SSHFS mount with sudo - how to restrict privileges?

Question

I need to mount a remote server (server1) with an SSHFS mount on server2 via an automated script. I need to be able to access some files on server1 that require root access, but I don't want to enable root login via SSH on that server, even with keys. Nor do I want to create a new user account that has sudo access to everything. Instead, I would like to create an entry in the /etc/sudoers file that gives a special user ALL permissions with no password. But I want to restrict those privileges to the specific command that is needed to establish the SSH mount with root access to the files, and nothing else.

I found these two references:

Are these still current, and recommendable from a security standpoint? Do I understand correctly that an SSHFS mount would actually use the sftp-server binary on the remote server?

Thanks a lot!

a) Regarding whatever those instructions works, why haven't you simply tried them? But yeah, from a quick look they appear to make sense. b) What do you expect to gain security wise by allowing full root access (by way of sudo), but limited to sftp? That sftp access is in itself enough to remove any further limitation on the account. — andol, Jul 22 '15 at 17:13
@MichaelHampton : Because some of them are sensitive and normally are only readable to root. — rahim123, Jul 22 '15 at 17:15
@andol : *"That sftp access is in itself enough to remove any further limitation on the account."* I'm sorry, didn't quite get that. *"Regarding whatever those instructions works, why haven't you simply tried them?"* Because I don't want to open any security holes on my server. I don't quite understand how the SSHFS process works and what mechanisms it uses, hence my question. — rahim123, Jul 22 '15 at 17:16
Well, obviously you shouldn't try things out on an actual production server :-) Much better to do in on a local virtual machine, or something. — andol, Jul 22 '15 at 17:27

SSHFS mount with sudo - how to restrict privileges?

0 Answers0