What is the best-practices way to allow all local users to access sshfs mounts when the mount is established by an arbitrary non-root user? (Access will be according to file permissions, of course.)
Provided that the allow_other mount option is correctly specified, can any arbitrary user, along with that user's ssh key pair, be specified in /etc/fstab?
I contemplate auto-mounting the sshfs via fstab using something similar to this:
joe@fileserver:/shared/Docs /shared/Docs fuse.sshfs x-systemd.automount,_netdev,user,identityfile=/home/joe/.ssh/id_rsa,allow_other,default_permissions 0 0
I have the "user_allow_other" mount option uncommented in /etc/fuse.conf. Assume the sshfs mount is now working correctly for user "joe".
I want other users (e.g., mary, tim) to have access to /shared/Docs, as determined by standard file permissions.
What is the best practices way to accomplish this with sshfs? What are the caveats I need to be aware of when shifting from nfs to sshfs?
Under nfs the shares were mounted by the root account. With sshfs I cannot use the root account because the fileserver does not allow root to ssh connect.
The fileserver runs Arch Linux. Clients are either Arch or Ubuntu.
Best Answer
By pure coincidence I spent some time yesterday setting up an SSHFS mount for the first time. Obviously I'm not answering because of any particular expertise but just because I covered some of the same ground and I have a link that I found pretty useful: https://wiki.archlinux.org/index.php/SSHFS. Section 4 covers auto-mount and secure user access.
Beyond that, for what it's worth I think you have the right ideas about using standard access control mechanisms, avoiding root and so on. As far as caveats w/r/t NFS...it's unstable and insecure compared to SSHFS so don't worry too much about it. ;)