** Description changed: - Binary package hint: gvfs + Problem + ======= + For security reasons ( possible DoS ), other users (esp. root) cannot access a fuse filesystem, and not even stat the mountpoint: - I tried to copy the contents of my home-folder using "sudo cp -a", and I got - cp: cannot stat '/home/user/.gvfs': Permission denied + $ sudo stat .gvfs + stat: cannot stat `.gvfs': Permission denied + $ sudo ls -la + ls: cannot access .gvfs: Permission denied + d????????? ? ? ? ? ? .gvfs - This can be reproduced whenever /home/user/.gvfs is mounted according to - /etc/mtab. Not only does "cp" yield an error, but also "ls" and "cd": + This means "rsync --one-file-system" (and similar options for find, + tar...) cannot know this is a different file system they actually want + to exclude, and fail on the permission denied error. - $ whoami - user - $ ls -dl /home/user/.gvfs - dr-x------ 2 user user 0 2008-05-01 19:55 /home/user/.gvfs - $ sudo -s - $ whoami - root - $ cd /home/user/.gvfs - bash: cd: /home/user/.gvfs: Permission denied - $ ls -dl /home/user/.gvfs - ls: canot access /home/user/.gvfs: Permission denied - $ umount /home/user/.gvfs - $ ls -dl /home/user/.gvfs - drwx------ 2 wg wg 4096 2008-04-25 23:12 /home/user/.gvfs - $ cd /home/user/.gvfs - $ pwd - /home/user/.gvfs + Please note that it is GOOD AND CORRECT that root cannot copy the .gvfs + directory. The real problem is that the stat fails. + Workarounds + =========== + * bind-mount the file system you want to backup beforehand (see comment #67) - Ubuntu Version: 8.04 - gvfs Version: 0.2.3-0ubuntu4 - Expected Behaviour: well, grant access to the superuser whenever he tries to access ~/.gvfs - - This bug might be related to - https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/212789 + See also + ======= + * Excellent description of the problem in bug 227724 + * fuse-devel mailing list saying this will all be solved someday using "private namespaces" + http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/3497/focus=3502 + http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/7169/focus=7236 + * Kernel documentation explaing the DoS + http://www.kernel.org/doc/Documentation/filesystems/fuse.txt
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gvfs in Ubuntu. https://bugs.launchpad.net/bugs/225361 Title: .gvfs can't be stat'd by root causing backup tools to fail Status in GVFS: New Status in “gvfs” package in Ubuntu: Triaged Status in “gvfs” package in ALT Linux: New Bug description: Problem ======= For security reasons ( possible DoS ), other users (esp. root) cannot access a fuse filesystem, and not even stat the mountpoint: $ sudo stat .gvfs stat: cannot stat `.gvfs': Permission denied $ sudo ls -la ls: cannot access .gvfs: Permission denied d????????? ? ? ? ? ? .gvfs This means "rsync --one-file-system" (and similar options for find, tar...) cannot know this is a different file system they actually want to exclude, and fail on the permission denied error. Please note that it is GOOD AND CORRECT that root cannot copy the .gvfs directory. The real problem is that the stat fails. Workarounds =========== * bind-mount the file system you want to backup beforehand (see comment #67) See also ======= * Excellent description of the problem in bug 227724 * fuse-devel mailing list saying this will all be solved someday using "private namespaces" http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/3497/focus=3502 http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/7169/focus=7236 * Kernel documentation explaing the DoS http://www.kernel.org/doc/Documentation/filesystems/fuse.txt To manage notifications about this bug go to: https://bugs.launchpad.net/gvfs/+bug/225361/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
