sshfs, linux - how to mount with read-only access
just add one more option: sshfs user@123.123.123.123:/home/user /media/mountpoint/ -o allow_other -o ro
.
this should help: http://ubuntuforums.org/showthread.php?t=975107
Mount with sshfs and write file permissions
The question was answered in a linux mailing list; I post a translated answer here for completeness.
Solution
The solution is to not use both of the options default_permissions
and allow_other
when mounting (which I didn't try in my original experiments).
Explanation
The problem seems to be quite simple. When you use the option default_permissions
in fusermount then fuse's permission control of the fuse mount is handled by the kernel and not by fuse.
This means that the REMOTE_USER's uid/gid aren't mapped to the LOCAL_USER (sshfs.c IDMAP_NONE). It works the same way as a simple nfs fs without mapping.
So, it makes sense to prohibit the access, if the uid/gid numbers don't match.
If you have the option allow_other
then this dir is writable only by the local user with uid 699, if it exists.
From fuse's man:
'default_permissions'
By default FUSE doesn't check file access permissions, the
filesystem is free to implement its access policy or leave it to
the underlying file access mechanism (e.g. in case of network
filesystems). This option enables permission checking, restricting
access based on file mode. It is usually useful together with the
'allow_other' mount option.
'allow_other'
This option overrides the security measure restricting file access
to the user mounting the filesystem. This option is by default only
allowed to root, but this restriction can be removed with a
(userspace) configuration option.
Sshfs as regular user through fstab
Using option allow_other
in /etc/fstab
allows other users than the one doing the actual mounting to access the mounted filesystem. When you booting your system and mounting your sshfs, it's done by user root instead of your regular user. When you add allow_other
other users than root can access to mount point. File permissions under the mount point still stay the same as they used to be, so if you have a directory with 0700 mask there, it's not accessible by anyone else but root and the owner.
So, instead of
sshfs#user@remote.machine.net:/remote/dir /work fuse user,_netdev,reconnect,uid=1000,gid=1000,idmap=user 0 0
use
sshfs#user@remote.machine.net:/remote/dir /work fuse user,_netdev,reconnect,uid=1000,gid=1000,idmap=user,allow_other 0 0
This did the trick for me at least. I did not test this by booting the system, but instead just issued the mount command as root, then tried to access the mounted sshfs as a regular user.
Mounting a remote file system (sshfs) through an intermediate machine
You may use ssh to forward port 22 from machine3 to machine1 via machine2, like
user1@machine1:$ ssh -L 2222:machine3:22 user2@machine2
After that configure sshfs on machine1 to use localhost:2222
port (in the second terminal tab):
user1@machine1:$ sshfs user3@localhost:/some/machine3/dir /some/local/dir -p 2222
Raspberry ISO mount via sshfs fails
For me, this worked :
sudo bash
# Now in root
mkdir /tmp/iso
mount /home/pi/isomount/2005-2010.iso /tmp/iso
More details
~# cd /home/ubuntu/dev
/home/ubuntu/dev# df -k .
Filesystem 1K-blocks Used Available Use% Mounted on
User@remotehost:dev 487213052 380126780 107086272 79% /home/ubuntu/dev <-- sshfs mounted
/home/ubuntu/dev# ls -l ubuntu-20.04.3-desktop-amd64.iso
-rwx------ 1 197609 197121 3071934464 Dec 28 10:44 ubuntu-20.04.3-desktop-amd64.iso
/home/ubuntu/dev# mount ubuntu-20.04.3-desktop-amd64.iso /tmp/iso
mount: /tmp/iso: WARNING: device write-protected, mounted read-only.
/home/ubuntu/dev# ls -ltr /tmp/iso
total 101
lr-xr-xr-x 1 root root 1 Aug 19 11:59 ubuntu -> .
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 preseed
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 pool
dr-xr-xr-x 1 root root 2048 Aug 19 11:59 dists
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 install
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 casper
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 boot
dr-xr-xr-x 1 root root 2048 Aug 19 12:01 EFI
dr-xr-xr-x 1 root root 34816 Aug 19 12:01 isolinux
-r--r--r-- 1 root root 53487 Aug 19 12:03 md5sum.txt
My sshfs mount options in /etc/mtab :
User@remotehost:dev /home/ubuntu/dev fuse.sshfs rw,nosuid,nodev,relatime,user_id=1001,group_id=1001,allow_other 0 0
Emacs SSH - Enforce read-only
Third suggestion: Use sshfs
to provide the remote filesystem locally, and mount it read-only, and then point Emacs at that.
That way you're not subject to all of the pitfalls of being able to run commands directly on the remote server as a user who has write-permissions.
Related Topics
Having Trouble Wrapping Functions in The Linux Kernel
Update .Bashrc from Provisioning Shell Script with Vagrant
Git Clone Gnutls Recv Error (-9): a Tls Packet with Unexpected Length Was Received
Building Gcc with Glibc in a Non-Standard Location Without Root
What Is a Shell Command to Find The Longest Common Substring of Two Strings in Unix
How to Specify Which Kernel to Build with Bitbake/Yocto
Linux - Change The Hostname in The Cli
How to Read N-Th Line from a Text File in Bash
Setting The Umask of The Jenkins Process
Sshfs, Linux - How to Mount with Read-Only Access
Get Access to Usb Device on Linux (Libusb-1.0)
Check What Conda Environment Is Currently Activated
How The File Size Is Limited on a Specific File System