Bug#1037058: mergerfs: Mounting as non-root user fails with EPERM due to missing setuid bit

Fri, 02 Jun 2023 17:51:16 -0700 

Package: mergerfs
Version: 2.31.0-1
Severity: important
X-Debbugs-Cc: spa...@riseup.net

Mergerfs does not work properly when used as a non-root user:

 $ mkdir a b c
 $ mergerfs $(realpath a):$(realpath b) c
 fusermount: mount failed: Operation not permitted

After some debugging with strace, it appears that:
1) mergerfs ships it's own private version of fusermount as
   /usr/bin/mergerfs-fusermount
2) The version of fusermount shipped with the fuse3 package is setuid-root.
3) ...And /usr/bin/mergerfs-fusermount is not.

Making /usr/bin/mergerfs-fusermount setuid-root manually makes the problem
vanish.

So I'm going to bet that the intention is for /usr/bin/mergerfs-fusermount to
be installed as setuid-root but that doesn't happen for whatever reason.

Since one of the primary benefits of FUSE filesystems is to be able to mount
them as a standard user, I think it may be worth fixing this by either:
1) Patching mergerfs to use the system-provided fusermount binary. (Although,
   there may issues surrounding this approach as mergerfs seems to be using an
   embedded copy of libfuse as well.)
2) Making /usr/bin/mergerfs-fusermount setuid-root by default. (Though I don't
   know if there's any extra security red tape surrounding shipping setuid-root
   binaries in Debian.)

Just thought I report the above in the hope that this won't affect future
releases. And I'd be interested to know more about the feasibility of both
solutions.

Thanks,
        --Grond

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf, i386

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mergerfs depends on:
ii  fuse3 [fuse]  3.10.3-2
ii  libc6         2.31-13+deb11u5
ii  libfuse2      2.9.9-5
ii  libgcc-s1     10.2.1-6
ii  libstdc++6    10.2.1-6

mergerfs recommends no packages.

mergerfs suggests no packages.

-- no debconf information

Reply via email to