implement chown and chmod for user root group www-data and perm 0640

This allows us to use management software for files inside of /etc/pve.
e.g. saltstack which rely on being able to set uid,gid and chmod

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Stefan Priebe <s.priebe@profihost.ag>

diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c
index 1b6cbcc3a72049d8848d6e42f730d36d446f03e5..0f0993785757b2c991af5fce0923b5195f02aeae 100644 (file)
--- a/data/src/pmxcfs.c
+++ b/data/src/pmxcfs.c
@@ -186,6 +186,40 @@ ret:
        return ret;
 }
 
+static int cfs_fuse_chmod(const char *path, mode_t mode)
+{
+       int ret = -EPERM;
+
+       cfs_debug("enter cfs_fuse_chmod %s", path);
+
+       mode_t allowed_mode = (S_IRUSR | S_IWUSR);
+       if (!path_is_private(path))
+               allowed_mode |= (S_IRGRP);
+
+       // allow only setting our supported modes (0600 for priv, 0640 for rest)
+       if (mode == allowed_mode)
+               ret = 0;
+
+       cfs_debug("leave cfs_fuse_chmod %s (%d) mode: %o", path, ret, (int)mode);
+
+       return ret;
+}
+
+static int cfs_fuse_chown(const char *path, uid_t user, gid_t group)
+{
+       int ret = -EPERM;
+
+       cfs_debug("enter cfs_fuse_chown %s", path);
+
+       // we get -1 if no change should be made
+       if ((user == 0 || user == -1) && (group == cfs.gid || group == -1))
+               ret = 0;
+
+       cfs_debug("leave cfs_fuse_chown %s (%d) (uid: %d; gid: %d)", path, ret, user, group);
+
+       return ret;
+}
+
 static int cfs_fuse_mkdir(const char *path, mode_t mode)
 {
        cfs_debug("enter cfs_fuse_mkdir %s", path);
@@ -488,7 +522,9 @@ static struct fuse_operations fuse_ops = {
        .readlink = cfs_fuse_readlink,
        .utimens = cfs_fuse_utimens,
        .statfs = cfs_fuse_statfs,
-       .init = cfs_fuse_init
+       .init = cfs_fuse_init,
+       .chown = cfs_fuse_chown,
+       .chmod = cfs_fuse_chmod
 };
 
 static char *