to prepend/append data, decrypt a Crypt4GH file, or not (ie passthrough).