User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Browsing user home directories on remote server

Tue Feb 04, 2014 10:22 am

I've got students work saved in their home directories on a server called athena.

I thought I would be able to use sshfs to mount athena:/home to a dir called athena on my desktop machine, like this.

sshfs athena_admin@athena.computing.lan:/home ./athena


That much works ...

Code: Select all

giotto-admin@giotto:~/athena$ ls
abbiee2011                  catias2013                  florina-arianac2011  lauras2011          nathanaelm2011       sanam2011
abdullahih2012              chakellc2013 ... etc.  
However,

Code: Select all

giotto-admin@giotto:~/athena/dannyh2013$ ls abbiee2011
ls: cannot access abbiee2011: Permission denied
I know I could have ssh'd directly into athena as root user and then view the files in terminal but I really need to be able to browse files and directories with a graphical file manager with the ability to view open office files, programs etc.

Any suggestions?

Thanks in advance.

User avatar
RaTTuS
Posts: 10681
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: Browsing user home directories on remote server

Tue Feb 04, 2014 10:33 am

setup a group on the server that all the students belong to .... i.e. backup
then allow your account to read backup
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 11:30 am

Thanks.. But.. Which account?

I made a secondary group called 'students'.
All students and the 'root' user called "athena_admin" have been added to this group.

On athena, user accounts are stored in /home

I am logged into another machine called giotto with the user giotto_admin. But still this happens:

Code: Select all

giotto-admin@giotto:~$ sshfs athena_admin@192.168.0.4:/home ./athena
athena_admin@192.168.0.4's password: 
giotto-admin@giotto:~$ cd athena
giotto-admin@giotto:~/athena$ ls abbiee2011
ls: reading directory abbiee2011: Permission denied
giotto-admin@giotto:~/athena$ 

ripat
Posts: 191
Joined: Tue Jul 31, 2012 11:51 am
Location: Belgium

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 11:40 am

Try this:

Code: Select all

$ sshfs -o idmap=user athena_admin@athena.computing.lan:/home ./athena
Using Linux command line usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 11:51 am

Thanks but just getting read: Connection reset by peer

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 11:56 am

Ah...
DNS issue
but

Code: Select all

giotto-admin@giotto:~$ sshfs -o idmap=user -o sshfs_debug athena_admin@192.168.0.4:/home ./athena
SSHFS version 2.3
athena_admin@192.168.0.4's password: 
Server version: 3
Extension: posix-rename@openssh.com <1>
Extension: statvfs@openssh.com <2>
Extension: fstatvfs@openssh.com <2>
Extension: hardlink@openssh.com <1>
giotto-admin@giotto:~/athena$ ls abbiee2011
ls: reading directory abbiee2011: Permission denied
giotto-admin@giotto:~/athena$ 

User avatar
jojopi
Posts: 3402
Joined: Tue Oct 11, 2011 8:38 pm

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 1:00 pm

morphy_richards wrote:giotto-admin@giotto:~/athena/dannyh2013$ ls abbiee2011
ls: cannot access abbiee2011: Permission denied
This is actually quite a tricky problem. The individual students own those directories and files, so they are responsible for the final permissions. You could tell them to make sure you have access, but they could still get that wrong.

Also, in the simplistic UNIX permissions model, it is difficult for students to give you access without also giving each other access to their work, which might not be desirable.

(You could give each student a group, such that only you are a member of all the groups. Or you could ask them to make the files world-readable but notch out the students group leaving permissions of 0604 = rw----r--. Or you could use file ACLs, or some kind of mandatory access control. But these are all advanced and unusual configurations, and further increase the chance of user error.)

I think you should accept that you probably need to be root. You can either use root to read the files, or you can use it to forcibly change all the permissions, most likely recursively. I think the first option may be safer, unless you are already familiar with setfacl(1).

Note that sshfs will not allow access outside the starting directory. So allowing root access to /home is a lot better than allowing root access to /. If at all possible, make the mount read-only on the client, so that the GUI tools you are using cannot write:

Code: Select all

sshfs -o ro root@192.168.0.4:/home ./athena
(If athena is running Linux, then it is also possible to allow a user such athena_admin read only access to all files, via capability CAP_DAC_READ_SEARCH. Again, that is an advanced topic.)

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 1:32 pm

jojopi wrote: Note that sshfs will not allow access outside the starting directory. So allowing root access to /home is a lot better than allowing root access to /. If at all possible, make the mount read-only on the client, so that the GUI tools you are using cannot write:

Code: Select all

sshfs -o ro root@192.168.0.4:/home ./athena
(If athena is running Linux, then it is also possible to allow a user such athena_admin read only access to all files, via capability CAP_DAC_READ_SEARCH. Again, that is an advanced topic.)
Thanks for this.
Athena, containing the user home directories is a variant of Ubuntu, As far as I know Ubuntu just has a user in the sudoers group but no actual "roor". Is there any way you know of logging in as root like this?

At the moment I am marking work by having logged through ssh.

I have then done sudo -i on myself and am reading through their work using joe.

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Browsing user home directories on remote server

Wed Feb 05, 2014 2:11 pm

Tahnks Jojopi I enabled root: http://askubuntu.com/questions/44418/ho ... root-login

Now, look what I can do with
sshfs root@192.168.0.4:/home ./athena
Attachments
Screenshot.png
Screenshot.png (27.83 KiB) Viewed 2136 times

Return to “Off topic discussion”