From db48ee7b216d1c4eca0928d12b8b3dde2ce47a0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Haziza?= <frederic.haziza@crg.eu>
Date: Fri, 22 Nov 2024 16:21:54 +0100
Subject: [PATCH] Attempting to set the user/group without setuid/setgid or
 dropping privileges

---
 README.md  |  2 +-
 src/main.c | 24 ++++++++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index fcff4fb..f5204a1 100644
--- a/README.md
+++ b/README.md
@@ -18,4 +18,4 @@ Requirements:
 
 ## Example
 
-...
+We include a simple [example](example). It shows how to prepend/append data, decrypt a Crypt4GH file, or not (ie passthrough).
diff --git a/src/main.c b/src/main.c
index a1c374d..f19ca32 100644
--- a/src/main.c
+++ b/src/main.c
@@ -39,6 +39,8 @@ static void usage(struct fuse_args *args)
 "    -o entry_timeout=S     seconds for which lookup names are cached [default: one day]\n"
 "    -o attr_timeout=S      seconds for which directories/files attributes are cached [default: one day]\n"
 "    -o dotdot              Shows '.' and '..' directories [default: ignored]\n"
+"    -o user_id=N           user id of the mount point [default: caller's uid]\n"
+"    -o group_id=N          group id of the mount point [default: caller's gid]\n"
 "\n"
 "Crypt4GH Options (if enabled):\n"
 "    -o seckey=<path>       Absolute path to the Crypt4GH secret key\n"
@@ -69,6 +71,10 @@ static struct fuse_opt fs_opts[] = {
 
 	CRYPT4GH_SQLITE_OPT("dotdot",       show_dotdot, 1),
 
+	/* Mount group id */
+	CRYPT4GH_SQLITE_OPT("user_id=%u", uid, 0), // chill... it's not root
+	CRYPT4GH_SQLITE_OPT("group_id=%u", gid, 0),
+
 	/* in case Crypt4GH is enabled */
 	CRYPT4GH_SQLITE_OPT("seckey=%s"             , seckeypath         , 0),
 	CRYPT4GH_SQLITE_OPT("passphrase_from_env=%s", passphrase_from_env, 0),
@@ -283,8 +289,8 @@ int main(int argc, char *argv[])
   config.entry_timeout = DEFAULT_ENTRY_TIMEOUT;
   config.attr_timeout = DEFAULT_ATTR_TIMEOUT;
 
-  config.uid = getuid();
-  config.gid = getgid();
+  config.uid = getuid(); /* current user */
+  config.gid = getgid(); /* current group */
 
   /* General options */
   if (fuse_opt_parse(&args, &config, fs_opts, fs_opt_proc) == -1)
@@ -312,6 +318,20 @@ int main(int argc, char *argv[])
     exit(1);
   }
 
+  if ( config.uid < 0 )
+    {
+      fprintf(stderr, "Invalid user IDs\n");
+      fprintf(stderr, "see `%s -h' for usage\n", argv[0]);
+      exit(1);
+    }
+
+  if ( config.gid < 0 )
+    {
+      fprintf(stderr, "Invalid group IDs\n");
+      fprintf(stderr, "see `%s -h' for usage\n", argv[0]);
+      exit(1);
+    }
+
   fuse_opt_insert_arg(&args, 1, "-ofsname=" FS_NAME);
 
   if(config.debug)