[Virtio-fs] write permissions for Windows host on Linux guest

[Virtio-fs] write permissions for Windows host on Linux guest

[birnenkram]

Hello list,

thanks for a great project which will simplify my workflow a lot once I 
get everything working.

I am trying to share a folder from an Ubuntu 20.04.3 host with a Windows 
10 build 19042 (20H2) guest, using QEMU 5.2 / libvirt 7.0.0 on the host 
and virtio-win 0.1.208 (driver 100.85.104.20800 and associated virtiofs 
service) on the guest. I got the Windows drivers from 
https://github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md 
(stable virtio-win ISO).

So far I am able to read files in this host folder without problems from 
the guest. However I can only create/write/delete files on the host if

     I use a shell (Windows CMD or Cygwin bash) with *Administrator* 
rights on the guest
OR
     I change the folder permissions on the host, giving write 
permissions to "other". Neither of these options is acceptable as a 
permanent solution.

I already toyed with various settings for "user" in 
/etc/libvirt/qemu.conf, including root and the user owning the shared 
folder (myself), without success. I struggle to understand what 
ultimately determines the write permissions on the host folder. I had 
assumed this to be related to the UID of one of the hypervisor 
processes, so I do not see why running as Administrator or not on the 
guest should make a difference. Also, virtiofsd seems to be running as 
root anyway, so should have the necessary permissions. There's no 
SELinux on my system.

My Windows and Linux user names are different. I don't know if that 
matters, and whether the software attempts to map the two (as Cygwin 
does).

Do you have any ideas what the problem could be? I have seen various 
users reporting issues with write permissions from Windows guests in the 
recent past, but no solution which would solve the issue for me.

Best regards, Michael

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[birnenkram]

Oops, the Subject should have been the other way round:
write permissions for Windows guest on Linux host.

Can that be changed on the mailing list?

Best regards, Michael

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[birnenkram]

One more thought after some further digging: This issue is very likely 
related to how WinFsp maps the permissions between Windows and Linux (so 
indeed whether one runs the shell as Administrator or not on the Windows 
guest would matter). See 
http://www.secfs.net/winfsp/doc/SSHFS-Port-Case-Study. The question is 
now how to "make it work" and whether this requires an update of WinFsp 
itself.

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[Vivek Goyal]

On Sun, Oct 24, 2021 at 06:24:33AM +0000, birnenkram@posteo.de wrote:
> Hello list,
> 
> thanks for a great project which will simplify my workflow a lot once I get
> everything working.
> 
> I am trying to share a folder from an Ubuntu 20.04.3 host with a Windows 10
> build 19042 (20H2) guest, using QEMU 5.2 / libvirt 7.0.0 on the host and
> virtio-win 0.1.208 (driver 100.85.104.20800 and associated virtiofs service)
> on the guest. I got the Windows drivers from
> https://github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md
> (stable virtio-win ISO).
> 
> So far I am able to read files in this host folder without problems from the
> guest. However I can only create/write/delete files on the host if
> 
>     I use a shell (Windows CMD or Cygwin bash) with *Administrator* rights
> on the guest
> OR
>     I change the folder permissions on the host, giving write permissions to
> "other". Neither of these options is acceptable as a permanent solution.
> 
> I already toyed with various settings for "user" in /etc/libvirt/qemu.conf,
> including root and the user owning the shared folder (myself), without
> success. I struggle to understand what ultimately determines the write
> permissions on the host folder.

Hi Michael,

FUSE protocol sends the uid/gid of the client to the server and server
switches to that uid/gid before performing file operation. I am not
sure how the concept of uid/gid works with windows client but if you
are sharing a directory owned by a uid/gid on host, guest will have
to use same uid/gid to be able to use it (or become root inside).

Vivek

> I had assumed this to be related to the UID
> of one of the hypervisor processes, so I do not see why running as
> Administrator or not on the guest should make a difference. Also, virtiofsd
> seems to be running as root anyway, so should have the necessary
> permissions. There's no SELinux on my system.
> 
> My Windows and Linux user names are different. I don't know if that matters,
> and whether the software attempts to map the two (as Cygwin does).
> 
> Do you have any ideas what the problem could be? I have seen various users
> reporting issues with write permissions from Windows guests in the recent
> past, but no solution which would solve the issue for me.
> 
> Best regards, Michael
> 
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://listman.redhat.com/mailman/listinfo/virtio-fs
> 

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[Vivek Goyal]

On Mon, Oct 25, 2021 at 04:28:45PM +0000, birnenkram@posteo.de wrote:
> Hi Vivek,
> 

Hi Michael,

[ CC virtio-fs list, Gal Hammer ]

Lets keep the discussion on mailing list. Not sure if you removed mailing
list from cc list accidently.

> thanks for your answer. Based on it I tried again, this time using matching
> uids on guest and host (by creating a test account on the host with a uid
> matching the guest uid). However this did not solve the problem. In fact I
> observe that regardless of the uid on the host it is always mapped to SID
> S-1-5-0 on the guest.
> 
> Which has been noted by other users as well. In fact there's a comment from
> the WinFsp responsible Bill Zissimopoulos (on
> https://groups.google.com/g/winfsp/c/5JhqnV5siiU) from February this year:
> 
> "When I [...] looked at the virtiofs source code I saw that this file system
> implements the native WinFsp API. This means that relevant security calls
> would be in the operations GetSecurityByName and GetSecurity:
> 
>     GetSecurityByName: https://github.com/virtio-win/kvm-guest-drivers-windows/blob/e2fc291866a7d2f147a8117dacdce7ac6375b6b8/viofs/svc/virtiofs.c#L839
>     GetSecurity: https://github.com/virtio-win/kvm-guest-drivers-windows/blob/e2fc291866a7d2f147a8117dacdce7ac6375b6b8/viofs/svc/virtiofs.c#L1619
> 
>  Both of these functions call the WinFsp API
> FspPosixMapPermissionsToSecurityDescriptor to map UNIX permissions (that
> they got from their internal API's) to Windows security descriptors. For
> example, GetSecurity calls (via GetFileInfoInternal) the internal
> VirtFsFuseRequest to perform a getattr. I bet that the returned
> VirtFs->LocalUid == VirtFs->LocalGid == 0, but do not ask me why.
> 
> In any case this seems unrelated to WinFsp. I note that FspPosixMapUidToSid
> returns the SID S-1-0-65534 when it fails to map (and not S-1-5-0)."
> 
> Can it be that Bill is correct and (at least for a Windows guest)
> VirtFsFuseRequest always returns uid == gid == 0? Which would then be mapped
> to S-1-5-0, requiring Administrator rights for file modifications and
> deletions?

IIUC, you are saying what uid/gid vrtiofs server is returning for a file. It
returns whatever it sees on the host. So for a file owned by uid/gid
1000/1000 on host, it should return it. That should be mapped to
SID using WinFsp API? I have no idea how does that work.

If you like you can debug virtiofsd easily, put few printf statements
and make sure correct uid/gid is being returned. May be next step is
to debug virtiofs driver in windows and make sure it receives correct
uid/gid. And if that works, then final step is making sure permissions
are being mapped properly.

Frankly, I have not done any work on windows side and have no idea what
components are there and how do they interact. Copying Gal Hammer, and
he might have thoughts on this.

Vivek

> 
> Michael
> 
> > Hi Michael,
> 
> > FUSE protocol sends the uid/gid of the client to the server and server
> > switches to that uid/gid before performing file operation. I am not
> > sure how the concept of uid/gid works with windows client but if you
> > are sharing a directory owned by a uid/gid on host, guest will have
> > to use same uid/gid to be able to use it (or become root inside).
> 
> > Vivek
> 

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[birnenkram]

Thanks for your suggestions. I'll let you know in case I find anything 
unexpected. The Linux (host) side will be easier to debug than the 
Windows (guest) side. Currently, SID S-1-5-0 is returned independently 
of the uid on the host.

Best regards, Michael

> If you like you can debug virtiofsd easily, put few printf statements
> and make sure correct uid/gid is being returned. May be next step is
> to debug virtiofs driver in windows and make sure it receives correct
> uid/gid. And if that works, then final step is making sure permissions
> are being mapped properly.

Re: [Virtio-fs] write permissions for Windows host on Linux guest

[Nyquist]

[-- Attachment #1: Type: text/plain, Size: 149 bytes --]

Hello Michael,

did you manage to find a solution to your problem. I am facing the same issue, always getting SID S-1-5-0.

Best regards,
Mihael

[-- Attachment #2: Type: text/html, Size: 200 bytes --]