SSHFS Drawbacks

jerril · 11-25-2006, 05:27 PM

Hi Everybody

I've been investigating file sharing alternatives. Right now, the most likely alternative for me, is SSHFS. I was googling around on the subject, and I found this excellent overview on alternatives available from the MEPIS Documentation Wiki.

One of the cons here is:

Quote:

Hard to control what user has access to; anything they can access locally is available over the network.

I'm not sure I understand what this means. Maybe I'm missing something obvious.

Thanks

jer

Brian1 · 11-26-2006, 10:06 AM

Never used it but I would interrept this way. Once the sshfs is mounted then it is possible all usesr can see the share and it could be possible for other users on the linux machine to read and write to it.

Brian

jerril · 11-26-2006, 03:59 PM

I tried to ls my shared directory as another user:

Code:

jer@client_machine:~$ sshfs jer@server_machine:/home/jer/ ~/share
jer@server_machine's password: 
jer@client_machine:~$ ls share
archive  Diagram1.dia.autosave  iPodderData      sandbox
backup   downloads              max              stuff
bin      Firefox_wallpaper.png  meep             websites
Desktop  GNUstep                PicasaDocuments  work
jer@client_machine:~$ su stompie
Password: 
stompie@client_machine:/home/jer$ ls share
ls: share: Permission denied

It seems to pass this simple test.

Thanks
jer

unSpawn · 11-26-2006, 04:42 PM

Moved: This thread is more suitable in the Linux Software forum (not a Linux Security question) and has been moved accordingly to help your thread/question get the exposure it deserves.

bbbb · 11-26-2006, 05:04 PM

I'll try to explain this with an example. Let's say you have a box with a user called weebl. all files on the box are readable to anonymous users, and weebl has a home-dir in /home/weebl. now, if weebl logs in locally (or through ssh), he will be able to read all files, obviously. and write to his home-dir. if you, as an administrator, make his home-dir available with samba (for example) you can control what weebl can and can not access by tweaking samba; you can make him able to access files in his home-dir only, or read all files, etcetera. this is what they mean with "control what the user has access to". using sshfs though, is comparable to what a user can access when uses scp, or ssh even. for example, he could do:

Code:

sshfs weebl@server:/ /path/to/mount/point

There is no way to prevent this from happening with sshfs.

jerril · 11-26-2006, 05:21 PM

bbbb

For my own personal use, this is not an issue... I think.

Thank You

jer