Somebody asked on Twitter whether it was possible, so I tried it. I was able to make it work, but only with some code changes and other very nasty hacks. For the record, here’s what I had to do.
- Remove the explicit check in fuse_mount_fusermount that causes mounts to fail with “Mounting via helper utility (unprivileged mounting) is supported only if glusterfs is compiled with –enable-fusermount”. I could probably get the same effect by building my RPMs with that option, but I find the build-time requirement noxious. IMO this should be enabled (in the code) by default.
- Make both fusermount and glusterfsd set-uid. This is a stunningly bad idea in general, but for experimentation it’s OK. Don’t do this unless you’re sure that only trusted users can run these programs, and have reconciled yourself to the idea that you now have set-uid programs that haven’t been through a security audit appropriate to that usage.
- Mount using “glusterfs –volfile …” to use a local volfile instead of fetching one from glusterd. It looks like glusterd isn’t processing the rpc-auth-allow-insecure option properly; if not for that, mounting normally should work.
- Have the untrusted user work only on files in a directory owned by that user. The brick directory is still owned by root and should probably remain that way, but you can create a per-user subdirectory.
In short, making this work for everyone would require both code/packaging changes and site changes that are questionable in terms of security. I’m not sure it would be wise to do this, but it is possible.