https://stackoverflow.com/questions/17308272
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansshfs by default does not allow the kernel to check permissions
you need to use
sshfs -o allow_other,default_permissions
Im not sure how to use that with autofs as I only ever use sshfs direct but it should be able to slot in somewhere
autofs/sshfs not adhere to remote permissions
-
01-06-2022 - |
Pergunta
I have an ubuntu server "remote" with a user srichter. In my home dir on the server i have some files with different permissions like the following:
srichter@remote:~> ls -l
drwx------ 13 srichter srichter 4096 Jun 16 22:48 secret
drwxr-xr-x 13 srichter users 4096 Feb 24 14:51 public
On my local machine i installed sshfs and fuse and everything to get autofs working. My local auto.master looks like this:
+auto.master # what's that line for?
/autofs/remote /etc/auto.remote.conf uid=srichter gid=srichter -v --ghost --timeout=30
the respective auto.remote.conf has the following content:
mnt -fstype=fuse,rw,nodev,noempty,noatime,allow_other,max_read=65536 :sshfs\#srichter@remote\:
this works like a charm: i can cd to /autofs/remote/mnt and ls -l gives me
drwx------ 13 srichter srichter 4096 Jun 16 22:48 secret
drwxr-xr-x 13 srichter srichter 4096 Feb 24 14:51 public
Note, that only srichter should have acces to the secret directory. That's the problem. If i log in as guest on the local computer, i can cd to the secret dir and see (and edit) it's contents:
srichter@local:~> su guest
guest@local:~> groups
users
guest@local:~> cd /autofs/remote/mnt
guest@local:/autofs/remote/mnt> ls -l
drwx------ 13 srichter srichter 4096 Jun 16 22:48 secret
drwxr-xr-x 13 srichter srichter 4096 Feb 24 14:51 public
guest@local:/autofs/remote/mnt> cd secret
guest@local:/autofs/remote/mnt/secret> ls -l
-rw------- 1 srichter srichter 470340 Jul 2 2012 secret.file1
-rw------- 1 srichter srichter 9547092 Jun 7 02:06 secret.file2
guest@local:/autofs/remote/mnt/secret> cat secret.file1
This is the content for secret.file1, which should not be visible to anyone but srichter.
So, why can guest access my files and what am i doing wrong?
Thank you in advance!
Solução
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
