SSHFS from Ubuntu access


12 posts
by scorp » Sun Jun 24, 2012 1:54 pm
I have Ubuntu 12 on my PC (on VM) running. I can connect to RPi via SSH in terminal and do whatever I like using sudo. But I would like to connect to it via SSHFS (using Connect to Server GUI) so I can use Ubuntu GUI to read/write any file and directory. The problem is that if I connect to Rpi using pi/raspberry login details I have only read-only access to it. What shell I do to have full access as if I use sudo command in terminal?
Thank you.
Posts: 96
Joined: Tue May 29, 2012 6:21 pm
by alexeames » Sun Jun 24, 2012 5:52 pm
You could create a root password

Code: Select all
sudo passwd root


and use that to log in. But there may be a better way, which involves less security risk. :D
I expect someone will be along in a minute to tell us what it is. :geek:
Alex Eames RasPi.TV HDMIPi.com RasP.iO
User avatar
Posts: 2054
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
by alexeames » Sun Jun 24, 2012 6:30 pm
Googling around (this is a problem I wanted to solve as well) I found something called setfacl.
Set file access control limits. Reading through the stuff on this page, it looks as if the following command might do the trick, but I would like to hear back from someone who knows what they're doing before using it. :lol:

Code: Select all
setfacl -R -m u:pi:rw /


If I understand correctly, the above command will give user pi read/write permission for all files and directories under the root folder / (which is what we want isn't it?). Any comments from those in the know? Is this safer than creating a root login? Is there a better way to be able to upload and delete files as the pi user by ssh?

[edit - just tried this on one of my experimental SD cards. setfacl: command not found. Scratch that one then :lol: ]
Last edited by alexeames on Sun Jun 24, 2012 6:47 pm, edited 1 time in total.
Alex Eames RasPi.TV HDMIPi.com RasP.iO
User avatar
Posts: 2054
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
by bonelifer » Sun Jun 24, 2012 6:41 pm
You could add the pi user to the sudoer list:

http://colekcolek.com/2012/02/28/add-us ... tu-debian/
User avatar
Posts: 122
Joined: Thu Jan 12, 2012 4:01 am
Location: http://www.phpbb.com/community/memberlist.php?mode=viewprofile&u=147848
by alexeames » Sun Jun 24, 2012 6:49 pm
bonelifer wrote:You could add the pi user to the sudoer list:

http://colekcolek.com/2012/02/28/add-us ... tu-debian/


pi is already in the sudoers list, but even though pi can give sudo commands it doesn't help much in sftp (which is where I would like to have global r/w as pi or another non root user).
Alex Eames RasPi.TV HDMIPi.com RasP.iO
User avatar
Posts: 2054
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
by scorp » Sun Jun 24, 2012 8:03 pm
setfacl not found on my Debian either.... :cry:
Posts: 96
Joined: Tue May 29, 2012 6:21 pm
by alexeames » Sun Jun 24, 2012 8:27 pm
scorp wrote:setfacl not found on my Debian either.... :cry:


Well you could do the root password thing, but it's a pretty radical way to get what you want. Depends how much of a hurry you're in. :D For reasons why not, have a look at a thread from last week where the root login thing was kicked about dangers of root login, sudo benefits?

I had two major issues with logging in as pi

1) I couldn't get write access to USB media (until I found out how to do that)
2) Couldn't get write access - except to the pi directory - by ssh

I know 2 could be solved by chowning the whole tree, but that's not what I want to do. I just want global r/w by ssh. How hard can it be? :cry: It could even be for a brand new user. :)

I bet there's a stupidly simple command out there. There's ALWAYS a stupidly simple command for stuff in linux.
Alex Eames RasPi.TV HDMIPi.com RasP.iO
User avatar
Posts: 2054
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
by jojopi » Sun Jun 24, 2012 11:36 pm
setfacl is in package "acl". However, please do not change the permissions on system directories unless you really know what you are doing.

First of all, the standard permissions are critical to the security of the system. Write access on a directory allows you to delete or rename any of the files in that directory. Any user with that permission on /, or more or less any system directory (/bin, /lib, /usr, /etc), can trivially gain root access by replacing some key file.

Secondly, there is almost no reason you would ever want to write to the system directories remotely, from Ubuntu, or with a GUI. Almost all the files in /usr should only be manipulated using the package manager from the specific distribution and architecture that you are running on.

Keep all your own files in your home directory.
User avatar
Posts: 1954
Joined: Tue Oct 11, 2011 8:38 pm
by stevep » Mon Jun 25, 2012 6:25 am
Just add a root password. I doubt whether your store all your bank and personal details on your Pi, and I don't suppose it holds the personnel and payroll database for your trans-global corporation. You might brick your SD Card, but you can easily write another one, or restore from a backup. Ignore the nanny state. Live on the edge mate.
Posts: 71
Joined: Sat Dec 24, 2011 10:12 am
by alexeames » Mon Jun 25, 2012 7:45 am
stevep wrote:Just add a root password. I doubt whether your store all your bank and personal details on your Pi, and I don't suppose it holds the personnel and payroll database for your trans-global corporation. You might brick your SD Card, but you can easily write another one, or restore from a backup. Ignore the nanny state. Live on the edge mate.


I agree from one point of view, but it ultimately depends on what you want to do with it. Today it might just be media serving or a bit of hacking in python. But tomorrow it might be that you'd want to remote ssh into your Pi-based server to access files on your USB hard drive (for example). In that case, you'd want both...

* as good security as you can have
* read/write access (which I do know how to do on an external drive)

You're possibly right though, just have a root login and only use it when you actually need it - and make sure that it has a stupidly long password (or do ssh only by keys).
Alex Eames RasPi.TV HDMIPi.com RasP.iO
User avatar
Posts: 2054
Joined: Sat Mar 03, 2012 11:57 am
Location: UK
by Jim JKla » Mon Jun 25, 2012 1:28 pm
This was my solution for ssh

First grab putty for Ubuntu (it's one of the standard installs) then log in on your ip port 22 as pi
make your first line sudo su
and you are super user till you exit or reboot
Noob is not derogatory the noob is just the lower end of the noob--geek spectrum being a noob is just your first step towards being an uber-geek ;)

If you find a solution please post it in the wiki the forum dies too quick
User avatar
Posts: 2040
Joined: Sun Jan 29, 2012 11:15 pm
Location: Newcastle upon Tyne UK
by nadir » Mon Jun 25, 2012 1:45 pm
Wouldn't VNC be the better solution if you want full gui-access?

What i do is to:
sshfs pi@raspberri:/ ~/sshfs
Then copy what i need to from ~/sshfs to ~/tmp, and edit it there.
ssh to the raspberry, su to root, and copy the edited file to the right place.
I don't allow root-access for ssh. Not saying that is a bad solution.
Posts: 112
Joined: Sun Jun 10, 2012 5:45 am