Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operation not permitted when mounting as non-root #1292

Open
doak opened this issue Jan 13, 2024 · 5 comments
Open

Operation not permitted when mounting as non-root #1292

doak opened this issue Jan 13, 2024 · 5 comments
Labels
bug investigating

Comments

@doak
Copy link

doak commented Jan 13, 2024

Describe the bug

Mounting as non-root fails with fusermount: mount failed: Operation not permitted.

This fails for all versions since (including) 2.28.3-28-g5ce428c up to latest master. Especially it also fails for v2.30.0, which – according to #799 – contains a fix for some imho very similar issue.

To Reproduce

Steps to reproduce the behaviour:

mkdir branch
mkdir merged
mergerfs branch merged

Expected behaviour

Although executing as non-root is not fully supported, according to the docs mounting as non-root should work as long as there are no issues with permissions.

System information

  • OS, kernel version: Linux host 6.5.0-5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.13-1 (2023-11-29) x86_64 GNU/Linux
  • mergerfs version: v2.38.1-1-gc1c2f07
  • mergerfs settings: None I am aware of.
  • List of drives, filesystems, & sizes: n.a.
  • A strace of the mounting: strace.txt
@doak doak mentioned this issue Jan 13, 2024
Closed
@trapexit
Copy link
Owner

image

It works on my systems fine.

@trapexit
Copy link
Owner

46212 02:07:12.744338 mount("/tmp/mergerfs/branch", ".", "fuse", MS_NOSUID|MS_NODEV, "default_permissions,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EPERM (Operation not permitted) <0.000009>

From the strace. The kernel, not mergerfs, is giving you perm denied. It is clearly something about your system. Are you trying to mount this in a container? On a system without fusermount having setuid bits?

@doak
Copy link
Author

doak commented Jan 27, 2024
edited

I've found the reason (not the cause), but still don't understand it.
Anyway, you are right: it works (after I uninstalled the Distribution's version).

If you are interested in the root cause why it fails on my system, I am happy to dig deeper. Just let me know.

Some more details (in case you are interested):
Although (initially?) the expected, self built mergerfs binary get executed, it somehow "collides" with the version installed by the distribution (Debian testing). $PATH is set correctly afaik. But there is also a mergerfs-fusermount and mount.mergerfs binary installed by the package manager:

doak@flatbox:~$ which mergerfs
/home/doak/daten/software/linux/mergerfs/build/mergerfs
doak@flatbox:~$ which mergerfs-fusermount 
/usr/bin/mergerfs-fusermount

It works when mergerfs is not installed by Debian:

doak@flatbox:/tmp$ ~/daten/software/linux/mergerfs/build/mergerfs branch merged
warning: mergerfs is not running as root and may not work correctly
fusermount: mount failed: Operation not permitted
doak@flatbox:/tmp$ sudo apt-get remove -y mergerfs >/dev/null
doak@flatbox:/tmp$ ~/daten/software/linux/mergerfs/build/mergerfs branch merged
warning: mergerfs is not running as root and may not work correctly
doak@flatbox:/tmp$ mount | grep merged
/tmp/branch on /tmp/merged type fuse.mergerfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions)

46212 02:07:12.744338 mount("/tmp/mergerfs/branch", ".", "fuse", MS_NOSUID|MS_NODEV, "default_permissions,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EPERM (Operation not permitted) <0.000009>

strace revleals that the mount() system call even fails in case it succeeds (on my machine™). It also differs in the third argument:

doak@flatbox:/tmp$ mount | grep merged
doak@flatbox:/tmp$ strace ~/daten/software/linux/mergerfs/build/mergerfs branch merged 2>&1 | grep mount
mount("/tmp/branch", "/tmp/merged", "fuse.mergerfs", MS_NOSUID|MS_NODEV, "default_permissions,fd=5,rootmod"...) = -1 EPERM (Operation not permitted)
doak@flatbox:/tmp$ mount | grep merged
/tmp/branch on /tmp/merged type fuse.mergerfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions)

Honestly, I don't understand why it succeeds eventually. Here is the full strace.log for the successful mount (i.e. mount shows the merged directory):

doak@flatbox:/tmp$ mount | grep merged
doak@flatbox:/tmp$ strace ~/daten/software/linux/mergerfs/build/mergerfs branch merged &>strace.log
doak@flatbox:/tmp$ mount | grep merged
/tmp/branch on /tmp/merged type fuse.mergerfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions)

@trapexit
Copy link
Owner

Without digging in yet...

FUSE filesystems need auxiliary tooling to be mounted as non-root. If you were mixing installed versions then there could be some incompatibility or not setup correctly.

@doak
Copy link
Author

doak commented Jan 28, 2024

Just had a look into mergerfs' readme:

If mergerfs doesn't work as a type it could be due to how the mount.mergerfs tool was installed. Must be in /sbin/ with proper permissions.

Although it makes no sense, since there is no difference regarding the setuid bit in case merferfs have or have not been installed by the distribution, I just want to mention it: the setuid bit is not set for these two binaries:

doak@flatbox:~$ ls -l /sbin/mount.{fuse3,mergerfs}
-rwxr-xr-x 1 root root 18664 Jan 12 16:46 /sbin/mount.fuse3
-rwxr-xr-x 1 root root 14568 Sep  2  2022 /sbin/mount.mergerfs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug investigating
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trapexit @doak