SSH and SSHFS Directory Sharing

I’m trying to create a system to access some files between PC’s internally, and occasionally externally. I have setup sshd to run, and can login with my account from internal and external locations, and mount a folder over sshfs without issues.

I now want to give a friend some access to the same folder, so I have created them an standard account on the machine and they can login via ssh and access their home folder and additionally login via sshfs and access files in their home folder. However I would also like for them to be able to access my files drive which is located in /media/external. This drive is mounted on boot, (USB connected).

Whenever they try to access it though they get a “Permission Denied” error. The current properties of the drive are,

drwx------ 1 flatline users 12288 Sep 21 06:32 external

I tried chgrp on external to change group ownership to a new group I created and added both users to but it didn’t seem to work and has stayed being owned by group users. Chmod changes also don’t seem to have an effect (e.g. the chmod code stays the same) although they do process and I can hear the drive working.

I would also like to know how to create a link to the drive in my friends home folder, as simply adding a symlink didn’t work as when trying to access it over sshfs it just throws up error about not being able to find location.

I believe you may need to specify the -o allow_other sshfs option, and you may need to create an /etc/fuse.conf as well with the user_allow_other line - this file is not included in the Suse fuse package.

See:

Sshfs Mounting But Not Accessible By Anyone Else

linux - Why doesn’t SSHFS let me look into a mounted directory? - Server Fault

As for the sylink issue, you may adding the follow_symlinks option, though if I understood correctly this is not really the issue you are having, and the above should solve that.

Cheers,
Pete

On Mon, 26 Sep 2011 02:06:03 +0000, jkraw90 wrote:

> I’m trying to create a system to access some files between PC’s
> internally, and occasionally externally. I have setup sshd to run, and
> can login with my account from internal and external locations, and
> mount a folder over sshfs without issues.
>
> I now want to give a friend some access to the same folder, so I have
> created them an standard account on the machine and they can login via
> ssh and access their home folder and additionally login via sshfs and
> access files in their home folder. However I would also like for them to
> be able to access my files drive which is located in /media/external.
> This drive is mounted on boot, (USB connected).
>
> Whenever they try to access it though they get a “Permission Denied”
> error. The current properties of the drive are,

Be aware that FUSE-based filesystems (which sshfs is) are not intended
for multiuser access; they do not include file locking. By default, fuse
filesystems are restricted to the user who initially connects - even if
you switch to root, you won’t be able to browse the filesystem.

If you want true multiuser access, you should use a real network
filesystem like NFS or SAMBA.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

I’ve now switched to use vsftpd, although the directory permission issues are still present, but I’ll create a new topic more relevant to the FTP context

EDIT

New topic is linky

On Tue, 27 Sep 2011 19:16:03 +0000, jkraw90 wrote:

> I’ve now switched to use vsftpd, although the directory permission
> issues are still present, but I’ll create a new topic more relevant to
> the FTP context

Sounds good, but still keep in mind that ftpd (any ftpd, vs or others)
are also not intended to be used as filesystems (indeed, there is a
curlftpfs module for fuse) and still won’t provide you with multiuser
concurrent access/locking.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

But what does that actually mean? Does that mean two users can’t download the same file?

What I want to be able to happen is my account running on ssh, sshfs can edit, upload, download etc, and any users on ftp can only download to the external drive, they will be able to upload but only to a upload folder inside their home directory.

On Tue, 27 Sep 2011 19:56:03 +0000, jkraw90 wrote:

> But what does that actually mean? Does that mean two users can’t
> download the same file?

It means that concurrent access to the file is not arbitrated by
anything. File locking is a mechanism (usually provided by the
filesystem, but occasionally done by applications themselves) that
prevents two users from opening the same file at the same time and then
writing changes to the file.

> What I want to be able to happen is my account running on ssh, sshfs can
> edit, upload, download etc, and any users on ftp can only download to
> the external drive, they will be able to upload but only to a upload
> folder inside their home directory.

Then the download functionality will work. If you want to share a
filesystem amongst multiple concurrent users on remote systems, have a
look at NFS or SAMBA, both of which are designed with multiple user
access in mind. :slight_smile:

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Although I haven’t configured exactly this, IMO the prospects are good because

  • Only one person has rw permissions to the location (the SSH user)
  • FTP permissions can be applied as a new permissions layer on top of the file system permissions, so at the <application level> you can restrict all FTP Users to read-only almost no matter what the underlying system level permissions are.
  • Your FTP users can only write a copy to a different location, which avoids file change contention.

BTW - if you don’t feel comfortable exposing file permissions directly to remote access to a number of Users, a common solution is to deploy an application frontend to manage and perhaps even impersonate credentials, the most common is the simple HTTP Server. By default everyone knows you can download files using an HTTP Server, you can also permit file writing using the “Network Shares” metaphor by implementing WebDAV. When you do this, people should be able to browse, cut, paste, and even Drag and Drop to a Browser window just like regular network shares (but below the interface you’re implementing HTTP calls for your file operations).

HTH,
Tony

Interesting idea Tony.

I want to get FTP up and running just because it’s annoying me that it isn’t but I may well try that idea later on.

On a side note though it seems the issue isn’t anything to do with FTP, SSH or any sharing protocol but instead is to do with the folder not accepting permission changes needed to allow people to navigate to it. I have a topic going here about the issue. linky