From: Thomas Walker Lynch Date: Thu, 25 Sep 2025 13:37:21 +0000 (+0000) Subject: yet aother X-Git-Url: https://git.reasoningtechnology.com/style/static/git-favicon.png?a=commitdiff_plain;h=a6a9bf2cd197fc6f6fb4f9ef3efb142d1749896b;p=subu yet aother --- diff --git a/developer/source/mount/masu_subu__map_own.sh b/developer/source/mount/masu_subu__map_own.sh index aa2c3a5..c880a54 100755 --- a/developer/source/mount/masu_subu__map_own.sh +++ b/developer/source/mount/masu_subu__map_own.sh @@ -3,46 +3,52 @@ set -euo pipefail need(){ command -v "$1" >/dev/null 2>&1 || { echo "missing: $1" >&2; exit 1; }; } +need bindfs; need findmnt; need umount masu="${1:?usage: $0 [--suid] }" subu="${2:?usage: $0 [--suid] }" want_suid=0 -case "${3-}" in - --suid) want_suid=1 ;; - "" ) ;; - * ) echo "unknown option: $3" >&2; exit 2 ;; -esac +[[ "${3-}" == "--suid" ]] && want_suid=1 -need bindfs; need findmnt; need mountpoint; id "$masu" >/dev/null; id "${masu}-${subu}" >/dev/null +master_user="$masu" +master_group="$masu" +subu_user="${masu}-${subu}" +subu_group="${masu}-${subu}" + +id "$master_user" >/dev/null +id "$subu_user" >/dev/null src="/home/$masu/subu_data/$subu" tgt="/home/$masu/subu/$subu" - -[[ -d "$src" ]] || { echo "Error: source dir '$src' does not exist" >&2; exit 1; } +[[ -d "$src" ]] || { echo "no source dir: $src" >&2; exit 1; } mkdir -p "$tgt" -base_opts="allow_other,default_permissions,exec" -desired_opts="$base_opts,$([[ $want_suid -eq 1 ]] && echo suid || echo nosuid)" -map_opt="--map=${masu}-${subu}/${masu}:@${masu}-${subu}/@${masu}" +# IMPORTANT: don’t stay inside the target tree while (un)mounting +cd / -# Peel any existing stack at $tgt (no matter what it is) -while mountpoint -q "$tgt"; do - umount "$tgt" 2>/dev/null || umount -l "$tgt" || break -done +base_opts="allow_other,default_permissions,exec" +opts="$base_opts,nosuid" +(( want_suid )) && opts="$base_opts,suid" -echo "mounting $src -> $tgt (opts: $desired_opts)" -bindfs -o "$desired_opts" $map_opt "$src" "$tgt" +map_opt="--map=${subu_user}/${master_user}:@${subu_group}/@${master_group}" -# If, for any reason, multiple identical layers ended up stacked, peel until one remains. -while [ "$(findmnt -nr -T "$tgt" | wc -l)" -gt 1 ]; do - umount "$tgt" || umount -l "$tgt" || break +# Peel any existing mount at tgt (use -T to match covering mount) +while findmnt -nr -T "$tgt" >/dev/null 2>&1; do + umount "$tgt" 2>/dev/null || umount -l "$tgt" || break done -# Show only the bindfs line (or the only remaining one) -findmnt -nr -T "$tgt" -o TARGET,SOURCE,FSTYPE,OPTIONS | head -n1 -echo "OK" -if (( want_suid )); then - echo "note: suid enabled; setuid binaries can take effect on this mount." +echo "mounting $src -> $tgt (opts: $opts)" +bindfs -o "$opts" $map_opt "$src" "$tgt" + +# Verify +if findmnt -nr -T "$tgt" -o TARGET,SOURCE,FSTYPE,OPTIONS; then + echo "OK" + if (( want_suid )); then + echo "note: suid is ENABLED at $tgt" + else + echo "note: nosuid (default) — setuid will NOT take effect at $tgt" + fi else - echo "note: nosuid (default) — setuid will NOT take effect on this mount." + echo "❌ bindfs did not mount at $tgt" >&2 + exit 2 fi