POSSIBLE SOLUTIONS: Re: /home/<user>/.gvfs causing problems for rsync

Tue Nov 11 23:17:01 UTC 2008

The following is NOT properly tested, and I do NOT know what side
effects it may have, but if I restart gfvs-fuse-daemon with the
allow_root option, I can, as root, inspect the .gvfs directory.

One definite side effect that it has is to allow the root user to see
stuff that the ordinary user has the right to see *on another system*.
Just because you have root access on one system doesn't mean you should
be allowed to see the files to which other people have access on other
systems. I'm pretty sure that is why the .gvfs directory is managed the
way it is.

In order to be able to set this option, I had to edit /etc/fuse.conf and
uncomment the line that allows non-root users to specify the allow_root
option to the fuse daemon, i.e.:

   user_allow_other

Then

   /bin/fusermount -zu $HOME/.gvfs
   /usr/lib/gvfs/gvfs-fuse-daemon -o allow_root $HOME/.gvfs

Mounted filesystems are still mounted after this procedure. If you want
ANYONE to be able to access the mounted filesystem, you can specify
"allow_other" instead.

I haven't quite worked out where gvfs-fuse-daemon gets started normally,
so I can't say where the option might be added to just happen every
time. If anyone knows, let me know! Might be something in the dbus
subsystem.

Apart from the security aspect mentioned above, this solution will get
very tricky if you have a multi-user system, with different users having
things mounted on their own .gvfs directories. You'd have to restart
gvfs-fuse-daemon separately for each user, *as* each user.

A safer rsync workaround than this might be to enumerate the top-level
objects in each home directory, and build an *include* list (which would
omit unwanted directories such as .gvfs) and pass that list to rsync.
Then rsync will not need to inspect the non-included directories,
however fleetingly. This solution is much more complicated, but the
include-list builder would only need to be written once, would work on
all home directories and would not require any changes to the gvfs
stuff. Note that I haven't actually tried this :-)

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081112/4d2a9c00/attachment.sig>