I try to sshfs mount a remote dir, but the mounted files are not writable. I have run out of ideas or ways to debug this. Is there anything I should check on the remote server?
I am on an Xubuntu 14.04. I mount remote dir of a 14.04 Ubuntu.
local $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
I changed the /etc/fuse.conf
local $ sudo cat /etc/fuse.conf
# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)
# Set the maximum number of FUSE mounts allowed to non-root users.
# The default is 1000.
#mount_max = 1000
# Allow non-root users to specify the allow_other or allow_root mount options.
user_allow_other
And my user is in the fuse group
local $ sudo grep fuse /etc/group
fuse:x:105:MY_LOACL_USERNAME
And I mount the remote dir with (tried with/without combinations of sudo, default_permissions, allow_other):
local $sudo sshfs -o allow_other,default_permissions -o IdentityFile=/path/to/ssh_key REMOTE_USERNAME@REMOTE_HOST:/remote/dir/path/ /mnt/LOCAL_DIR_NAME/
The REMOTE_USERNAME has write permissions to the dir/files (on the remote server).
I tried the above command without sudo, default_permissions, and in all cases I get:
local $ ls -al /mnt/LOCAL_DIR_NAME/a_file
-rw-rw-r-- 1 699 699 1513 Aug 12 16:08 /mnt/LOCAL_DIR_NAME/a_file
local $ test -w /mnt/LOCAL_DIR_NAME/a_file && echo "Writable" || echo "Not Writable"
Not Writable
Clarification 0
In response to user3188445's comment:
$ whoami
LOCAL_USER
$ cd
$ mkdir test_mnt
$ sshfs -o allow_other,default_permissions -o IdentityFile=/path/to/ssh_key REMOTE_USERNAME@REMOTE_HOST:/remote/dir/path/ test_mnt/
$ ls test_mnt/
I see the contents of the dir correctly
$ ls -al test_mnt/
total 216
drwxr-xr-x 1 699 699 4096 Aug 12 16:42 .
drwxr----- 58 LOCAL_USER LOCAL_USER 4096 Aug 17 15:46 ..
-rw-r--r-- 1 699 699 2557 Jul 30 16:48 sample_file
drwxr-xr-x 1 699 699 4096 Aug 11 17:25 sample_dir
$ touch test_mnt/new_file
touch: cannot touch ‘test_mnt/new_file’: Permission denied
# extra info: SSH to the remote host and check file permissions
$ ssh REMOTE_USERNAME@REMOTE_HOST
# on remote host
$ ls -al /remote/dir/path/
lrwxrwxrwx 1 root root 18 Jul 30 13:48 /remote/dir/path/ -> /srv/path/path/path/
$ cd /remote/dir/path/
$ ls -al
total 216
drwxr-xr-x 26 REMOTE_USERNAME REMOTE_USERNAME 4096 Aug 12 13:42 .
drwxr-xr-x 4 root root 4096 Jul 30 14:37 ..
-rw-r--r-- 1 REMOTE_USERNAME REMOTE_USERNAME 2557 Jul 30 13:48 sample_file
drwxr-xr-x 2 REMOTE_USERNAME REMOTE_USERNAME 4096 Aug 11 14:25 sample_dir
Best Answer
The question was answered in a linux mailing list; I post a translated answer here for completeness.
Solution
The solution is not to used both the options
default_permissionsandallow_other(which I didn't try in my original experiments).Explanation
The problem seems to be quite simple. When you give the option
default_permissionsin fusermount then fuse's permission control of the fuse mount is handled by the kernel and not by fuse. This means that the REMOTE_USER's uid/gid aren't mapped to the LOCAL_USER (sshfs.c IDMAP_NONE). It works the same way as a simple nfs fs without mapping.So, it makes sense to prohibit the access, if the uid/gid numbers don't match.
If you have the option
allow_otherthen this dir is writable only by the local user with uid 699, if it exists.From fuse's man: