Mount a remote file system using SSHFS [closed]

Asked 16/7, 2009 at 4:51 Answered 16/7, 2009 at 8:6

Ok, the setup is a bit convoluted. Don't blame me, I'm not the sysadmin.

Here's the situation. There is one machine that I can SSH into from outside the network. I can only remote in as root (yes, you heard right) using my private key. I know that it is more typical to log in as a user and then elevate privileges, but in this case, I have to do the opposite.

The problem is that I want to use SSHFS in order to mount the file system remotely. I have this working perfectly. However, I don't want every file that I muck with to reflect root permissions. I would like to de-elevate first (su to a user account).

Anyone know how I can do this with SSHFS?

Fulmar answered 16/7, 2009 at 4:51 Comment(3)

If I understand correctly then you can sshfs into root on the remote system but can't (because of the sysadmin; also root) sshfs into a less privileged account? – Tallman 16/7, 2009 at 7:15

I had a similar issue and found that the folder I was trying to edit was actually a symlink. I now sshfs directly to the folder (the actual real path, not following a symlink). This worked for me. – Thornton 20/12, 2012 at 17:44

if you can ssh as root, then you can create a second user account. If you are not allowed to do so because of organizational policy, then you have a organizational problem. – Halfback 17/2, 2013 at 12:0

You can create a script to intercept the call to the sftp subsystem on the remote machine. Put the following script somewhere on the remote server, let's say /root/bin/sftp_intercept:

#!/bin/sh
exec sudo -u less_privileged_user /usr/lib/openssh/sftp-server

and then make the call like so:

sshfs root@remote:dir mountpoint -o sftp_server=/root/bin/sftp_intercept

That should then give the desired results.

You'll need an apropriate sudoers entry to make sudo work without it prompting for a password, and don't forget to "chmod 755 ~/bin/sftp_intercept".

Also, make sure that /usr/lib/openssh/sftp-server is indeed the path to the sftp-server. If not, then perhaps it is /usr/lib/sftp-server.

Tallman answered 16/7, 2009 at 8:6 Comment(2)

What, after sudo, nobody remembers su anymor? su less-privileged_user -c '/usr/lib/openssh/sftp-server' should generally not require any password from root. – Horvitz 16/7, 2009 at 14:48

Thanks so much... sudo caused problems for some unknown reason... I ended up using -o sftp_server="su user -c 'exec /usr/libexec/openssh/sftp-server'" – Fulmar 17/7, 2009 at 1:39

The sshfs manpage suggests that passing

-o uid=$YOURUID -o gid=$YOURGID

to your sshfs invocation should set the user/group of the files you create to that uid/gid. You'll need to find these on the remote system, obviously.

Redeem answered 16/7, 2009 at 6:14 Comment(1)

These options only affect local files, not files on the remote machine. From the question it is not entirely clear whether that is what is wanted; I think that it may be the files on the remote machine that he wants to change the ownership of. – Tallman 16/7, 2009 at 6:39

Recommended topics

Hot tags