{"id":29673748,"url":"https://github.com/dbaumgarten/addfs","last_synced_at":"2025-07-22T22:08:18.511Z","repository":{"id":64299858,"uuid":"141753622","full_name":"dbaumgarten/addfs","owner":"dbaumgarten","description":"A FUSE-Filesystem where new items can be added but existing ones are protected from changes","archived":false,"fork":false,"pushed_at":"2018-07-23T21:59:36.000Z","size":10,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T17:47:24.574Z","etag":null,"topics":["append-only","fuse-filesystem","golang","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dbaumgarten.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-20T20:12:06.000Z","updated_at":"2024-01-17T08:28:15.000Z","dependencies_parsed_at":"2023-01-15T09:15:45.308Z","dependency_job_id":null,"html_url":"https://github.com/dbaumgarten/addfs","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dbaumgarten/addfs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbaumgarten%2Faddfs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbaumgarten%2Faddfs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbaumgarten%2Faddfs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbaumgarten%2Faddfs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dbaumgarten","download_url":"https://codeload.github.com/dbaumgarten/addfs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dbaumgarten%2Faddfs/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266580833,"owners_count":23951300,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["append-only","fuse-filesystem","golang","security-tools"],"created_at":"2025-07-22T22:08:16.856Z","updated_at":"2025-07-22T22:08:18.491Z","avatar_url":"https://github.com/dbaumgarten.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AddFS\n[![Build Status](https://travis-ci.org/dbaumgarten/addfs.svg?branch=master)](https://travis-ci.org/dbaumgarten/addfs)\n\nA FUSE-Filesystem where entries can be added but not be removed or overwritten.\n\nThis programm uses FUSE to mount an existing directory in some kind of append-only (or better WORM) mode.  \nInside the mountpoint new files/folders can be created (and written to once) but not be deleted/modified/truncated/moved.\n\n# How to use\n```\nsudo addfs [flags] \u003csourcedir\u003e \u003cmountpoint\u003e\n```\n\n# Why?\nWell, let's assume you have created log-files or backups and want to protect them in-case your user-account gets compromised.\nIf you write them to an addfs-mountpoint the files will be safe from deletion/modification by regular users, but you are still able to create new logfiles/backups without the need to be root.\n\nThis isn't terribly usefull on a local machine, but pretty handy when used on a remote server (ssh/ftp). This way a user-account can upload new files via scp but not modify or delete previously uploaded files. You succesfully created a remote write-once-read-many storage!\n\n# Installation\nBinary Download:\n```\nsudo curl -L -o /usr/bin/addfs https://github.com/dbaumgarten/addfs/releases/download/latest/addfs\nsudo chmod +x /usr/bin/addfs\n```\n\nFrom source:\n```\ngo install github.com/dbaumgarten/addfs\n```\n\n# FAQ\n## Can't a user just modify the actual files outside the mount-point?\nOnly if he has access to the actual files. Just take away his write\u0026execute-permissions for the actual directory. As addfs runs as root the user can still write to the directory via the mountpoint but not directly.\n\n## Does this mean root owns all the files?\nNo all creates files/folders belong to the creating user and not to root. Therefore the creating user can read his files and set permissions for his files as usual.\n\n## What if I really need to delete/modify an existing file?\nPass ```--allowRootMutation``` when running addfs and the root-user will be able to do all the otherwise forbidden operations.\n\n## Can I exclude certain files/folders from the write-protection?\nSure, there is ```--mutableFiles``` for this. You can specify multiple regular expressions and all files/folders matching at least one of the expressions can be modified like on a \"normal\" filesystem.  \nExample (All files ending on .tmp or .swp are mutable):  \n```\nsudo addfs --mutableFiles '.*\\.tmp' --mutableFiles '.*\\.swp' /foo /bar\n```\n## Who can read the files?\nInside the mountpoint standard linux file-permissions are active. You can only read/execute a file if you have the necessary permissions on said file.\n## Who can create files?\nAnyone with w+x access to the mountpoint.\n\n\n# Tests\nThere is a bash-script (integration_test.sh) to test the functionality of the programm.  \nTo run it some prequesites must be met:\n- Be a user that is not root\n- Be able to use sudo to become root\n- Have a working FUSE-Installation\n\nIf all this is done:\n```\n./integration_test.sh\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbaumgarten%2Faddfs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdbaumgarten%2Faddfs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdbaumgarten%2Faddfs/lists"}