I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions. The /data/ directory is listed in /etc/exports:
$ cat /etc/exports
This all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet. My first thought was to change /etc/exports to the following:
However nfs isn't really secure enough for this, ssh seems to way to go.
The problem is that sshfs will give unrestricted access to the whole server. There are two options here.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.
Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
Thanks very much.