Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 390293 - sys-fs/sshfs-fuse: Improve remote permissions when files and directories are created
Summary: sys-fs/sshfs-fuse: Improve remote permissions when files and directories are ...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: All Linux
: Normal enhancement with 1 vote (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-12 19:24 UTC by Richard
Modified: 2016-01-30 14:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Port of André Frimberger's patch to sshfs-fuse 2.3 (sshfs-remote-mask.patch,2.77 KB, patch)
2011-11-12 19:25 UTC, Richard
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Richard 2011-11-12 19:24:57 UTC
I have a situation where I have two accounts on a remote LAMP server. One is my user account and another is an account for a website. Both accounts have their own dedicated groups, but the website's primary group is a secondary group for both Apache and my user account.

I would like the ability to remote mount the website account's home directory with sshfs-fuse and add some files/directories in such a way that they are made according to a specific umasks and in a specific group by default. I can chgrp and chmod all of the files in a SSH session, but that is a pain. It would be better if sshfs-fuse had some options for this.

In my case, I would like to be able to specify:

sshfs -o idmap=user -o remote_gid=1002 -o remote_dmask=0770 -o remote_fmask=0660 username@remote-host:/home/website-user/public_html ~/website-user/public_html

André Frimberger did part of the work to make this possible:

http://andre.frimberger.de/index.php/linux/sshfs-fix-for-wrong-file-permissions-on-server/

The remote_gid option is still not implemented. At the moment, I am using the setgid bit on the remote end so that I can do more urgent things, but I imagine that expanding on André Frimberger's patch to implement remote_gid would not be hard.

I imagine that a better way to do what I am doing would probably involve ACLs so that Apache would have read only access while developers such as myself would have read/write access, but I do not have time to explore that idea. I am posting this so that anyone with sufficient time and interest can look into making these changes to sshfs-fuse and also possibly make changes so that ACLs could be used.
Comment 1 Richard 2011-11-12 19:25:30 UTC
Created attachment 292313 [details, diff]
Port of André Frimberger's patch to sshfs-fuse 2.3

Here is a port of André Frimberger's patch to sshfs-fuse 2.3.
Comment 2 Tim Harder gentoo-dev 2011-11-14 21:53:39 UTC
Have you (or someone else) pushed this upstream in some fashion? I'd rather apply patches that have been accepted into upstream then start diverging from it.
Comment 3 Richard 2011-11-14 22:19:36 UTC
I spotted a mailing list discussion via a google search on the topic that showed some talk about that, but the result was inconclusive. This does not appear to have ever been pushed upstream properly, but my time is extremely limited at the moment, so I cannot check things to be certain.

With that said, it is possible to put patches like this behind a USE flag to avoid divergence.
Comment 4 Tim Harder gentoo-dev 2011-11-15 00:36:35 UTC
(In reply to comment #3)
> With that said, it is possible to put patches like this behind a USE flag to
> avoid divergence.

Not really. My point is when a patch like this is added without upstream support someone (me) will have to keep forward porting it to new versions which isn't always fun if things change a lot. :)

If you want a better chance of it getting added, it would be best to take a few minutes to submit it upstream for discussion and acceptance.
Comment 5 Pacho Ramos gentoo-dev 2016-01-30 14:47:56 UTC
this should be forwarded to upstream directly