uid/gid of the client). If the filesystem supports extended
attributes and the kernel is sufficiently recent, it may also take
into account access control lists (ACLs).
+
+Filesystems that do not implement any permission checking should
+generally add this option internally.
.TP
\fBallow_other\fP
This option overrides the security measure
* init and destroy are special purpose methods, without which a full
* featured filesystem can still be implemented.
*
- * Almost all operations take a path which can be of any length.
- *
- * Changed in fuse 2.8.0 (regardless of API version)
- * Previously, paths were limited to a length of PATH_MAX.
+ * In general, all methods are expected to perform any necessary
+ * permission checking. However, a filesystem may delegate this task
+ * to the kernel by passing the `default_permissions` mount option to
+ * `fuse_new()`. In this case, methods will only be called if
+ * the kernel's permission check has succeeded.
*
- * See http://fuse.sourceforge.net/wiki/ for more information. There
- * is also a snapshot of the relevant wiki pages in the doc/ folder.
+ * Almost all operations take a path which can be of any length.
*/
struct fuse_operations {
/** Get file attributes.
* after the call has returned, so if they are needed later, their
* contents have to be copied.
*
+ * In general, all methods are expected to perform any necessary
+ * permission checking. However, a filesystem may delegate this task
+ * to the kernel by passing the `default_permissions` mount option to
+ * `fuse_session_new()`. In this case, methods will only be called if
+ * the kernel's permission check has succeeded.
+ *
* The filesystem sometimes needs to handle a return value of -ENOENT
* from the reply function, which means, that the request was
* interrupted, and the reply discarded. For example if
projects / qemu-gpiodev / libfuse.git / commitdiff