Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb5c9786

Browse files
committed
Cleaned up PRmpartel#61.
For consistency, renamed the new options to --delete-deny and --rename-deny.
1 parentcb7a9dc commitb5c9786

File tree

5 files changed

+57
-33
lines changed

5 files changed

+57
-33
lines changed

‎ChangeLog‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
2017-11-30 Martin Pärtel <martin dot partel at gmail dot com>
2+
3+
* Added options --delete-deny and --rename-deny as suggested by @roojs.
4+
15
2017-10-26 Martin Pärtel <martin dot partel at gmail dot com>
26

37
* Released 1.13.8

‎README.md‎

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,4 @@
11

2-
##slightly modified ##
3-
4-
Just added block-delete,block-rename
5-
6-
So you can use it with sftp and disable delete/rename ....
7-
8-
9-
102
##Overview ##
113

124
bindfs -https://bindfs.org/

‎src/bindfs.1‎

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,20 @@ The read/write permissions are checked against the (possibly modified)
219219
file permissions inside the mount.
220220

221221

222+
.SH OTHER FILE OPERATIONS
223+
224+
.TP
225+
.B\-\-delete\-deny,\-odelete\-deny
226+
Makes all file delete operations fail with a 'permission denied'.
227+
By default, files can still be modified if they have write permission,
228+
and renamed if the directory has write permission.
229+
230+
.TP
231+
.B\-\-rename\-deny,\-orename\-deny
232+
Makes all file rename/move operations\fBwithinthemountpoint\fP fail with
233+
a 'permission denied'. Programs that move files out of a mountpoint do so
234+
by copying and deleting the original.
235+
222236
.SH RATE LIMITS
223237
Reads and writes through the mount point can be throttled. Throttling works
224238
by sleeping the required amount of time on each read or write request.

‎src/bindfs.c‎

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,9 @@ static struct Settings {
159159
XATTR_READ_WRITE
160160
}xattr_policy;
161161

162+
intdelete_deny;
163+
intrename_deny;
164+
162165
intmirrored_users_only;
163166
uid_t*mirrored_users;
164167
intnum_mirrored_users;
@@ -184,10 +187,6 @@ static struct Settings {
184187
intenable_lock_forwarding;
185188

186189
intenable_ioctl;
187-
188-
/* should probably be handled with enum... */
189-
intblock_delete;
190-
intblock_rename;
191190

192191
uid_tuid_offset;
193192
gid_tgid_offset;
@@ -480,10 +479,9 @@ static int delete_file(const char *path, int (*target_delete_func)(const char *)
480479
char*unlink_first=NULL;
481480
int (*main_delete_func)(constchar*)=target_delete_func;
482481

483-
if (settings.block_delete)
482+
if (settings.delete_deny)
484483
return-EPERM;
485484

486-
487485
real_path=process_path(path, false);
488486
if (real_path==NULL)
489487
return-errno;
@@ -824,8 +822,8 @@ static int bindfs_rename(const char *from, const char *to)
824822
{
825823
intres;
826824
char*real_from,*real_to;
827-
828-
if (settings.block_rename)
825+
826+
if (settings.rename_deny)
829827
return-EPERM;
830828

831829
real_from=process_path(from, false);
@@ -1469,6 +1467,10 @@ static void print_usage(const char *progname)
14691467
" --xattr-ro Read-only xattr operations.\n"
14701468
" --xattr-rw Read-write xattr operations (the default).\n"
14711469
"\n"
1470+
"Other file operations:\n"
1471+
" --delete-deny Disallow deleting files.\n"
1472+
" --rename-deny Disallow renaming files (within the mount).\n"
1473+
"\n"
14721474
"Rate limits:\n"
14731475
" --read-rate=... Limit to bytes/sec that can be read.\n"
14741476
" --write-rate=... Limit to bytes/sec that can be written.\n"
@@ -1519,16 +1521,16 @@ enum OptionKey {
15191521
OPTKEY_XATTR_NONE,
15201522
OPTKEY_XATTR_READ_ONLY,
15211523
OPTKEY_XATTR_READ_WRITE,
1524+
OPTKEY_DELETE_DENY,
1525+
OPTKEY_RENAME_DENY,
15221526
OPTKEY_REALISTIC_PERMISSIONS,
15231527
OPTKEY_CTIME_FROM_MTIME,
15241528
OPTKEY_ENABLE_LOCK_FORWARDING,
15251529
OPTKEY_DISABLE_LOCK_FORWARDING,
15261530
OPTKEY_ENABLE_IOCTL,
15271531
OPTKEY_HIDE_HARD_LINKS,
15281532
OPTKEY_RESOLVE_SYMLINKS,
1529-
OPTKEY_BLOCK_DEVICES_AS_FILES,
1530-
OPTKEY_BLOCK_DELETE,
1531-
OPTKEY_BLOCK_RENAME
1533+
OPTKEY_BLOCK_DEVICES_AS_FILES
15321534
};
15331535

15341536
staticintprocess_option(void*data,constchar*arg,intkey,
@@ -1600,6 +1602,13 @@ static int process_option(void *data, const char *arg, int key,
16001602
settings.xattr_policy=XATTR_READ_WRITE;
16011603
return0;
16021604

1605+
caseOPTKEY_DELETE_DENY:
1606+
settings.delete_deny=1;
1607+
return0;
1608+
caseOPTKEY_RENAME_DENY:
1609+
settings.rename_deny=1;
1610+
return0;
1611+
16031612
caseOPTKEY_REALISTIC_PERMISSIONS:
16041613
settings.realistic_permissions=1;
16051614
return0;
@@ -1625,14 +1634,6 @@ static int process_option(void *data, const char *arg, int key,
16251634
settings.block_devices_as_files=1;
16261635
return0;
16271636

1628-
caseOPTKEY_BLOCK_DELETE:
1629-
settings.block_delete=1;
1630-
return0;
1631-
1632-
caseOPTKEY_BLOCK_RENAME:
1633-
settings.block_rename=1;
1634-
return0;
1635-
16361637
caseOPTKEY_NONOPTION:
16371638
if (!settings.mntsrc) {
16381639
settings.mntsrc=realpath(arg,NULL);
@@ -1960,6 +1961,9 @@ int main(int argc, char *argv[])
19601961
OPT2("--xattr-ro","xattr-ro",OPTKEY_XATTR_READ_ONLY),
19611962
OPT2("--xattr-rw","xattr-rw",OPTKEY_XATTR_READ_WRITE),
19621963

1964+
OPT2("--delete-deny","delete-deny",OPTKEY_DELETE_DENY),
1965+
OPT2("--rename-deny","rename-deny",OPTKEY_RENAME_DENY),
1966+
19631967
OPT2("--hide-hard-links","hide-hard-links",OPTKEY_HIDE_HARD_LINKS),
19641968
OPT2("--resolve-symlinks","resolve-symlinks",OPTKEY_RESOLVE_SYMLINKS),
19651969
OPT_OFFSET2("--resolved-symlink-deletion=%s","resolved-symlink-deletion=%s",resolved_symlink_deletion,-1),
@@ -1974,9 +1978,6 @@ int main(int argc, char *argv[])
19741978
OPT_OFFSET2("--uid-offset=%s","uid-offset=%s",uid_offset,0),
19751979
OPT_OFFSET2("--gid-offset=%s","gid-offset=%s",gid_offset,0),
19761980

1977-
OPT2("--block-delete","block-delete",OPTKEY_BLOCK_DELETE),
1978-
OPT2("--block-rename","block-rename",OPTKEY_BLOCK_RENAME),
1979-
19801981

19811982

19821983

@@ -2010,6 +2011,8 @@ int main(int argc, char *argv[])
20102011
settings.chmod_allow_x=0;
20112012
settings.chmod_permchain=permchain_create();
20122013
settings.xattr_policy=XATTR_READ_WRITE;
2014+
settings.delete_deny=0;
2015+
settings.rename_deny=0;
20132016
settings.mirrored_users_only=0;
20142017
settings.mirrored_users=NULL;
20152018
settings.num_mirrored_users=0;
@@ -2025,9 +2028,6 @@ int main(int argc, char *argv[])
20252028
settings.enable_ioctl=0;
20262029
settings.uid_offset=0;
20272030
settings.gid_offset=0;
2028-
2029-
settings.block_delete=0;
2030-
settings.block_rename=0;
20312031

20322032
atexit(&atexit_func);
20332033

‎tests/test_bindfs.rb‎

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,20 @@ def run_chown_chgrp_test_case(chown_flag, chgrp_flag, expectations)
293293
assert{File.stat('src/file').mode &0777 ==0640}
294294
end
295295

296+
testenv("--delete-deny")do
297+
touch('src/file')
298+
mkdir('src/dir')
299+
assert_exception(EPERM){rm('mnt/file')}
300+
assert_exception(EPERM){rmdir('mnt/dir')}
301+
end
302+
303+
testenv("--rename-deny")do
304+
touch('src/file')
305+
mkdir('src/dir')
306+
assert_exception(EPERM){mv('mnt/file','mnt/file2')}
307+
assert_exception(EPERM){mv('mnt/dir','mnt/dir2')}
308+
end
309+
296310
root_testenv("--map=nobody/root:@#{nobody_group}/@#{root_group}")do
297311
touch('src/file')
298312
chown('nobody',nobody_group,'src/file')

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp