From owner-freebsd-fs@freebsd.org  Wed Jan 18 06:00:20 2017
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2815ECB38B4
 for <freebsd-fs@mailman.ysv.freebsd.org>; Wed, 18 Jan 2017 06:00:20 +0000 (UTC)
 (envelope-from hiyorin@gmail.com)
Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com
 [IPv6:2a00:1450:4010:c07::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A1C401394
 for <freebsd-fs@freebsd.org>; Wed, 18 Jan 2017 06:00:19 +0000 (UTC)
 (envelope-from hiyorin@gmail.com)
Received: by mail-lf0-x231.google.com with SMTP id z134so2124720lff.3
 for <freebsd-fs@freebsd.org>; Tue, 17 Jan 2017 22:00:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=N5iukBVaEVWQSFD3PDeFx6HWRcW/rVnCN2unDv7JTLs=;
 b=mwkRnnP7KU1p2U+Fu0YJz7ruYxsUVtKCjgzczC18N3scXTUCATQNPYp1VaHALEupWp
 PAeRKEdapYt5K6VlBZqBR/j8NWl9cGMiqDjKS8ZbfQwmMCMwM0lCp3t2RlBHaOHRe/cy
 Dz0zs1D2a7pwyVPNmWI+H6QGnbaWNGAO3xnCGjN5dbyfv2KNJUCgvqqIRFX801ZUF3ZR
 oB4QEtxxGuVPy/FSr4TuH7hvSw/Fj7OQPVqtxA965f6GAtdkmmoTfitdQFNLNjG7fjY3
 l3GF4nREf+Wrl8ebqdH+RoJo0TEUoPMUTzWf2YgLlkPISYNmb4uPsZ3ymlXmLPfLlIIE
 roQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=N5iukBVaEVWQSFD3PDeFx6HWRcW/rVnCN2unDv7JTLs=;
 b=APUzj4lChufEH4QSRbcd1LxH1qj69yt4zl4X/R+6VP6wST0m9uI5kj4mMSk5y1gY1F
 1amypdWC6m1zimWpDMKtJw0uy8GsKsDxbScoo9YdrHYK5EIp8vlbGwHqL34Vv7eVjpDF
 USAq2/xMTc7z4p+tShz3SGRGyjoQKlHD18zpcCSE3c41NoFZimPh0/wLqIQt2w7B2fBZ
 qJeD3rNUeBV8cAwQhJ2e5I0e/thSdarj7U6Sd6C1VTErOl/sTdOnTqBLveV6MXiNoVku
 tfI3BZHmxMht1RY/thnB+tR8yuctH7zyGRfFJ4spFcrvze1JFG6NPvbHxMoyAj90BLOh
 McTg==
X-Gm-Message-State: AIkVDXJKh5VMXXwwVP0cszFbke2v48wUE89/FQlbdWPJrgDF7xTQrduqKmYz5uVL1glyUvZHs0fC9JuNVypdUA==
X-Received: by 10.25.205.77 with SMTP id d74mr457992lfg.122.1484719217697;
 Tue, 17 Jan 2017 22:00:17 -0800 (PST)
MIME-Version: 1.0
From: "C. C. Tang" <hiyorin+cc@gmail.com>
Date: Wed, 18 Jan 2017 06:00:07 +0000
Message-ID: <CAK8nEv37o=Th-g0MvY=7KLeUon2wbA2QjaRRr0_Pc5Ms1xBMmw@mail.gmail.com>
Subject: [fusefs] default_permission + allow_other not work as expected.
To: freebsd-fs@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 06:00:20 -0000

 uname -a
FreeBSD bsd_test 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu
Sep 29 01:43:23 UTC 2016
root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
amd64


Problem:
according to manual of mount.fuse, mounting fusefs with option
default_permission and allow_other should allow access of mounted data by
other user and enable standard file permission checking by the system.

However it seems the permission check is not working as expected on FreeBSD.
I haved tried to reproduce it on CentOS7 and it works as expected. (user1
get permission denied error)

How to reproduce: (use unionfs as example)
as root:
# cd /_test
# mkdir a
# mkdir b
# echo "1" > a/1
# echo "2" > a/2
# chmod 600 a/1
# mkdir u
# unionfs -o default_permissions,allow_other a=RW:b=RO u
# ll u
total 8
-rw-------  1 root  wheel  2 Jan 18 21:23 1
-rw-r--r--  1 root  wheel  2 Jan 18 21:23 2
# cat a/1
1

==============
as a normal user
% cd /_test
% cat a/1
cat: a/1: Permission denied
% cat u/1
1

Expected output:
as a normal user
% cd /_test
% cat a/1
cat: a/1: Permission denied
% cat u/1
cat: u/1: Permission denied