Re: [sshfs] follow_symlinks weird behaviour.

> > Only if you use '-oallow_other'.  Otherwise only the mounting user
> > will be permitted to access the filesystem, which is what you want
> > AFAICS.
> 
> Mmm indeed. I assumed that if the mountpoint dir is 755 after mounting,
> other users can see what's inside as well, but actually all they can
> see is:
> [lolek@kromka mnt]$ ls -l /mnt
> d????????? ? ?    ?       ?            ? klej
> 
> I might be wrong but this looks rather hackish to me ;)

It is, and it's been discussed to death when fuse was proposed for
inclusion into the kernel, and no better solution was found.  The
basic reason is that it's not the mounting user being protected from
other users and root, but the other way round.  The mounting user
being protected is just a side effect.

>Wouldn't it be better if it set the correct permissions on mountpoint
>dir instead?

That would be a hack as well, the attributes of the mount root always
come from the mounted filesystem not the mountpoint.  Mixing
attributes of one and the other could be rather confusing.

> > Yes, a new option could be added which does this for an arbitrary user
> > instead of the mounting user, but a clearner and more secure solution
> > is to just run the sshfs filesystem as user.
> Best I guess would be to be able to start the sshfs as root and
> drop privileges into the user given with -o. Same way kismet
> does it, for example.

Try the 'setuid=user' option with this patch to mount.fuse from
fuse-2.6.1:

Index: util/mount.fuse
===================================================================
RCS file: /cvsroot/fuse/fuse/util/mount.fuse,v
retrieving revision 1.8
diff -u -r1.8 mount.fuse
--- util/mount.fuse     28 Oct 2006 07:59:22 -0000      1.8
+++ util/mount.fuse     8 Dec 2006 12:49:49 -0000
@@ -45,8 +45,14 @@
 shift
 shift
 
-ignore_opts='\(user\|nouser\|users\|auto\|noauto\|_netdev\)'
+eval `echo $@ | sed -n "s/\([^,]*,\)*setuid=\([^,]*\).*/SETUID=\2/p"`
+
+ignore_opts='\(user\|nouser\|users\|auto\|noauto\|_netdev\|setuid=[^,]*\)'
 
 OPTIONS=`echo $@ | sed "s/,${ignore_opts}\|${ignore_opts},//g"`
 
-${FSTYPE} ${MOUNTPATH} ${MOUNTPOINT} ${OPTIONS}
+if test -z "$SETUID"; then
+    ${FSTYPE} ${MOUNTPATH} ${MOUNTPOINT} ${OPTIONS}
+else
+    su - $SETUID -c "${FSTYPE} ${MOUNTPATH} ${MOUNTPOINT} ${OPTIONS}"
+fi



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV