|
|
<!doctype html><html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="mergerfs - a featureful union filesystem"> <link rel="canonical" href="https://trapexit.github.io/mergerfs/faq/recommendations_and_warnings/"> <link rel="prev" href="../general_information_and_overview/"> <link rel="next" href="../technical_behavior_and_limitations/"> <link rel="icon" href="../../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.49"> <title>Recommendations and Warnings - mergerfs</title> <link rel="stylesheet" href="../../assets/stylesheets/main.6f8fc17f.min.css"> <link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"> <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style> <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head> <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#recommendations-and-warnings" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div>
<header class="md-header md-header--shadow" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href="../.." title="mergerfs" class="md-header__button md-logo" aria-label="mergerfs" data-md-component="logo"> <img src="../../logo.jpeg" alt="logo">
</a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> mergerfs </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> Recommendations and Warnings </span> </div> </div> </div> <form class="md-header__option" data-md-component="palette"> <input class="md-option" data-md-color-media="(prefers-color-scheme)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_0"> <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m14.3 16-.7-2h-3.2l-.7 2H7.8L11 7h2l3.2 9zM20 8.69V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12zm-9.15 3.96h2.3L12 9z"/></svg> </label> <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1"> <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_2" hidden> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg> </label> <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to system preference" type="radio" name="__palette" id="__palette_2"> <label class="md-header__button md-icon" title="Switch to system preference" for="__palette_0" hidden> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg> </label> </form> <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg> </a> <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg> </button> </nav> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list" role="presentation"></ol> </div> </div> </div> </div></div> <div class="md-header__source"> <a href="https://github.com/trapexit/mergerfs" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg> </div> <div class="md-source__repository"> mergerfs </div></a> </div> </nav> </header> <div class="md-container" data-md-component="container"> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href="../.." title="mergerfs" class="md-nav__button md-logo" aria-label="mergerfs" data-md-component="logo"> <img src="../../logo.jpeg" alt="logo">
</a> mergerfs </label> <div class="md-nav__source"> <a href="https://github.com/trapexit/mergerfs" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg> </div> <div class="md-source__repository"> mergerfs </div></a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../.." class="md-nav__link"> <span class="md-ellipsis"> Home </span>
</a> </li>
<li class="md-nav__item"> <a href="../../quickstart/" class="md-nav__link"> <span class="md-ellipsis"> QuickStart </span>
</a> </li>
<li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0"> <span class="md-ellipsis"> Installation </span>
<span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> Installation </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../setup/installation/" class="md-nav__link"> <span class="md-ellipsis"> Installation </span>
</a> </li>
<li class="md-nav__item"> <a href="../../setup/upgrade/" class="md-nav__link"> <span class="md-ellipsis"> Upgrade </span>
</a> </li>
<li class="md-nav__item"> <a href="../../setup/build/" class="md-nav__link"> <span class="md-ellipsis"> Build </span>
</a> </li>
</ul> </nav> </li>
<li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" > <label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0"> <span class="md-ellipsis"> Config </span>
<span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_4"> <span class="md-nav__icon md-icon"></span> Config </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../config/terminology/" class="md-nav__link"> <span class="md-ellipsis"> Terminology </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/options/" class="md-nav__link"> <span class="md-ellipsis"> Options </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/deprecated_options/" class="md-nav__link"> <span class="md-ellipsis"> Deprecated Options </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/branches/" class="md-nav__link"> <span class="md-ellipsis"> branches </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/functions_categories_and_policies/" class="md-nav__link"> <span class="md-ellipsis"> functions, categories and policies </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/func_readdir/" class="md-nav__link"> <span class="md-ellipsis"> func.readdir </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/cache/" class="md-nav__link"> <span class="md-ellipsis"> caching </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/ioctl/" class="md-nav__link"> <span class="md-ellipsis"> ioctl </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/rename_and_link/" class="md-nav__link"> <span class="md-ellipsis"> rename and link </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/statfs/" class="md-nav__link"> <span class="md-ellipsis"> statfs / statvfs </span>
</a> </li>
<li class="md-nav__item"> <a href="../../config/flush-on-close/" class="md-nav__link"> <span class="md-ellipsis"> flush-on-close </span>
</a> </li>
</ul> </nav> </li>
<li class="md-nav__item"> <a href="../../error_handling/" class="md-nav__link"> <span class="md-ellipsis"> Error Handling </span>
</a> </li>
<li class="md-nav__item"> <a href="../../runtime_interfaces/" class="md-nav__link"> <span class="md-ellipsis"> Runtime Interfaces </span>
</a> </li>
<li class="md-nav__item"> <a href="../../remote_filesystems/" class="md-nav__link"> <span class="md-ellipsis"> Remote Filesystems </span>
</a> </li>
<li class="md-nav__item"> <a href="../../tips_notes/" class="md-nav__link"> <span class="md-ellipsis"> Tips and Notes </span>
</a> </li>
<li class="md-nav__item"> <a href="../../known_issues_bugs/" class="md-nav__link"> <span class="md-ellipsis"> Known Issues and Bugs </span>
</a> </li>
<li class="md-nav__item"> <a href="../../project_comparisons/" class="md-nav__link"> <span class="md-ellipsis"> Project Comparisons </span>
</a> </li>
<li class="md-nav__item"> <a href="../../performance/" class="md-nav__link"> <span class="md-ellipsis"> Tweaking Performance </span>
</a> </li>
<li class="md-nav__item"> <a href="../../benchmarking/" class="md-nav__link"> <span class="md-ellipsis"> Benchmarking </span>
</a> </li>
<li class="md-nav__item"> <a href="../../tooling/" class="md-nav__link"> <span class="md-ellipsis"> Tooling </span>
</a> </li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_14" checked> <label class="md-nav__link" for="__nav_14" id="__nav_14_label" tabindex="0"> <span class="md-ellipsis"> FAQ </span>
<span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_14_label" aria-expanded="true"> <label class="md-nav__title" for="__nav_14"> <span class="md-nav__icon md-icon"></span> FAQ </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../compatibility_and_integration/" class="md-nav__link"> <span class="md-ellipsis"> Compatibility and Integration </span>
</a> </li>
<li class="md-nav__item"> <a href="../configuration_and_policies/" class="md-nav__link"> <span class="md-ellipsis"> Configuration and Policies </span>
</a> </li>
<li class="md-nav__item"> <a href="../general_information_and_overview/" class="md-nav__link"> <span class="md-ellipsis"> General Information and Overview </span>
</a> </li>
<li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> <span class="md-ellipsis"> Recommendations and Warnings </span>
<span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> <span class="md-ellipsis"> Recommendations and Warnings </span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#what-should-mergerfs-not-be-used-for" class="md-nav__link"> <span class="md-ellipsis"> What should mergerfs NOT be used for? </span> </a> </li> <li class="md-nav__item"> <a href="#its-mentioned-that-there-are-some-security-issues-with-mhddfs-what-are-they-how-does-mergerfs-address-them" class="md-nav__link"> <span class="md-ellipsis"> It's mentioned that there are some security issues with mhddfs. What are they? How does mergerfs address them? </span> </a> </li> </ul> </nav> </li>
<li class="md-nav__item"> <a href="../technical_behavior_and_limitations/" class="md-nav__link"> <span class="md-ellipsis"> Technical Behavior and Limitations </span>
</a> </li>
<li class="md-nav__item"> <a href="../usage_and_functionality/" class="md-nav__link"> <span class="md-ellipsis"> Usage and Functionality </span>
</a> </li>
<li class="md-nav__item"> <a href="../limit_drive_spinup/" class="md-nav__link"> <span class="md-ellipsis"> Limit drive spinup </span>
</a> </li>
</ul> </nav> </li>
<li class="md-nav__item"> <a href="../../related_projects/" class="md-nav__link"> <span class="md-ellipsis"> Related Projects </span>
</a> </li>
<li class="md-nav__item"> <a href="../../media_and_publicity/" class="md-nav__link"> <span class="md-ellipsis"> Media and Publicity </span>
</a> </li>
<li class="md-nav__item"> <a href="../../support/" class="md-nav__link"> <span class="md-ellipsis"> Support </span>
</a> </li>
<li class="md-nav__item"> <a href="../../donations/" class="md-nav__link"> <span class="md-ellipsis"> Donations </span>
</a> </li>
</ul></nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#what-should-mergerfs-not-be-used-for" class="md-nav__link"> <span class="md-ellipsis"> What should mergerfs NOT be used for? </span> </a> </li> <li class="md-nav__item"> <a href="#its-mentioned-that-there-are-some-security-issues-with-mhddfs-what-are-they-how-does-mergerfs-address-them" class="md-nav__link"> <span class="md-ellipsis"> It's mentioned that there are some security issues with mhddfs. What are they? How does mergerfs address them? </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset">
<a href="https://github.com/trapexit/mergerfs/tree/master/mkdocs/docs/faq/recommendations_and_warnings.md" title="Edit this page" class="md-content__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg> </a>
<h1 id="recommendations-and-warnings">Recommendations and Warnings</h1><h2 id="what-should-mergerfs-not-be-used-for">What should mergerfs NOT be used for?</h2><ul><li>databases: Even if the database stored data in separate files (mergerfs wouldn't offer much otherwise) the higher latency of the indirection will kill performance. If it is a lightly used SQLITE database then it may be fine but you'll need to test.</li><li>VM images: For the same reasons as databases. VM images are accessed very aggressively and mergerfs will introduce too much latency (if it works at all).</li><li>As replacement for RAID: mergerfs is just for pooling branches. If you need that kind of device performance aggregation or high availability you should stick with RAID.</li></ul><h2 id="its-mentioned-that-there-are-some-security-issues-with-mhddfs-what-are-they-how-does-mergerfs-address-them">It's mentioned that there are some security issues with mhddfs. What are they? How does mergerfs address them?</h2><p><a href="https://github.com/trapexit/mhddfs">mhddfs</a> manages running as<strong>root</strong> by calling<a href="https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319">getuid()</a>and if it returns <strong>0</strong> then it will<a href="http://linux.die.net/man/1/chown">chown</a> the file. Not only is that arace condition but it doesn't handle other situations. Rather thanattempting to simulate POSIX ACL behavior the proper way to managethis is to use <a href="http://linux.die.net/man/2/seteuid">seteuid</a> and<a href="http://linux.die.net/man/2/setegid">setegid</a>, in effect, becoming theuser making the original call, and perform the action as them. This iswhat mergerfs does and why mergerfs should always run as root.</p><p>In Linux setreuid syscalls apply only to the thread. GLIBC hides thisaway by using realtime signals to inform all threads to changecredentials. Taking after <strong>Samba</strong>, mergerfs uses<strong>syscall(SYS_setreuid,...)</strong> to set the callers credentials for thatthread only. Jumping back to <strong>root</strong> as necessary should escalatedprivileges be needed (for instance: to clone paths betweenfilesystems).</p><p>For non-Linux systems, mergerfs uses a read-write lock and changescredentials only when necessary. If multiple threads are to be user Xthen only the first one will need to change the processescredentials. So long as the other threads need to be user X they willtake a readlock allowing multiple threads to share thecredentials. Once a request comes in to run as user Y that thread willattempt a write lock and change to Y's credentials when it can. If theability to give writers priority is supported then that flag will beused so threads trying to change credentials don't starve. This isn'tthe best solution but should work reasonably well assuming there arefew users.</p>
</article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type="button" class="md-top md-icon" data-md-component="top" hidden> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top</button> </main> <footer class="md-footer"> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> </div> </div> </div></footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "../..", "features": ["content.action.edit", "content.code.copy", "content.code.select", "navigation.instant", "navigation.instant.prefetch", "navigation.path", "navigation.top", "navigation.tracking", "optimize", "search.share", "toc.follow"], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src="../../assets/javascripts/bundle.88dd0f4e.min.js"></script> </body></html>
|
