Join GitHub today
Lazy man's, user-mode union file system http://rlsd2.dimakrasner.com
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
_ __ | |_ _ _ _ / _|___ | | | | | | | | |_/ __| | | |_| | |_| | _\__ \ |_|\__,_|\__,_|_| |___/ Overview ======== luufs is a lazy man's, user-mode union file system. It takes two directories and creates a magical directory which shows their unified contents. luufs is a "compile once, run anywhere" alternative for Aufs (http://aufs.sourceforge.net/) and Unionfs (http://unionfs.filesystems.org/), implemented in user-mode via FUSE (http://fuse.sourceforge.net/). However, luufs is very simple, so it does not fit in all use cases of more complex union file systems. It operates according to three rules: 1) The first directory is read-only and the second one is writeable. New files are created under the writeable directory, but read from both directories. 2) If a file exists under both directories, the one under the read-only directory is preferred. This improves security, as files (e.g /bin/login) cannot be overwritten using external access to the writeable directory. 3) Non-root processes cannot open new file descriptors via luufs (e.g open files), but can use existing file descriptors. Therefore, luufs can be used to secure servers: they can be trapped under a luufs mount point (using chroot), with a writeable directory mounted with the MS_NOEXEC and MS_NODEV flags. In addition, luufs has a read-only mirroring mode, in which a directory is mirrored and changes are disallowed. It is similar to a bind mount, but may be read-only even if the specified directory is writable. Legal Information ================= luufs is licensed under the MIT license, see COPYING for the license text. For a list of its authors and contributors, see AUTHORS. The ASCII art logo at the top was made using FIGlet (http://www.figlet.org/).