[SOLVED] simple-mtpfs / fuse: permission to /dev/fuse denied

Topic: [SOLVED] simple-mtpfs / fuse: permission to /dev/fuse denied (Read 3032 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

[SOLVED] simple-mtpfs / fuse: permission to /dev/fuse denied

09 February 2020, 21:30:02

Normally I mount MTP devices with simple-mtpfs; since migrating to Artix attempts at mounting show me this error:

fuse: can't open /dev/fuse: permission denied

Some place on the internet suggested that I need to be in the fuse group, but there's no such group on my system and creating one didn't change a thing.

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #1 – 09 February 2020, 21:41:26

simple-mtpfs is an AUR package. If you migrated, you should rebuild the package if not done yet.

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #2 – 09 February 2020, 21:48:28

After rebuilding unfortunately nothing changed

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #3 – 09 February 2020, 23:39:46

maybe your user needs to be a member of some group such as disk or storage ?

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #4 – 10 February 2020, 12:00:47

Quote from: GOKOP – on 09 February 2020, 21:30:02

Normally I mount MTP devices with simple-mtpfs; since migrating to Artix attempts at mounting show me this error:
Code: [Select]
fuse: can't open /dev/fuse: permission denied
Some place on the internet suggested that I need to be in the fuse group, but there's no such group on my system and creating one didn't change a thing.

Just creating the group doesn't make your user automatically a member of it; see usermod(1). Then, /dev/fuse should also be group-owned by fuse, which in turn should be done by a udev rule or something.

So, in my system I see

Code: [Select]

% ls -l /dev/fuse 
crw-rw-rw- 1 root root 10, 229 Φεβ  10 10:31 /dev/fuse

which Works For Me (TM).

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #5 – 10 February 2020, 18:16:02

Quote from: nous – on 10 February 2020, 12:00:47

Just creating the group doesn't make your user automatically a member of it; see usermod(1).

I thought it was obvious that I added myself to the group after creating it; maybe it wasn't dunno.

So anyway only now that you showed permissions to the file it clicked with me that if groups are mentioned then file access permission are relevant (that probably should've been obvious to me since I saw the word "permission" but welp) so just to verify, manually changing /dev/fuse permissions to 666 does make mounting possible.
I found there's an udev rule in /usr/lib/udev/rules.d (specifically 99-fuse.rules) that sets this file's permission to 666, however it doesn't seem to work; the device is created with 600 permissions and `sudo udevadm trigger /dev/fuse` says "unable to open the device /dev/fuse".
This is the udev rule: (note that it's not written by me; pkgfile says that fuse2 is responsible for it)

Code: [Select]

KERNEL=="fuse", MODE="0666"

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #6 – 11 February 2020, 11:06:44

Hm, I've got both fuse2 and fuse3 installed, the latter provides 99-fuse3.rules.

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #7 – 11 February 2020, 17:12:32

I installed fuse3 and that file is indeed there, but it looks exactly the same as the previous one. Either way I don't think that the source of the issue because sudo udevadm trigger /dev/fuse doesn't say anything about the rule being wrong (I think udevadm control -R is supposed to anyway but it's quiet) it just says unable to open the device '/dev/fuse'.
The file obviously exists so that's not the problem. It can't be permission problem either cause I'm using sudo. (and permissions aren't something like 000, it's 600)

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #8 – 11 February 2020, 17:49:56

Quote from: GOKOP – on 11 February 2020, 17:12:32

The file obviously exists so that's not the problem. It can't be permission problem either cause I'm using sudo. (and permissions aren't something like 000, it's 600)

A nasty workaround, but can't you chmod 666 /dev/fuse?

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #9 – 11 February 2020, 19:43:36

I would have to do this on every boot in some script or something but yes, I can do that. Just hoped I won't have to

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #10 – 11 February 2020, 22:57:48

$ ls -lh /usr/bin/fusermount
-rwsr-xr-x 1 root root 34K Sep 19 16:52 /usr/bin/fusermount
man fuse:
SECURITY
   The fusermount program is installed set-user-gid to fuse. This is done to allow users from fuse group to mount their own filesystem implementations. There must how‐
   ever be some limitations, in order to prevent Bad User from doing nasty things. Currently those limitations are:
   1.    The user can only mount on a mountpoint, for which it has write permission
   2.    The mountpoint is not a sticky directory which isn't owned by the user (like /tmp usually is)
   3.    No other user (including root) can access the contents of the mounted filesystem.

Not sure if this is helpful, not being especially up on fuse, but from that it looks like the permissions on /dev/fuse are intended to be like that, and the thing that operates on it from simple-mtpfs should have the permission modifications. See there is an "s" in front of the 2nd set (group) permissions for fusermount. So you would need to be in some fusermount group to use that. However I read a while ago setuid is generally considered outdated and not best practice now and you should use pam or something for more secure permissions handling.
And also the fusermount group is root, so perhaps it's that that should be fuse?

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #11 – 12 February 2020, 15:27:39

Well creating the fuse group again, adding myself to it and setting group ownership of fusermount to it didn't really do anything. But if things were the way you suggest, why those udev rules would even be there? (even though they don't work)

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #12 – 13 February 2020, 02:49:42

Yes, some other things set 0666 permissions in udev rules too but are not 0666 in reality:

Code: [Select]

/usr/lib/udev/rules.d$ ag 666
99-fuse.rules
1:KERNEL=="fuse", MODE="0666"

50-udev-default.rules
18:SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
19:SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666"
39:SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="video", MODE="0666"
40:SUBSYSTEM=="kfd", GROUP="video", MODE="0666"
77:KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
79:KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
82:KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"

69-libmtp.rules
736:ATTR{idVendor}=="0421", ATTR{idProduct}=="0666", SYMLINK+="libmtp-%k", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1"

I wondered if there was some other mechanism simple-mtpfs used but when I installed it from the AUR to look, it installs a regular command line binary in /usr/bin.
Also if you mount say /dev/sdXX as root then chown the dir to $USER:$USER you can access and alter the files without root permissions, and those permissions for the particular device on that mountpoint are saved permanently, but that doesn't work with fuseiso / fusermount (I didn't have an mtp device handy to try but I guess it's the same) while changing /dev/fuse to 0666 and using the commands as the ordinary user works.
I read somewhere the fuse module creates /dev/fuse itself, and the fuse-openrc service modprobes the fuse module. Perhaps it gets recreated after udev has already run?

Re: simple-mtpfs / fuse: permission to /dev/fuse denied

Reply #13 – 13 February 2020, 20:34:48

Ok so the solution turned out to be quite trivial. I enabled the fuse service (or whatever is the nomenclature in openrc world) and now /dev/fuse is created with 666 permissions