I have a remote sshfs filesystem mounted on /mnt/data
. Following is the relevant line in /etc/fstab
:
www-data@192.168.1.10:/var/www/ /mnt/data fuse.sshfs rw,noauto,nodev,nosuid,noexec,_netdev,allow_other,default_permissions,uid=martin,gid=martin 0 0
The files in /var/www/
on the remote system are owned by user www-data
, but I am using uid=martin,gid=martin
to map the ownership on the mounted filesystem to uid 1000.
When I cd to /mnt/data/
as martin, I have the correct file permissions/ownership, but I need to change the umask.
On the remote filesytem, the user www-data
has umask 0027
. On my local filesystem, the user martin
has umask 0077
. I want to keep the umask 0077
on my local files, but use 0027
on the sshfs mounted files (ie all files in /mnt/data/).
Is this even possible ?
I have tried setting acl permissions on the whole directory on the remote filesystem:
setfacl -d -m g::rx /var/www/
setfacl -d -m o::--- /var/www/
but this has no effect on the sshfs mounted share.
-u 027
to the line in/etc/ssh/sshd_config
, and restartedssh
, but it does not seem to have any effect. Files are created still with the old umask0077
– Martin Vegter Jun 12 '16 at 11:44ForceCommand
option there? – Jakuje Jun 12 '16 at 11:46service ssh restart
. What do you mean byForceCommand
option? I have noForceCommand
in/etc/ssh/sshd_config
. – Martin Vegter Jun 12 '16 at 11:59sshfs
mount. Otherwise I don't see any reason why this should not work. Only possibility would be that the files are sent from your host with already stripped permissions (for example600
) and then theumask
on the server does not have any effect. You should be able to see that when running the server in debug mode (LogLevel DEBUG3
). Linesrequest $filename: open flags $flags
should tell what flags are send. – Jakuje Jun 12 '16 at 12:07-o umask=027
switch to sshfs (when used in/etc/fstab
) only affects how existing files are shown on the mounted filesystem. But it does not represent the actual permissions on the remote server, nor does it affect true permissions (on the remote server) of newly created files. – Martin Vegter Jun 12 '16 at 12:24Subsystem sftp /usr/lib/ssh/sftp-server -u 027
orSubsystem sftp internal-sftp -u 027
– MountainX Sep 24 '17 at 05:21