2

I want to use sshfs to mount filesystem folder on my machine (let's say ~/home).

I would like to be able to edit files inside the / folder that got mounted using any editor (for example, edit /etc/sysctl.conf).

In a nutshell, I want to use sshfs to mount my entire server file system in my Desktop with r+w+x permissions for every file

I tried looking for answers around here, but got nowhere and only could mount with "read-only" permissions. The command was:

sshfs hostname@ip.address:/ ~/Desktop -o max_conns=8,transform_symlinks,dir_cache=yes,idmap=user,uid=$(id -u),gid=$(id -g),reconnect -d -v -C
Kamil Maciorowski
  • 21,864
23176xsk
  • 23
  • That sound like a giant security hole which is probably why you can't get it going. – Aaron D. Marasco May 04 '22 at 19:57
  • @AaronD.Marasco yes, but in theory it should be possible, right? – 23176xsk May 05 '22 at 05:04
  • I can only edit files inside the /home/ folder from the server, however, it is not possible to edit any files inside the root filesystem '/' – 23176xsk May 05 '22 at 05:12
  • @KamilMaciorowski no, I disabled root login access to the server using ssh. (ie. the user from hostname@ip.address has sudo privileges, but it's not root. – 23176xsk May 05 '22 at 05:28

1 Answers1

4

sshfs hostname@ip.address:/ … acts on the server side as the same user you would log in with ssh hostname@ip.address, so most likely hostname (kinda misleading name, it's a user). If hostname is not equivalent to root on the server then it's normal you cannot edit arbitrary files.

The SSH server (daemon) like sshd runs and listens as root. It forks to serve your request. After you authenticate as hostname you eventually are served by sshd that dropped its privileges and runs as hostname. This way you can only do on the server what hostname can do.

This works regardless of what you see locally. The options idmap, uid and gid cannot overcome the fact sshd on the server works as hostname for you. These options are meant to make the local mount look sane in the local environment.

To be able to edit the remote /etc/sysctl.conf file locally, you need to authenticate to the server as a user who can edit /etc/sysctl.conf on the server. This applies to any file. Two basic options:

  1. You can mess with permissions on the server. Dangerous. E.g. if you make /etc/sudoers too open on the server then sudo will refuse to work there.

  2. Allow yourself to do sshfs root@ip.address:/ …. Not recommended.

One way or another, what you want to do is not really a safe idea.

Kamil Maciorowski
  • 21,864
  • 1
    What I'm looking for is a connection string like in Tramp in Emacs ssh:myuser@server|sudo:server:/path/requires/root (with passwordless sudo on server for myuser) – zoechi Jul 20 '23 at 14:50