Set proper rights for sshfs mountpoint so it can be shared with samba

12

9

I have a domain hoster that provides access via SSH.

My platforms are:

  • Gentoo 2.6.36-r5
  • Windows (XP/Vista/7)

I work on my Windows, I use Gentoo to do all the magic Windows can't do.

Therefore I use sshfs to mount the remote public directory for my domain to /mnt/mydomain.com. Authentication is done via keys, so lazy me don't have to type in my password every now and then.

Since I do my coding on Windows, and I don't want to upload/download the changed files all the time, I want to access this /mnt/mydomain.com via a samba share.

So I shared /mnt in samba, all mounts except mydomain.com is listed on my Windows Explorer.

My theories are:

  1. sshfs does not set the mountpoint uid/gid to something that samba expects
  2. samba does not know that it has to include the uid/gid that /mnt/mydomain.com has been set.
  3. All above is wrong, and I don't know.

Here are configs and output from console, need anything else just let me know. Also no errors or warnings that I take notice of being relevant to this issue, but I might be wrong.

gentoo ~ # ls -lah /mnt
total 20K
drwxr-xr-x  9 root  root  4.0K Mar 26 16:15 .
drwxr-xr-x 18 root  root  4.0K Mar 26  2011 ..
-rw-r--r--  1 root  root     0 Feb  1 16:12 .keep
drwxr-xr-x  1 root  root     0 Mar 18 12:09 buffer
drwxr-s--x  1 68591 68591 4.0K Feb 16 15:43 mydomain.com
drwx------  2 root  root  4.0K Feb  1 16:12 cdrom
drwx------  2 root  root  4.0K Feb  1 16:12 floppy
drwxr-xr-x  1 root  root     0 Sep  1  2009 services
drwxr-xr-x  1 root  root     0 Feb 10 15:08 www

/etc/samba/smb.conf

[mnt]
comment = Mount points
writable = yes
writeable = yes
browseable = yes
browsable = yes
path = /mnt

/etc/fstab

sshfs#myusername@mywebhotel.com:/home/to/pub/dir/ /mnt/mydomain.com/ fuse comment=sshfs,noauto,users,exec,uid=0,gid=0,allow_other,reconnect,follow_symlinks,transform_symlinks,idmap=none,SSHOPT=HostBasedAuthentication 0 0

For an easier read:

  • myusername@mywebhotel.com
  • /home/to/pub/dir/
  • /mnt/mydomain.com/

options:

  • comment=sshfs
  • noauto
  • users
  • exec
  • uid=0
  • gid=0
  • allow_other
  • reconnect
  • follow_symlinks
  • transform_symlinks
  • idmap=none
  • SSHOPT=HostBasedAuthentication

Help!

CS01

Posted 2011-03-26T16:19:08.467

Reputation: 325

SSHFS version 2.8 fuse: unknown option 'SSHOPT=HostBasedAuthentication' – Tom Hale – 2017-04-03T05:25:30.850

IIRC, HostbasedAuthentication is not recommended to use (the user-based PubkeyAuthentication is preferred) – user1686 – 2011-03-26T17:24:03.357

Answers

10

sshfs is a FUSE-based filesystem, and the FUSE layer does not allow other users to access its mounts by default, for security purposes. You have allow_other in options, but it will be ignored until you also edit /etc/fuse.conf to include user_allow_other.

user1686

Posted 2011-03-26T16:19:08.467

Reputation: 283 655

You also need to map the UID and/or GID to your desired user(s) via the options uid=<UID>,gid=<GID>. – sweisgerber.dev – 2015-07-09T08:17:28.303

When exec'ing "ps aux", left column states root for both sshfs and smbd processes. I "parse" this as both runs with the same privileges. From the ls -lah output, you see the uid is not root, this uid is set by sshfs, but I can't set it, atleast not with changing uid/gid in options. I believe samba somehow think it has to exclude that specific directory with uid/gid 68591. (Trying to clear some confusion on my part.) – CS01 – 2011-03-28T08:08:29.370

@CS01: The "master" smbd runs as root, but that is not true for connection handlers – if you log in over SMB as "jim", your smbd process also switches to the UID of "jim". – user1686 – 2014-01-11T18:21:32.597

2

Why don't you mount sshfs directly from Windows?
There are couple of free solution for that (see here and here for more info).

user629926

Posted 2011-03-26T16:19:08.467

Reputation: 146

They don't look very promising and are suspended, at least now, after 3 years :) Do you have any stability experience with them? – sweisgerber.dev – 2015-07-09T07:51:51.213

1Wow, this tool is great! – CS01 – 2012-04-28T12:08:11.193

0

As your normal smb shares are working, i don't loose a word regarding the Samba config, because you can sahre sshfs mounts exactly like you share normal folders. But mounting the SSH share via sshfs is special in comparison to local machine access only.

For mounting your share via fstab, you can put this line into /etc/fstab and mount the share ON REQUEST. It's more convenient than c&p the commandline command.

Generic etc/fstab line:

**<USERNAME>**@<SERVER>:<REMOTE_PATH> /MOUNT/POINT fuse.sshfs noauto,users,idmap=user,IdentityFile=/path/to/.ssh/id_rsa,allow_other,reconnect,port=22,uid=<UID>,gid=<GID> 0 0

noauto: you need to mount it via mount /MOUNT/POINT all other informations gets pulled from this line in /etc/fstab

users: allows normal users to mount this mount entry

reconnect: reconnects/remounts the ahre after standby, etc

uid=/gid=: Maps the remote uid/gid to this local uid/gid

Example:

foo@example.org:/home/foo/music ~/foos_music fuse.sshfs noauto,users,idmap=user,IdentityFile=/home/foo/.ssh/id_rsa,allow_other,reconnect,port=22,uid=foo,gid=users 0 0

All you need to know about sshfs mounting [https://wiki.archlinux.org/index.php/Sshfs]

sweisgerber.dev

Posted 2011-03-26T16:19:08.467

Reputation: 103

Asked: 2011-03-26T16:19:08.467

Viewed: 16 761 times

Active: 2015-07-09T08:28:41.793