On Sun, Feb 6, 2011 at 9:58 PM, <sf...@users.sourceforge.net> wrote: > > How about writing a wrapper? > Allow chown after some tests. > - the target path is aufs, or /home/$USER in your case? > - the target uid is $USER > - etc > The warpper may be implemented suid-ed, or customized /etc/sudoers. >
I can do that easily and it would only work for a single-user desktop with one user logged in. If there is more than one simultaneous user, or if the ro branch is located on a server that is sharing with a protocol that doesn't have UID/GID override support (like NFS) then this method doesn't really function. There is also the problem of not wanting to trust users with shared executables that they can write to. As Wine becomes more compatible with Windows it will be more vulnerable to malware and the separation of rw data between users is crucial. Allowing them to chown means that anything can be written to the files from their account and the users of other accounts will be executing (and possibly writing to) the same files.. > You may want to try fuse, nfs or any other fs which has uid-mapping > feature. > After some considerations, I could understand why you want such feature > in aufs. But as I wrote first, I don't think it is a feature of > stackable filesystem. Aufs should follow and should not disturb the > native behaviour of brach fs. > I did look into funionfs but it had a lot of bugs and development stopped back in 2005 pending a rewrite. I reported a bug about the problem with SMB/CIFS mounts being displayed in Nautilus even if the mount point is a hidden directory but the initial response wasn't enthusiastic: https://bugzilla.gnome.org/show_bug.cgi?id=641569 I understand your position. A filesystem that does nothing more than change UID/GID/ACLS/permissions would be perfect but I don't know of any. Seems like it would be a great feature for a rootkit :D I'll keep looking for other solutions. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
