fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated readme

Browse Source
This commit is contained in:
fedir
2025-05-23 20:52:27 +02:00
parent 22cb958b4f
commit 2f4f1a0a56
2 changed files with 38 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@@ -32,7 +32,9 @@ Traditional access control mechanisms in operating systems allow the same level
## Usage ## Usage
``` ```
icfs <FUSE arguments> [target directory] [path to permanent permission database] Usage: icfs <FUSE arguments> [target directory] [path to the permanent permissions database] <ICFS arguments>
--no-grant-on-create - do not give any access permissions on file creation(incompatible with --perm-on-create)
--perm-on-create - automatically give permanent access permission to files a process creates (incompatible with --no-grant-on-create)
``` ```
The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. We highly recommend adding `-o default_permissions` to increase performance and add an additional security layer. If you have installed icfs along with `/etc/icfs` folder, you can create your permanent permission databases in this folder (you might want to do this, if your home folder does not have the "execute" permission for other users). The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. We highly recommend adding `-o default_permissions` to increase performance and add an additional security layer. If you have installed icfs along with `/etc/icfs` folder, you can create your permanent permission databases in this folder (you might want to do this, if your home folder does not have the "execute" permission for other users).
@@ -47,6 +49,30 @@ env PATH="$(realpath ./build):$PATH" build/icfs <FUSE arguments> [target directo
The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to PATH, allowing ICFS to call it seamlessly. The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to PATH, allowing ICFS to call it seamlessly.
#### Running tests
ICFS includes a testing script in the `test` directory.
You can run it **from `test` directory** by running:
```
./test.bash
```
All testing artifacts will be available in the appropriate folders after run. To test setuid capabilities too (**from `test` directory!!!**):
```
./test.bash --setuid
```
You can also test performance by adding `--performance` (**from `test` directory!!!**):
```
./test.bash --performance
```
***Important:*** **flags cannot be combined together (e.g. you can't add `--performance` and `--setuid`)**
## Docs ## Docs
- [Initial idea and motivation](./docs/bc-thesis-idea.md) - [Initial idea and motivation](./docs/bc-thesis-idea.md)
@@ -55,6 +81,6 @@ The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to P
## Credit ## Credit
_Student:_ Fedir Kovalov *Student:* Fedir Kovalov
_Supervisor:_ RNDr. Jaroslav Janáček, PhD. *Supervisor:* RNDr. Jaroslav Janáček, PhD.

18
src/main.c
View File

@@ -31,27 +31,27 @@ int main(int argc, char *argv[]) {
if (argc < 3) { if (argc < 3) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to " fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database] <ICFS " "the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any " "arguments>\n\t--no-grant-on-create - do not give any "
"access permissions on file creation" "access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create " "(incompatible with --perm-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files " "- automatically give permanent access permission to files "
"a process creates " "a process creates "
"(incompatible with --no-perm-on-create)\n"); "(incompatible with --no-grant-on-create)\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((0 == strcmp(argv[argc - 1], "--no-perm-on-create") && if ((0 == strcmp(argv[argc - 1], "--no-grant-on-create") &&
0 == strcmp(argv[argc - 2], "--temp-on-create")) || 0 == strcmp(argv[argc - 2], "--temp-on-create")) ||
(0 == strcmp(argv[argc - 2], "--no-perm-on-create") && (0 == strcmp(argv[argc - 2], "--no-grant-on-create") &&
0 == strcmp(argv[argc - 1], "--temp-on-create"))) { 0 == strcmp(argv[argc - 1], "--temp-on-create"))) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to " fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database] <ICFS " "the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any " "arguments>\n\t--no-grant-on-create - do not give any "
"access permissions on file creation" "access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create " "(incompatible with --perm-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files " "- automatically give permanent access permission to files "
"a process creates " "a process creates "
"(incompatible with --no-perm-on-create)\n"); "(incompatible with --no-grant-on-create)\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -59,7 +59,7 @@ int main(int argc, char *argv[]) {
// permissions than it's caller reqested // permissions than it's caller reqested
umask(0); umask(0);
if (0 == strcmp(argv[argc - 1], "--no-perm-on-create")) { if (0 == strcmp(argv[argc - 1], "--no-grant-on-create")) {
set_auto_create_perm(0); set_auto_create_perm(0);
argc--; argc--;
} }