virtualfs 1.22 changes log

virtualfs 1.22 changes log

previous versions: 1.21
Change log index


AclFS: New privilege widelink

The privilege widelink was added. The privilege symlink allows the user to create symbolic links, but with some restriction:

Widelink remove this restriction. Note that widelink is not part of the pseudo privilege "MOST". Only trusted (highly) users should own this privilege.

AclFS: program directive in ..acl

The program directive in ..acl is now operational. You can create an ..acl like this (part of one ..acl):

	list HTMLEDITOR { jack , joe, @users }
	file *.html{
	    context a{
	        program /usr/bin/edithtml;
	        program /usr/bin/viewhtml;
	        grant { &HTMLEDITOR }
	        rights MOST;

In this example, member of the list HTMLEDITOR are allowed to do almost anything with *.html files, except that they can only do it with the programs edithtml and viewhtml. Note that those programs are not privieged (not setuid), yet it is the only way users can deal with html page.

This "program" feature may very well be the alternative to setuid root programs. If a setuid program has a security hole and is abused by a user, he may very well take control of the system (get a root shell).

With AclFS program feature, the user may end up abusing the content of *.html file, but that's all, since edithtml and viewhtml do not have any privilege.

Note that /usr/bin/edithtml and /usr/bin/viewhtml must be owned by root and must be chmod to 111, so they look like this with the "ls -l" command:

---x--x--x 1 root  root      1234 aug  6  1998 edithtml

By turning off read access, you are preventing users from using a debugger over the process and overriding its behavior. But this does not grant any privilege to those programs.

Default configuration files

System wide defaults now exist for litefs.conf, aclfs.conf and persmount.conf. They are stored in /etc/virtualfs. Virtualfs 1.22 delivers one default litefs.conf and persmount.conf. This means that virtualfs is immediately useful without needing configuration.

If a user define his own .virtualfs/litefs.conf for example, it overrides the one in /etc/virtualfs.

LiteFS: browsing the net (network neighborhood)

The virtualfs-browsenet utility was created to retrieve information about workgroups, workstations and shares on the SMB (windows) network. The code was borrowed from the gnomba project. The virtualfs-browsenet command is a simple tool used by litefsd-browse. The default configuration for virtualfs 1.22 provides a browse sub-directory that works like this:

	ls n/browse
	# This produces the list of workgroup
	ls n/browse/group
	# This produces the list of workstation in this group
	ls n/browse/group/station
	# This presents the list of shares offered by the station
	ls n/browse/group/station/share
	# This connects to the share using the persmount automap
	# feature. A graphical login pops up.

Browsing the net can be slow. The command is producing a cache in .virtualfs/browsenet-IP.cache, where IP is the IP number of the eth0 network adaptor. The command won't browse the net unless this cache is removed. To produce a "refresh", erase the cache.

The encoding of the IP number is useful for notebook computers. It creates one cache per visited network.

By default, virtualfs-browsenet only scans the local network (eth0). You can create a configuration file .virtualfs/browsenet-IP.conf or .virtualfs/browsetnet.conf. The first lets you define one per network. This file contains one one per IP range to scan. It generally goes like this:

	# start IP      End

Note that virtualfs-browsenet does not support the browse master protocol. It could be modified to support novell networks as well.

LiteFS: litefsd-browse, a generic back-end

litefsd-browse is a LiteFS back-end. It maps the output of simple commands to file system information. The goal is to create administrative file systems. For example, using virtualfs 1.22 default configuration, one can do:

	ls n/printers
	ls n/printers/lp
	rm n/printers/lp/402

The first commands is showing the list of configured printers in /etc/printcap. The second is showing the job list for the print queue "lp". The third is removing the job 402 from the queue (if the user is allowed).

In this case, the litefsd-browse is using the virtualfs-printers command to retrieve the print queue information. This command is very simple. It is not a daemon. Ultimately, it could be a simple shell script.. The 3 lines above correspond to the 3 virtualfs-printers command:

	virtualfs-printers --list
	virtualfs-printers --list lp
	virtualfs-printers --unlink lp/402

Using this framework, one can map other information to file systems rather easily.

LiteFS: unix domain socket location

litefs.conf (was .litefs) is defining unix domain socket (second column). By default, if the socket has a relative path, they are created and expected in .virtualfs. Prior to 1.22, they were created in the HOME directory, and this was annoying.

Also to simplify the litefs.conf, you are not forced to repeat the socket name in the startup command. Prior to 1.22, one had to write something like:

tmp   .tmp    litefsd --fork --socket .tmp --chdir /tmp

WIth 1.22, the socket name is passed as an environment variable called LITEFS_SOCKET. All LiteFS front-end/back-end know about this environment variable, so there is no need to use the --socket command line option anymore. The example above becomes:

tmp   .tmp    litefsd --fork  --chdir /tmp

Persmount: Multi-level auto-map

Persmount (personal auto-mounter) is normally used to map a logical volume in HOME/n to a network share. A configuration line in .virtualfs/persmount.conf normally goes like this

	volume .n/volume mount command

When you access n/volume, a mount is triggered (if not already done) in HOME/.n/volume.

Now persmount may map a hierarchy in a single line. This was created to support the litefsd-browse with virtualfs-browsenet. Instead of specifying a mount point, you specify the depth of the hierarchy, like this

	volume  =3 mount command
The =3 token indicates that the hierarchy is 3 levels deep. Note that the mount command must be smart enough to deal with that. A single line in persmount.conf may corresponds to several mounts. To help the mount, persmount supplies 2 macros, %v indicates the map and %m indicates the mount point (always in HOME/.n). Here is the configuration line needed to support browsing network shares:

browse  =3  virtualfs-xsmb --map %v --mountdir %m


AclFS: New path for configuration files

The files /etc/aclfsd.conf and /etc/aclfs.conf were moved to /etc/virtualfs. You will have to move them yourself.

New configuration file hierarchy

Prior to 1.22, the various configuration files were stored in the HOME directory of each users. This was adding many dot files (.litefs, .persmount) in the home and was annoying. All those files were moved to the sub-direction .virtualfs. Since they are hidden in a dot-file directory there is no need to hide them anymore, so the various configuration files were renamed: