Go to file
2002-03-01 07:47:35 +00:00
example minor fixes 2002-01-11 08:25:52 +00:00
include Added statfs support to kernel, lib, examples, and perl 2002-01-07 16:32:02 +00:00
kernel rpm support 2002-01-14 08:48:46 +00:00
lib fixes 2002-01-09 12:23:27 +00:00
patch preparing for release 2001-11-09 14:49:18 +00:00
perl fixed mkdir/rmdir 2002-02-15 07:30:16 +00:00
python fixes 2002-01-09 12:23:27 +00:00
util rpm support 2002-01-14 08:48:46 +00:00
.cvsignore build fixes 2001-11-07 12:35:06 +00:00
AUTHORS perl bindings 2001-12-03 08:35:41 +00:00
BUGS permission checking implemented 2001-12-20 15:38:05 +00:00
ChangeLog added specfile for redhat 2002-03-01 07:47:35 +00:00
configure.in cross compilation fixes 2001-12-26 18:08:09 +00:00
COPYING build with automake 2001-11-07 12:09:43 +00:00
fuse_redhat.spec added specfile for redhat 2002-03-01 07:47:35 +00:00
fuse.spec rpm support 2002-01-14 08:48:46 +00:00
INSTALL build with automake 2001-11-07 12:09:43 +00:00
makeconf.sh minor fixes 2002-01-11 08:25:52 +00:00
Makefile.am added specfile for redhat 2002-03-01 07:47:35 +00:00
NEWS release preparations 2002-01-09 13:46:10 +00:00
README release preparations 2002-01-09 13:46:10 +00:00
TODO Added statfs support to kernel, lib, examples, and perl 2002-01-07 16:32:02 +00:00

General Information
===================

FUSE (Filesystem in USErspace) is a simple interface for userspace
programs to export a virtual filesystem to the linux kernel.  FUSE
also aims to provide a secure method for non privileged users to
create and mount their own filesystem implementations.

You can download the source code releases from

  http://sourceforge.net/projects/avf

or alternatively you can use CVS to get the very latest development
version by setting the cvsroot to

  :pserver:anonymous@cvs.avf.sourceforge.net:/cvsroot/avf

and checking out the 'fuse' module.

Installation
============

See the file 'INSTALL'

IMPORTANT NOTE: If you run a system with untrusted users, installing
this program is not recommended, as it could be used to breach
security (see the 'Security' section for explanation).

How To Use
==========

FUSE is made up of three main parts:

 - A kernel filesystem module (kernel/fuse.o)

 - A userspace library (lib/libfuse.a)

 - A mount/unmount program (util/fusermount)


Here's how to create your very own virtual filesystem in five easy
steps (after installing FUSE):

  1) Edit the file example/fusexmp.c to do whatever you want...

  2) Build the fusexmp program

  3) run 'example/fusexmp /mnt/whatever -d'

  4) ls -al /mnt/whatever

  5) Be glad

If it doesn't work out, please ask!  Also see the file 'include/fuse.h' for
detailed documentation of the library interface.

You can also mount your filesystem like this:

   fusermount /mnt/whatever example/fusexmp -d

The fusermount program now accepts a couple of additional options.
Run it with the '-h' option to see a description.

Security
========

If you run 'make install', the fusermount program is installed
set-user-id to root.  This is done to allow normal users to mount
their own filesystem implementations. 

There must however be some limitations, in order to prevent Bad User from
doing nasty things.  Currently those limitations are:

  - The user can only mount on a mountpoint, for which it has write
    permission

  - The mountpoint is not a sticky directory which isn't owned by the
    user (like /tmp usually is)

  - No other user (including root) can access the contents of the mounted
    filesystem.

When linux will have private namespaces (as soon as version 2.5 comes out
hopefully) then this third condition is useless and can be gotten rid of.

Currently the first two conditions are checked by the fusermount program
before doing the mount.  This has the nice feature, that it's totally
useless.  Here's why:

   - user creates /tmp/mydir
   - user starts fusermount
   - user removes /tmp/mydir just after fusermount checked that it is OK
   - user creates symlink: ln -s / /tmp/mydir
   - fusermount actually mounts user's filesystem on '/'
   - this is bad :(

So to make this secure, the checks must be done by the kernel.  And so
there is a patch (patch/ms_permission.patch) which does exactly this.
This is against 2.4.14, but applies to some earlier kernels (not too
much earlier though), and possibly some later.