| View previous topic :: View next topic |
| Author |
Message |
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
 Posted: Mon Feb 27, 2006 12:40 am Post subject: FUSE: /dev/fuse permissions and subsystem sftp failed |
 |
|
I am using a FUSE-enabled kernel:
| Code: | # zcat /proc/config.gz | grep -i fuse
CONFIG_FUSE_FS=y
# uname -a
Linux pc123 2.6.15.1 #1 PREEMPT Thu Jan 19 16:06:46 NZDT 2006 i686 AMD Athlon(tm) XP 3200+ AuthenticAMD GNU/Linux
|
I emerged 'sshfs' today successfully, however this is what happens when I try to connect to a remote server (that knows nothing at all about FUSE):
| Code: | $ mkdir ./mnt
$ sshfs -o sshfs_debug remote:~ ./mnt
Request for subsystem 'sftp' failed on channel 0
remote host has disconnected |
So I try the local host's name:
| Code: | $ sshfs -o sshfs_debug pc123:~ ./mnt
Warning: Permanently added 'pc123' (RSA) to the list of known hosts.
Server version: 3
fusermount: failed to open /dev/fuse: Permission denied |
Any idea what is happening here? There seems to be two problems.
1. permissions on /dev/fuse aren't right:
| Code: | $ ls -l /dev/fuse
crw-rw---- 1 root root 10, 229 Jan 30 21:02 /dev/fuse
$ cat /etc/udev/rules.d/40-fuse.rules
KERNEL="fuse", NAME="%k", MODE="0666" |
Something wrong there.
And:
2. for some reason (perhaps the same one as #1) the remote server is dropping the ssh connection. Note that ssh and scp both work fine to the remote server, using public key authentication. |
|
| Back to top |
|
 |
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Mon Feb 27, 2006 12:42 pm Post subject: |
|
|
| Code: | # ls -l /dev/fuse
crw-rw-rw- 1 root root 10, 229 Nov 28 13:40 /dev/fuse
|
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
RuhrpottKai
n00b
Joined: 11 Dec 2005
Posts: 5
|
| Posted: Wed May 24, 2006 7:27 am Post subject: edit udev rules |
|
|
it's not a bug, it's a (security) feature...
A good idea is to create a crypt group, for users you permit to mount userspace filesystems.
Just edit /etc/udev/rules.d/60-fuse.rules like this:
| Code: |
KERNEL=="fuse", NAME="%k", MODE="0666", GROUP="crypt"
|
Have a look at http://www.reactivated.net/writing_udev_rules.html#mode-owner-group |
|
| Back to top |
|
|
Nicias
Guru
Joined: 06 Dec 2005
Posts: 446
|
| Posted: Wed May 24, 2006 4:41 pm Post subject: |
|
|
I am having the same trouble:
| Code: | $ eix fuse
...
* sys-fs/fuse
Available versions: 2.6.0_pre2
Installed: 2.6.0_pre2
Homepage: http://fuse.sourceforge.net
Description: An interface for filesystems implemented in userspace.
* sys-fs/sshfs-fuse
Available versions: 1.2 ~1.3 1.6
Installed: 1.6
Homepage: http://fuse.sourceforge.net/
Description: Fuse-filesystem utilizing the sftp service.
|
| Code: | $ lsmod
Module Size Used by
fuse 32136 0
... |
| Code: | $ sshfs host.domain.top: ~/mount-point
user@host.domain.top's password:
fusermount: failed to open /dev/fuse: Permission denied
|
| Code: | $ ls -l /dev/fuse
crw-rw---- 1 root root 10, 229 May 24 11:28 /dev/fuse
|
| Code: | $ cat /etc/udev/rules.d/60-fuse.rules
KERNEL=="fuse", NAME="%k", MODE="0666"
|
|
|
| Back to top |
|
|
xces
Guru
Joined: 11 Oct 2002
Posts: 515
|
| Posted: Thu May 25, 2006 3:14 pm Post subject: |
|
|
| Nicias wrote: | | I am having the same trouble: |
Read RuhrpottKai's post... |
|
| Back to top |
|
|
Nicias
Guru
Joined: 06 Dec 2005
Posts: 446
|
| Posted: Fri May 26, 2006 1:17 pm Post subject: |
|
|
| How do I add a crypto group? |
|
| Back to top |
|
|
xces
Guru
Joined: 11 Oct 2002
Posts: 515
|
| Posted: Sat May 27, 2006 10:06 am Post subject: |
|
|
| Nicias wrote: | | How do I add a crypto group? |
As root:
| Code: | groupadd crypto
usermod -aG crypto $YOUR_USERNAME |
|
|
| Back to top |
|
|
Nicias
Guru
Joined: 06 Dec 2005
Posts: 446
|
| Posted: Sat May 27, 2006 9:11 pm Post subject: |
|
|
I added the group, and added the group= to the udev rule, still no luck. It is still 0660 owned by root/root. Even though my rule says it should be 0666 and owned by crypto.
/ect/udev/rules.d/60-fuse.rules: | Code: | | KERNEL=="fuse", NAME="%k", MODE="0666", GROUP="crypto" |
Then I load the module: | Code: | # modprobe -r fuse
# ls -l /dev/fuse
ls: /dev/fuse: No such file or directory
# modprobe fuse
# ls -l /dev/fuse
crw-rw---- 1 root root 10, 229 May 27 17:10 /dev/fuse |
Any suggestions? |
|
| Back to top |
|
|
xces
Guru
Joined: 11 Oct 2002
Posts: 515
|
| Posted: Mon May 29, 2006 8:23 pm Post subject: |
|
|
| Rename /etc/udev/rules.d/60-fuse.rules to /ect/udev/rules.d/40-fuse.rules so that the rules are loaded before 50-udev.rules. Then run `udevstart`. |
|
| Back to top |
|
|
Nicias
Guru
Joined: 06 Dec 2005
Posts: 446
|
| Posted: Mon May 29, 2006 10:45 pm Post subject: |
|
|
| solved, thanks. |
|
| Back to top |
|
|
flazz
Guru
Joined: 22 Nov 2003
Posts: 496
Location: Florida
|
| Posted: Tue Oct 16, 2007 5:23 am Post subject: |
|
|
is there any reason something like this is not setup by the ebuild? like a FUSE group or a sshfs group? and what about 99-fuse.rules? could i just edit this one?
mine: | Code: |
KERNEL=="fuse", MODE="0666"
|
or could i just leave it?
what security risk could having any user mount an sshfs that normal ssh/scp wouldnt have? |
|
| Back to top |
|
|
|
Networking & Security
