Why cant users access files that they own on SSHFS mounted file system?

startoftext · 08-19-2011, 12:36 PM

I am trying to mount a directory over ssh from a server. I mount with the below command while root.

Code:

sshfs -o allow_other admin@<hostip>:/data/home /home/ldapusers

It mounts fine and with the -o allow_others the other users on the system cd into the mounted dir structure and read files just fine. The part I cant understand is that even in the directories that are owned by regular users they are not able to write anything.

For example in the folder /home/ldapusers/user1 (I replaced the user name for privacy reasons). ls gives this output for that folder:

Code:

drwxr-xr-x. 1 user1 unix_admin 4.0K Aug 18 16:43 user1

When I am inside that folder and logged in as user1 I cannot write anything. For example:

Code:

-bash-4.1$ touch foo
touch: cannot touch `foo': Permission denied

Because user1 is an ldap user I verified that user1's uid number was the same as the owner of that folder, just in case there was a uid mismatch. Also I am running centos 6 on both client and server if that matters. I am at a loss for why this is happening. It appears to me that the user should be able to access a folder they own and have full perms on. Is this because sshfs is a userspace file system?

startoftext · 08-19-2011, 02:28 PM

Just replying to my own post because I think I figured it out. Correct me if I am wrong but I think this is the issue. So when I mount the ssh share the authentication I use on the ssh host is admin. On the ssh host the admin user is in the group unix_admin. So what happens is because the perms on those home dirs allows read and execute permission for any one in the group unix_admin, the users on the client (the machine that the share is mounted on) can read and execute but cannot write. When I authenticated as root against the ssh host it allowed write access but only because root can read and write to any directory on the host. So basically it means that although other users may be accessing the mount on the client, they are accessing them with the perms of the user that mounted that share. Basically to put it simply it does not work the same way that... for example an nfs mount would.

This was a surprise but it was confirmed by this page: http://sourceforge.net/apps/mediawik...title=SshfsFaq Where it says "Generally it's not possible to use an sshfs mount as a "real" filesystem shared between multiple users. Some of this functionality can be enabled with the -o allow_other and -o default_permissions options, but files will not be created with the correct ownership, etc... "