cmd/sharefs: prepare directory early

This change also checks against filesystem daemon running as root early. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-12-27 23:11:47 +09:00
parent 2a5e0e1b50
commit 5af14d723f
1 changed files with 21 additions and 20 deletions
--- a/cmd/sharefs/fuse.go
+++ b/cmd/sharefs/fuse.go
@@ -338,12 +338,31 @@ func _main(s ...string) (exitCode int) {
 	if !parseOpts(&args, &setup, msg.GetLogger()) {
 		return 1
 	}
+	asRoot := os.Geteuid() == 0

-	if os.Geteuid() == 0 {
+	if asRoot {
 		if setup.Setuid <= 0 || setup.Setgid <= 0 {
 			log.Println("setuid and setgid must not be 0")
 			return 1
 		}
+
+		if setup.Fuse >= 3 {
+			log.Println("filesystem daemon must not run as root")
+			return 1
+		}
+
+		if setup.mkdir {
+			if err := os.MkdirAll(setup.Source.String(), 0700); err != nil {
+				if !errors.Is(err, os.ErrExist) {
+					log.Println(err)
+					return 1
+				}
+				// skip setup for existing source directory
+			} else if err = os.Chown(setup.Source.String(), setup.Setuid, setup.Setgid); err != nil {
+				log.Println(err)
+				return 1
+			}
+		}
 	} else if setup.Fuse < 3 && (setup.Setuid > 0 || setup.Setgid > 0) {
 		log.Println("setuid and setgid has no effect when not starting as root")
 		return 1
@@ -393,25 +412,7 @@ func _main(s ...string) (exitCode int) {
 			}
 		}()

-		if os.Geteuid() == 0 {
-			if setup.Setuid <= 0 || setup.Setgid <= 0 {
-				log.Println("setuid and setgid must not be 0")
-				return 5
-			}
-
-			if setup.mkdir {
-				if err := os.MkdirAll(setup.Source.String(), 0700); err != nil {
-					if !errors.Is(err, os.ErrExist) {
-						log.Println(err)
-						return 5
-					}
-					// skip setup for existing source directory
-				} else if err = os.Chown(setup.Source.String(), setup.Setuid, setup.Setgid); err != nil {
-					log.Println(err)
-					return 5
-				}
-			}
-
+		if asRoot {
 			if err := syscall.Setresgid(setup.Setgid, setup.Setgid, setup.Setgid); err != nil {
 				log.Printf("cannot set gid: %v", err)
 				return 5