search

fluiday / macfuse

Automatically exported from code.google.com/p/macfuse
Other
0 stars 0 forks source link

Group permissions ignored; access denied to folder #277

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Set up a folder on remote system group writable but different user
2. Log in via sshfs.app
3. See folder is locked

What is the expected output? What do you see instead?
Expect group access to folder. Access is denied.

What version of the product are you using? On what operating system?
MacFUSE Core 10.4 1.0.0
sshfs 1.0.0
Mac OS X 10.4.10 (Intel Mac mini)

Please provide any additional information below.
Server is FreeBSD 6.2.
I verified the folder (directory)'s permissions are group writable.

Original issue reported on code.google.com by Boodl...@gmail.com on 29 Oct 2007 at 2:27

GoogleCodeExporter commented 8 years ago 
First off, sshfs (or SFTP for that matter) doesn't do groups. At best, it can 
try to detect the default remote gid 
of  the user who's making that SFTP connection (that is, mounting the volume). 
This isn't a feature/misfeature 
of sshfs itself--it's just that this can't be done (within reason) using the 
means sshfs has.

Since sshfs doesn't have an file access authorization function of its own, it's 
up to the local kernel (MacFUSE) to  
authorize. The local kernel doesn't have all the remote information (what 
groups you're a member of on the  
remote machine, etc.) Therefore, even though you may expect to be able to read 
files in that directory, that's 
not  how it works with sshfs. The underlying protocol isn't a full blown file 
sharing protocol.

One "solution" would be to turn off local authorization altogether and defer 
such decisions to "whatever 
happens when you actually try to read/write/etc. through SFTP". This way, the 
local kernel will never stop you 
from accessing anything, even if based on permissions or ACLs it looks like you 
can't access something. The  
'defer_permissions' option enables this mode of operation in the next release 
of MacFUSE.

This has been discussed before.

Original comment by si...@gmail.com on 29 Oct 2007 at 2:36

GoogleCodeExporter commented 8 years ago 
Thanks. I searched the forum as best I could before posting, but couldn't find a
prior discussion.

I'll keep an eye out for the next release of MacFUSE.

Original comment by Boodl...@gmail.com on 29 Oct 2007 at 3:41