Ubuntu – How to get sudo access to shares mounted by Gigolo


As found around the web or here, I can use Gigolo to mount a Windows share and even access it through a terminal, via the ~/.gvfs/share on server/ directory, such as:

ls ~/.gvfs/share\ on\ server/

Unfortunately, when I try to access the same directory from a command via sudo, e. g.

sudo ls ~/.gvfs/share\ on\ server/

which fails with:

ls: cannot access /home/user/.gvfs/share\ on\ server/: Permission denied

Any suggestions on how to get sudo access to existing Gigolo-mounted shares? Or, how to run Gigolo in order to get sudo access to the shares?

Best Answer

Gigolo is a frontend to gvfs. gvfs uses FUSE (Filesystem in Userspace) in order to mount network devices (such as Windows shares). Such mountpoints cannot normally be read by other users than the user who mounted it, even by root. Why? Karl Auer suggests here that the reason is that

Just because you have root access on one system doesn't mean you should be allowed to see the files to which other people have access on other systems. I'm pretty sure that is why the .gvfs directory is managed the way it is.

That is, if you are user A on machine X, and you mount some directory from machine Y (where you also have a login) to some place on machine X, then root on machine X shouldn't be able to read that, because root on machine X may not usually have any access to machine Y at all.

Bearing that in mind, if you do want to allow root to acces your ~/.gvfs directory, you can proceed as follows.

1) Edit the file /etc/fuse.conf and uncomment the line that reads #user_allow_other. This will later allow your user to start the gvfs-fuse daemon with the allow_root option, which is what you want. The following command does it quickly for you:

$ sudo sed -i -e 's/#user_allow_other/user_allow_other/' /etc/fuse.conf

2) Add your own user to the fuse group, so that you may read the the file /etc/fuse.conf. Otherwise the change in the previous step would have no effect.

$ sudo addgroup USERNAME fuse
$ newgrp fuse

Replace USERNAME with your username, of course. The newgrp command avoids the need to log out and back in again for the group change to take effect. Check that it works by issuing the command:

$ groups

and verify that fuse is listed among the groups that your user belongs to. If it does not work, log out and back in again. At any rate, your user should be able to read /etc/fuse.conf before you proceed with the next step.

3) You are now able to restart the gvfs-fuse daemon with the allow_root option. First, unmount your ~/.gvfs directory:

$ fusermount -zu $HOME/.gvfs

Next, to restart the daemon, issue the following commands on Ubuntu 13.10:

$ killall gvfsd-fuse
$ /usr/lib/gvfs/gvfsd-fuse -o allow_root $HOME/.gvfs

In older Ubuntu versions, the latter two commands may instead be:

$ killall gvfs-fuse-daemon
$ /usr/lib/gvfs/gvfs-fuse-daemon -o allow_root $HOME/.gvfs

4) Restart Gigolo and mount your Windows share again. root should now be able to read your ~/.gvfs directory.

That's it!

In order to make these changes permanent:

To make the changes permanent, you can write the three commands from step 3 into a small script that you autostart at login time. There may be cleaner ways to do this, but this should work. Your script would contain something like the following:

fusermount -zu $HOME/.gvfs
killall gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse -o allow_root $HOME/.gvfs

Save that to a file and make the file executable:

chmod 755 /path/to/the/file

This script should now be automatically executed at login time. To find out how to autostart applications, refer to How do I start applications automatically on login?.

Some more discussion on the issue can be found here: https://lists.ubuntu.com/archives/ubuntu-users/2008-November/165644.html