search

bispawel / macfuse

Automatically exported from code.google.com/p/macfuse
Other
0 stars 0 forks source link

SUID, SGID and Sticky Files #185

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create a directory on a remote (Linux) machine with permissions 
"drwxrws--T", owned by root 
(where the user you'll be logging in with is not root) and belonging to a group 
that the user you'll 
be logging in as is a member of.
2. Connect to the remote machine using sshfs under MacFuse.
3. In the Finder, navigate to the created directory and try to read the files 
in it.

What is the expected output? What do you see instead?

I expect to be able to read the files in the directory (when using SSH via the 
terminal, I can read 
the contents of the directory). When using MacFuse I get an error dialog box 
that says "The folder 
"X" could not be opened because you do not have sufficient access privileges" 
(where X is the 
name of the directory created in step 1 above).

What version of the product are you using? On what operating system?

sshfs.app says it is version 0.3.0. I'm running OS X 10.4.9.

Original issue reported on code.google.com by uk.org.m...@googlemail.com on 15 May 2007 at 10:36

GoogleCodeExporter commented 8 years ago 
First off, sshfs (or SFTP for that matter) doesn't do groups. At best, it can 
try to detect the default remote gid of 
the user who's making that SFTP connection (that is, mounting the volume).

Since sshfs doesn't have an file access authorization function of its own, it's 
up to the local kernel (MacFUSE) to 
authorize. The local kernel doesn't have all the remote information (what 
groups you're a member of on the 
remote machine, etc.) Therefore, even though you may expect to be able to read 
files in that directory, that's not 
how it works with sshfs. The underlying protocol isn't a full blown file 
sharing protocol.

Original comment by si...@gmail.com on 15 May 2007 at 6:27

GoogleCodeExporter commented 8 years ago 
One "solution" would be to turn off local authorization altogether and defer 
such decisions to "whatever happens 
when you actually try to read/write/etc. through SFTP". This way, the local 
kernel will never stop you from 
accessing anything, even if based on permissions or ACLs it looks like you 
can't access something. The 
'defer_auth' option enables this mode of operation in the next release of 
MacFUSE.

Original comment by si...@gmail.com on 15 May 2007 at 6:34

GoogleCodeExporter commented 8 years ago

Original comment by si...@gmail.com on 29 May 2007 at 7:14