Raspberry Pi • View topic

by **scorp** » Sun Jun 24, 2012 1:54 pm

I have Ubuntu 12 on my PC (on VM) running. I can connect to RPi via SSH in terminal and do whatever I like using sudo. But I would like to connect to it via SSHFS (using Connect to Server GUI) so I can use Ubuntu GUI to read/write any file and directory. The problem is that if I connect to Rpi using pi/raspberry login details I have only read-only access to it. What shell I do to have full access as if I use sudo command in terminal?
Thank you.

by **alexeames** » Sun Jun 24, 2012 5:52 pm

You could create a root password

Code: Select all: sudo passwd root

and use that to log in. But there may be a better way, which involves less security risk.

I expect someone will be along in a minute to tell us what it is. :geek:

by **alexeames** » Sun Jun 24, 2012 6:30 pm

Googling around (this is a problem I wanted to solve as well) I found something called setfacl.
Set file access control limits. Reading through the stuff on this page, it looks as if the following command might do the trick, but I would like to hear back from someone who knows what they're doing before using it. :lol:

Code: Select all: setfacl -R -m u:pi:rw /

If I understand correctly, the above command will give user pi read/write permission for all files and directories under the root folder / (which is what we want isn't it?). Any comments from those in the know? Is this safer than creating a root login? Is there a better way to be able to upload and delete files as the pi user by ssh?

[edit - just tried this on one of my experimental SD cards. setfacl: command not found. Scratch that one then :lol:

]

by **bonelifer** » Sun Jun 24, 2012 6:41 pm

You could add the pi user to the sudoer list:

http://colekcolek.com/2012/02/28/add-us ... tu-debian/

by **alexeames** » Sun Jun 24, 2012 6:49 pm

bonelifer wrote:You could add the pi user to the sudoer list:

http://colekcolek.com/2012/02/28/add-us ... tu-debian/

pi is already in the sudoers list, but even though pi can give sudo commands it doesn't help much in sftp (which is where I would like to have global r/w as pi or another non root user).

by **scorp** » Sun Jun 24, 2012 8:03 pm

setfacl not found on my Debian either.... :cry:

by **alexeames** » Sun Jun 24, 2012 8:27 pm

scorp wrote:setfacl not found on my Debian either....

Well you could do the root password thing, but it's a pretty radical way to get what you want. Depends how much of a hurry you're in.

For reasons why not, have a look at a thread from last week where the root login thing was kicked about dangers of root login, sudo benefits?

I had two major issues with logging in as pi

1) I couldn't get write access to USB media (until I found out how to do that)
2) Couldn't get write access - except to the pi directory - by ssh

I know 2 could be solved by chowning the whole tree, but that's not what I want to do. I just want global r/w by ssh. How hard can it be? :cry:

It could even be for a brand new user.

I bet there's a stupidly simple command out there. There's ALWAYS a stupidly simple command for stuff in linux.

by **jojopi** » Sun Jun 24, 2012 11:36 pm

setfacl is in package "acl". However, please do not change the permissions on system directories unless you really know what you are doing.

First of all, the standard permissions are critical to the security of the system. Write access on a directory allows you to delete or rename any of the files in that directory. Any user with that permission on /, or more or less any system directory (/bin, /lib, /usr, /etc), can trivially gain root access by replacing some key file.

Secondly, there is almost no reason you would ever want to write to the system directories remotely, from Ubuntu, or with a GUI. Almost all the files in /usr should only be manipulated using the package manager from the specific distribution and architecture that you are running on.

Keep all your own files in your home directory.

by **stevep** » Mon Jun 25, 2012 6:25 am

Just add a root password. I doubt whether your store all your bank and personal details on your Pi, and I don't suppose it holds the personnel and payroll database for your trans-global corporation. You might brick your SD Card, but you can easily write another one, or restore from a backup. Ignore the nanny state. Live on the edge mate.

by **alexeames** » Mon Jun 25, 2012 7:45 am

stevep wrote:Just add a root password. I doubt whether your store all your bank and personal details on your Pi, and I don't suppose it holds the personnel and payroll database for your trans-global corporation. You might brick your SD Card, but you can easily write another one, or restore from a backup. Ignore the nanny state. Live on the edge mate.

I agree from one point of view, but it ultimately depends on what you want to do with it. Today it might just be media serving or a bit of hacking in python. But tomorrow it might be that you'd want to remote ssh into your Pi-based server to access files on your USB hard drive (for example). In that case, you'd want both...

* as good security as you can have
* read/write access (which I do know how to do on an external drive)

You're possibly right though, just have a root login and only use it when you actually need it - and make sure that it has a stupidly long password (or do ssh only by keys).

by **Jim JKla** » Mon Jun 25, 2012 1:28 pm

This was my solution for ssh

First grab putty for Ubuntu (it's one of the standard installs) then log in on your ip port 22 as pi
make your first line sudo su
and you are super user till you exit or reboot

by **nadir** » Mon Jun 25, 2012 1:45 pm

Wouldn't VNC be the better solution if you want full gui-access?

What i do is to:
sshfs pi@raspberri:/ ~/sshfs
Then copy what i need to from ~/sshfs to ~/tmp, and edit it there.
ssh to the raspberry, su to root, and copy the edited file to the right place.
I don't allow root-access for ssh. Not saying that is a bad solution.

SSHFS from Ubuntu access

Who is online