Mount with sshfs and write file permissions

The question was answered in a linux mailing list; I post a translated answer here for completeness.

Solution

The solution is not to used both the options default_permissions and allow_other (which I didn't try in my original experiments).

Explanation

The problem seems to be quite simple. When you give the option default_permissions in fusermount then fuse's permission control of the fuse mount is handled by the kernel and not by fuse. This means that the REMOTE_USER's uid/gid aren't mapped to the LOCAL_USER (sshfs.c IDMAP_NONE). It works the same way as a simple nfs fs without mapping.

So, it makes sense to prohibit the access, if the uid/gid numbers don't match.

If you have the option allow_other then this dir is writable only by the local user with uid 699, if it exists.

From fuse's man:

'default_permissions'

   By default FUSE doesn't check file access permissions, the
   filesystem is free to implement its access policy or leave it to
   the underlying file access mechanism (e.g. in case of network
   filesystems).  This option enables permission checking, restricting
   access based on file mode.  It is usually useful together with the
   'allow_other' mount option.

'allow_other'

   This option overrides the security measure restricting file access
   to the user mounting the filesystem.  This option is by default only
   allowed to root, but this restriction can be removed with a
   (userspace) configuration option.

Don't run sshfs with sudo. If you do that, ssh will consider that the file system belongs to root. Run it as yourself, then you will be able to write to the files.

clarification

When running without sudo, you need to mount on your own directory, since you probably can't write to /mnt. So here is an example of how to use sshfs once you have added user_allow_other to /etc/fuse.conf:

$ cd                      # make sure you are in home directory
$ mkdir mnt               # create empty directory
$ sshfs server.com: mnt   # mount my home directory on server.com on ./mnt
$ ls mnt
[contents of home directory on server]
$ touch mnt/new_file      # no problem creating a new file
$ fusermount -u mnt       # unmount file system
$ rmdir mnt

One possible reason for this -- one that I hit -- was that I had no more free space on the disk I mounted.

Tags:

Linux

Fuse

Sshfs

Recent Posts