sshfs problem: "fuse: failed to exec fusermount: Permission denied"

This is on a dual boot machine with Fedora 25 and Tumbleweed on separate partitions.

I made sure that my main user has the same UID and GID on both OSs. While Fedora works just fine and mounts my remote server (with the same IDs), Tumbleweed just quits with

fuse: failed to exec fusermount: Permission denied

fuse as a module is loaded, regular ssh login to remote server just works.

The sshfs mountpoints are in /home/user and permissions are OK.

I don’t even know how to debug this; google search turned up no results for opensuse, neither did a search in this forum.

I tried strace and this seems to be the stumbling point:

mount("remote:/home/user/", "/home/user/mnt", "fuse.sshfs", MS_NOSUID|MS_NODEV, "fd=3,rootmode=40000,user_id=1000"...) = -1 EPERM (Operation not permitted)

1000 is indeed my UID, but I can’t decipher the rest of the error message and googling for it gave no meaningful results.

Am I really the only one trying to use sshfs on Tumbleweed and having this error?

TIA for help.

Am Tue, 06 Jun 2017 16:46:01 GMT
schrieb OE1FEU <OE1FEU@no-mx.forums.microfocus.com>:

> I tried strace and this seems to be the stumbling point:
>
>
> Code:
> --------------------
> mount(“remote:/home/user/”, “/home/user/mnt”, “fuse.sshfs”,
> MS_NOSUID|MS_NODEV, “fd=3,rootmode=40000,user_id=1000”…) = -1 EPERM
> (Operation not permitted) --------------------
>
>
> 1000 is indeed my UID, but I can’t decipher the rest of the error
> message and googling for it gave no meaningful results.

What gives;

ls -l /usr/bin/fusermount

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

ls -lah /usr/bin/fusermount
-rwsr-x--- 1 root root 31K May 27 16:17 /usr/bin/fusermount

The error message is not part of /usr/bin/fusermount’s error messages.

Am Tue, 06 Jun 2017 17:26:01 GMT
schrieb OE1FEU <OE1FEU@no-mx.forums.microfocus.com>:

> Code:
> --------------------
> ls -lah /usr/bin/fusermount
> -rwsr-x— 1 root root 31K May 27 16:17 /usr/bin/fusermount
> --------------------
>

Well, not quite what I expected as the SUID Bit is set, but with this
combination of owner:group, this can not work for a normal user and looking at
my TW virtual machine, this is also not one of the possible sets of permissions
installed by default.

grep fusermount /etc/permissions* -r
/etc/permissions.easy:/usr/bin/fusermount root:trusted 4755
/etc/permissions.paranoid:/usr/bin/fusermount root:trusted 0755
/etc/permissions.secure:/usr/bin/fusermount root:trusted 4750

So to not only solve this problem but also to avoid it reappearing after every
upgrade of fuse, do the following:

  1. post the output of the grep command I showed you above

  2. Run as root

/usr/bin/chkstat -n --system --set /usr/bin/fusermount

and check if the permissions of /usr/bin/fusermount have changed.

  1. as your normal user, run the command

groups

and post the output

After that, we will see what has to be done to fix this.

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

On my Tumbleweed:

# ls -l /usr/bin/fusermount
-rwsr-xr-x 1 root trusted 30464 27. Mai 17:26 /usr/bin/fusermount

Am Tue, 06 Jun 2017 18:26:01 GMT
schrieb hendwolt <hendwolt@no-mx.forums.microfocus.com>:

> On my Tumbleweed:
>
> Code:
> --------------------
> # ls -l /usr/bin/fusermount
> -rwsr-xr-x 1 root trusted 30464 27. Mai 17:26 /usr/bin/fusermount
>
> --------------------
>
>

Yes, that is the default if the “PERMISSION_SECURITY” variable is set to “easy”
in /etc/sysconfig/security.

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

  1. Result is the same as yours

  2. Permissions have not changed because: “/usr/bin/fusermount: unknown group trusted”

  3. I am member of users and wheel

Moving from your cues, I installed “system-group-trusted” and added myself to ‘trusted’ and:

/usr/bin/chkstat -n --system --set /usr/bin/fusermount
setting /usr/bin/fusermount to root:trusted 4755. (wrong owner/group root:root permissions 4750)

ls -lah /usr/bin/fusermount
-rwsr-xr-x 1 root trusted 31K May 27 16:17 /usr/bin/fusermount

P R O F I T !!!

Thank you so much!

It’s a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1041159
(missing package dependency on system-group-trusted)

A fix has been submitted to Factory already, but is not in yet.

Am Tue, 06 Jun 2017 20:36:01 GMT
schrieb OE1FEU <OE1FEU@no-mx.forums.microfocus.com>:

> 3) I am member of users and wheel

If you don’t have a very very good reason remove your user
from the group wheel.

AK


Never attribute to malice that which can be adequately explained by stupidity.
(R.J. Hanlon)

It’s probably not a good reason, but I have always been a lazy *******. As soon as someone invents sudo-agent [1] in the same spirit as ssh-agent, I will remove myself from the group.

Until then: Sorry.

[1] http://blog.towo.eu/authenticating-sudo-with-the-ssh-agent/ I know, but I want to have something like that as an upgradeable rpm native to my system.

Here is what helped me:

sudo chmod +x /usr/bin/fusermount

For more on this, see the homepage for the fuse tools…
I discuss this and other related fuse permissions topics and provide links in the SDB:VMware Tools

https://en.opensuse.org/SDB:VMware_Tools

TSU