From 9f92518396839af3979f56ce3f2f6b222c5c5801 Mon Sep 17 00:00:00 2001 From: jpandre Date: Fri, 18 Dec 2009 10:31:42 +0000 Subject: [PATCH] Grouped permission mode setting in the parameter file --- include/ntfs-3g/param.h | 29 ++++++++++++++++++++++++++++- src/ntfs-3g.c | 16 ++++++++++++---- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/include/ntfs-3g/param.h b/include/ntfs-3g/param.h index 07bc7a80..b309e300 100644 --- a/include/ntfs-3g/param.h +++ b/include/ntfs-3g/param.h @@ -31,6 +31,33 @@ #define FORCE_FORMAT_v1x 0 /* Insert security data as in NTFS v1.x */ #define OWNERFROMACL 1 /* Get the owner from ACL (not Windows owner) */ -#define FULLCOLLATE 1 +/* + * Permission checking modes for high level and low level + * + * The choices for high and low lowel are independent, they have + * no effect on the library + * + * Stick to the recommended values unless you understand the consequences + * on protection and performances. Use of cacheing is good for + * performances, but bad on security. + * + * Possible values for high level : + * 1 : no cache, kernel control (recommended) + * 4 : no cache, file system control + * 7 : no cache, kernel control for ACLs + * + * Possible values for low level : + * 2 : no cache, kernel control + * 3 : use kernel/fuse cache, kernel control + * 5 : no cache, file system control (recommended) + * 8 : no cache, kernel control for ACLs + * + * Use of options 7 and 8 requires a patch to fuse + * When Posix ACLs are selected in the configure options, a value + * of 6 is added in the mount report. + */ + +#define HPERMSCONFIG 1 +#define LPERMSCONFIG 5 #endif /* defined _NTFS_PARAM_H */ diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c index 331df7f0..184eba75 100644 --- a/src/ntfs-3g.c +++ b/src/ntfs-3g.c @@ -103,10 +103,17 @@ #include "logging.h" #include "misc.h" -#define KERNELACLS 0 /* do not want ACLs checked by kernel */ - /* fuse patch required for KERNELACLS ! */ -#define KERNELPERMS 1 /* want permissions checked by kernel */ -#define CACHEING 0 /* Fuse cacheing; broken, do no use ! */ +/* + * The following permission checking modes are governed by + * the LPERMSCONFIG value in param.h + */ + +/* ACLS may be checked by kernel (requires a fuse patch) or here */ +#define KERNELACLS ((HPERMSCONFIG > 6) & (HPERMSCONFIG < 10)) +/* basic permissions may be checked by kernel or here */ +#define KERNELPERMS (((HPERMSCONFIG - 1) % 6) < 3) +/* may want to use fuse/kernel cacheing */ +#define CACHEING (!(HPERMSCONFIG % 3)) #if KERNELACLS & !KERNELPERMS #error Incompatible options KERNELACLS and KERNELPERMS @@ -4163,6 +4170,7 @@ int main(int argc, char *argv[]) if (fstype == FSTYPE_NONE || fstype == FSTYPE_UNKNOWN) fstype = load_fuse_module(); create_dev_fuse(); + if (drop_privs()) goto err_out; #endif