Bug#916987: fusermount: unknown option 'user=name'

[Sven Hoexter]

On Fri, Dec 21, 2018 at 04:41:13PM +0100, Adrian Siemieniak wrote:

Hi,

> Hmm but fusefat is working - this is also block device.
> 
> p  fusefat - File System in User Space - Module for FAT

I actually tried it, but it does not work for me on devices
or I'm doing it wrong. According to the documentation this one
seems to be more centered on mounting image files. So no fuse "blkdev"
option involved.


> And I may be wrong, but this was working some time ago - I just did not
> checked it, since I had some lines in /etc/fstab for mounting my devices on
> auto with user rights. So if it was ntfs/vfat system used standard mount
> (ntfs3g - not fuse) and with exfat.. I'm not sure now...
> Anyway lately I used root, but yesterday I thought it's time to fix it
> and... :)

I think ntfs-3g is the better comparison, and they highlight the same issue
in the FAQ:
https://www.tuxera.com/community/ntfs-3g-faq/#useroption

So one option is doing the same and setuid the mount.exfat-fuse binary.

The other one would be using pmount and patching it yourself. The required
change is actually less intimidating then expected. Seems I'm not the only
one who looked into the issue.
Bugreport https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755434
Relevant patch 
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=755434;filename=patch;msg=19


> Ando also fusermount is suidrooted
> $ ls -ld /bin/fusermount
> -rwsr-xr-x 1 root root 34896 Aug  5 17:07 /bin/fusermount

Well I don't want to look into who drops which privs when.


Just for the sake of completeness I had a look at the exfat-fuse source.
https://github.com/relan/exfat/blob/master/fuse/main.c#L495
There's the place where the "user=" option is set.

The blkdev option is added here
https://github.com/relan/exfat/blob/master/fuse/main.c#L530

So if you like you could comment out the stuff around L495
but then I'm pretty sure you end up with blkdev issue as explained above
in fusermount. That's at least how far I went with my attempt to understand
the issue. You can always try to open a question upstream on github to maybe
get a more detailed answer.

Sven

Bug#916987: fusermount: unknown option 'user=name'

[Adrian Siemieniak]

W dniu 21.12.2018 o 16:15, Sven Hoexter pisze:

On Fri, Dec 21, 2018 at 01:01:55PM +0100, Adrian Siemieniak wrote:

Hi,


Well, the problem is I don't set this options "user=uid" - this is done
somewhere in between by fuse or exfat-fuse - I don't know.


Now that I thought a bit more about it, I think it's not possible to
mount block devices through fuse without root permission.
I vaguely remember some discussions about it and there is a check for it
in fusermount
https://github.com/libfuse/libfuse/blob/master/util/fusermount.c#L784

Something like exfat support in pmount could be a nice enhacement. But that's
a bit outside of the scope of exfat-fuse itself.


Hmm but fusefat is working - this is also block device.

p  fusefat - File System in User Space - Module for FAT

And I may be wrong, but this was working some time ago - I just did not 
checked it, since I had some lines in /etc/fstab for mounting my devices 
on auto with user rights. So if it was ntfs/vfat system used standard 
mount (ntfs3g - not fuse) and with exfat.. I'm not sure now...
Anyway lately I used root, but yesterday I thought it's time to fix it 
and... :)


Ando also fusermount is suidrooted
$ ls -ld /bin/fusermount
-rwsr-xr-x 1 root root 34896 Aug  5 17:07 /bin/fusermount


--
Pozdrawiam,
Adrian (Sauron) Siemieniak/~//_  .. Who can destroy The Thing,
sauron(at)rpg.pl / //__\  controls The Thing ... (DUNE)

Bug#916987: fusermount: unknown option 'user=name'

[Sven Hoexter]

On Fri, Dec 21, 2018 at 01:01:55PM +0100, Adrian Siemieniak wrote:

Hi,

> Well, the problem is I don't set this options "user=uid" - this is done
> somewhere in between by fuse or exfat-fuse - I don't know.

Now that I thought a bit more about it, I think it's not possible to
mount block devices through fuse without root permission.
I vaguely remember some discussions about it and there is a check for it
in fusermount
https://github.com/libfuse/libfuse/blob/master/util/fusermount.c#L784

Something like exfat support in pmount could be a nice enhacement. But that's
a bit outside of the scope of exfat-fuse itself.

Sven

Bug#916987: fusermount: unknown option 'user=name'

[Sven Hoexter]

On Fri, Dec 21, 2018 at 01:01:55PM +0100, Adrian Siemieniak wrote:
> W dniu 21.12.2018 o 12:51, Sven Hoexter pisze:
> > On Fri, Dec 21, 2018 at 12:41:11AM +0100, Adrian Siemieniak wrote:

Hi Adrian,

> > > Trying to mount exfat device by unprivileged user renders this error:
> > > :~$ /sbin/mount.exfat-fuse -d /dev/sdg1 mnt/
> > > FUSE exfat 1.3.0
> > > fusermount: unknown option 'user=sauron'
> > > 
> > > It the same with different users and I've also tested it on other machine 
> > > (also Debian/Sid).
> > 
> > I'm not entirely sure what you like to achieve. To the best of my knowledge 
> > the exfat fuse
> > implementation only supports the filesystem options listed in man 8 
> > mount.exfat.
> > I also had a short look into man 8 mount.fuse and can't find any mention of 
> > a "user" option,
> > so I'm not even sure if you expect it to be a filesystem option or a fuse 
> > option.
> 
> Well, the problem is I don't set this options "user=uid" - this is done
> somewhere in between by fuse or exfat-fuse - I don't know.

Ok I had a short look at this. I can see (via strace) that there is the 
following
invocation of fusermount:

24748 execve("/bin/fusermount", ["fusermount", "-o", 
"rw,nosuid,nodev,allow_other,default_permissions,blksize=4096,user=sven,blkdev,fsname=/dev/sdb",
 "--", "/home/sven/mnt"], 0x55d976d2ea90 /* 25 vars */) = 0

Looking into libfuse/lib/mount.c (the fuse source package), I can find a
FUSE_OPT_KEY("user=",   KEY_MTAB_OPT),

I would assume it should be able to handle that one, though it seems it does 
not.

Sven

Bug#916987: fusermount: unknown option 'user=name'

[Adrian Siemieniak]

W dniu 21.12.2018 o 12:51, Sven Hoexter pisze:

On Fri, Dec 21, 2018 at 12:41:11AM +0100, Adrian Siemieniak wrote:

Hello Adrian,


Trying to mount exfat device by unprivileged user renders this error:
:~$ /sbin/mount.exfat-fuse -d /dev/sdg1 mnt/
FUSE exfat 1.3.0
fusermount: unknown option 'user=sauron'

It the same with different users and I've also tested it on other machine (also 
Debian/Sid).


I'm not entirely sure what you like to achieve. To the best of my knowledge the 
exfat fuse
implementation only supports the filesystem options listed in man 8 mount.exfat.
I also had a short look into man 8 mount.fuse and can't find any mention of a 
"user" option,
so I'm not even sure if you expect it to be a filesystem option or a fuse 
option.

In general user management on fat filesystems is a bit wacky, usually the uid 
from the process
executing the mount is used as owner and group of all files.


Well, the problem is I don't set this options "user=uid" - this is done 
somewhere in between by fuse or exfat-fuse - I don't know.


The mount command line is in the example, as so the fuse.conf - where 
else it can be set? (I've clean fstab for this also - just in case).



--
Pozdrawiam,
Adrian (Sauron) Siemieniak/~//_  .. Who can destroy The Thing,
sauron(at)rpg.pl / //__\  controls The Thing ... (DUNE)

Bug#916987: fusermount: unknown option 'user=name'

[Sven Hoexter]

On Fri, Dec 21, 2018 at 12:41:11AM +0100, Adrian Siemieniak wrote:

Hello Adrian,

> Trying to mount exfat device by unprivileged user renders this error:
> :~$ /sbin/mount.exfat-fuse -d /dev/sdg1 mnt/
> FUSE exfat 1.3.0
> fusermount: unknown option 'user=sauron'
> 
> It the same with different users and I've also tested it on other machine 
> (also Debian/Sid).

I'm not entirely sure what you like to achieve. To the best of my knowledge the 
exfat fuse
implementation only supports the filesystem options listed in man 8 mount.exfat.
I also had a short look into man 8 mount.fuse and can't find any mention of a 
"user" option,
so I'm not even sure if you expect it to be a filesystem option or a fuse 
option.

In general user management on fat filesystems is a bit wacky, usually the uid 
from the process
executing the mount is used as owner and group of all files.

Sven

Bug#916987: fusermount: unknown option 'user=name'

[Adrian Siemieniak]

Package: exfat-fuse
Version: 1.3.0-1
Severity: important

Dear Maintainer,

Trying to mount exfat device by unprivileged user renders this error:
:~$ /sbin/mount.exfat-fuse -d /dev/sdg1 mnt/
FUSE exfat 1.3.0
fusermount: unknown option 'user=sauron'

It the same with different users and I've also tested it on other machine (also 
Debian/Sid).

Fuse.conf is default (without user_allow_other does not work at all - this 
parameter is forced now).
:~$ cat /etc/fuse.conf 
# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)

# Set the maximum number of FUSE mounts allowed to non-root users.
# The default is 1000.
#mount_max = 1000

# Allow non-root users to specify the allow_other or allow_root mount options.
user_allow_other

I've tested it also with 1.2.5-2 package from stretch and compiled it from git 
source (1.3) - all the time, same result. So I guess this is more something 
with fuse itself, but sshfs and fusefat work without a problem.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.1 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C), 
LANGUAGE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exfat-fuse depends on:
ii  fuse  2.9.8-2
ii  libc6 2.28-3
ii  libfuse2  2.9.8-2

Versions of packages exfat-fuse recommends:
ii  exfat-utils  1.3.0-1

exfat-fuse suggests no packages.

-- no debconf information