$ mkdir mnt$ bindfs /tmp mntfusermount: option allow_other only allowed if 'u

1. $ mkdir mnt
2.  
3. $ bindfs /tmp mnt
4. fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf
5.  
6. $ bindfs --no-allow-other /tmp mnt
7.  
8. $ mkdir /tmp/mnt2
9. $ bindfs --no-allow-other /tmp mnt/mnt2
10. fusermount: bad mount point /home/alan/mnt/mnt2: Permission denied
11.  
12. $ sudo ls mnt/
13. ls: cannot open directory 'mnt/': Permission denied
14.  
15. $ ls -l $(which fusermount)
16. -rwsr-xr-x. 1 root root 32848 Feb 7 2018 /usr/bin/fusermount
17.  
18. ^ set-uid bit
19.  
20. strace -f bindfs ...
21.  
22. sudo perf trace -o trace.txt -a sleep 2; sleep 1; bindfs ...
23.  
24. [pid 30609] mount("/home/alan-sysop/mnt", ".", "fuse", MS_NOSUID|MS_NODEV, "default_permissions,fd=5,rootmod"...) = -1 EPERM (Operation not permitted)
25.  
26. [pid 30609] getuid() = 1000
27. [pid 30609] setfsuid(1000) = 1000
28. [pid 30609] getgid() = 1000
29. [pid 30609] setfsgid(1000) = 1000
30. [pid 30609] openat(AT_FDCWD, "/etc/fuse.conf", O_RDONLY) = 6
31. ...
32. [pid 30609] lstat("/home/alan-sysop/mnt", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
33. [pid 30609] getuid() = 1000
34. [pid 30609] chdir("/home/alan-sysop/mnt") = 0
35. [pid 30609] lstat(".", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
36. [pid 30609] access(".", W_OK) = 0
37. [pid 30609] getuid() = 1000
38. [pid 30609] setfsuid(1000) = 1000
39. [pid 30609] setfsgid(1000) = 1000
40.  
41. getuid( ) = 1000
42. setfsuid(uid: 1000 ) = 0
43. getgid( ) = 1000
44. setfsgid(gid: 1000 ) = 1000
45. openat(dfd: CWD, filename: 0xa428e2bc ) = 6
46. ...
47. close(fd: 6 ) = 0
48. lstat(filename: 0xa63882a0, statbuf: 0x7ffe7bd4f6d0 ) = 0
49. getuid( ) = 1000
50. chdir(filename: 0xa63882a0 ) = 0
51. lstat(filename: 0xa428eca5, statbuf: 0x7ffe7bd4f6d0 ) = 0
52. access(filename: 0xa428eca5, mode: W ) = 0
53. getuid( ) = 1000
54. setfsuid( ) = 1000
55. setfsgid(gid: 1000 ) = 1000
56. getuid( ) = 1000