I have a situation where I have two accounts on a remote LAMP server. One is my user account and another is an account for a website. Both accounts have their own dedicated groups, but the website's primary group is a secondary group for both Apache and my user account.
I would like the ability to remote mount the website account's home directory with sshfs-fuse and add some files/directories in such a way that they are made according to a specific umasks and in a specific group by default. I can chgrp and chmod all of the files in a SSH session, but that is a pain. It would be better if sshfs-fuse had some options for this.
In my case, I would like to be able to specify:
sshfs -o idmap=user -o remote_gid=1002 -o remote_dmask=0770 -o remote_fmask=0660 username@remote-host:/home/website-user/public_html ~/website-user/public_html
André Frimberger did part of the work to make this possible:
The remote_gid option is still not implemented. At the moment, I am using the setgid bit on the remote end so that I can do more urgent things, but I imagine that expanding on André Frimberger's patch to implement remote_gid would not be hard.
I imagine that a better way to do what I am doing would probably involve ACLs so that Apache would have read only access while developers such as myself would have read/write access, but I do not have time to explore that idea. I am posting this so that anyone with sufficient time and interest can look into making these changes to sshfs-fuse and also possibly make changes so that ACLs could be used.
Created attachment 292313 [details, diff]
Port of André Frimberger's patch to sshfs-fuse 2.3
Here is a port of André Frimberger's patch to sshfs-fuse 2.3.
Have you (or someone else) pushed this upstream in some fashion? I'd rather apply patches that have been accepted into upstream then start diverging from it.
I spotted a mailing list discussion via a google search on the topic that showed some talk about that, but the result was inconclusive. This does not appear to have ever been pushed upstream properly, but my time is extremely limited at the moment, so I cannot check things to be certain.
With that said, it is possible to put patches like this behind a USE flag to avoid divergence.
(In reply to comment #3)
> With that said, it is possible to put patches like this behind a USE flag to
> avoid divergence.
Not really. My point is when a patch like this is added without upstream support someone (me) will have to keep forward porting it to new versions which isn't always fun if things change a lot. :)
If you want a better chance of it getting added, it would be best to take a few minutes to submit it upstream for discussion and acceptance.
this should be forwarded to upstream directly