View previous topic :: View next topic |
Author |
Message |
gencol n00b
Joined: 22 Nov 2012 Posts: 4
|
Posted: Thu Nov 22, 2012 5:14 pm Post subject: Cherokee + SSHFS on Gentoo |
|
|
This is somewhat complicated and specific so I hope I'm in the right forum for that.
The issue is that of permissions and hopefully the solution should be simple.
I'm using Cherokee web server with php-fpm on a few gentoo machines I have.
Cherokee does load balancing and so some requests go to other machines.
However, I want uploaded files from one machine to be available to all the machines.
For example: a member uploads a forum attachment but the forum should be able to access that file from all machines.
For this to work properly, one machine has the real directory and the other machines mount it using sshfs
Here's the mount line from fstab to do that:
Code: | sshfs#root@server:/var/www/forums/files /var/www/forums/files fuse allow_other,reconnect,port=1122,compression=yes |
Problem is that although Cherokee is using user cherokee, files created via sshfs have "nobody" as an owner and so it cannot access the files it created and neither can the other machines. I did think of simply giving 777 permissions but I don't think that's the most secure solution.
I would have liked to connect to the other machine with user cherokee but cannot figure out how to generate a public key for the user cherokee as there's no home directory for it. Actually, only /root is available as a home directory with ~/.ssh being the directory for the ssh authenticated-keys.
Any ideas? |
|
Back to top |
|
|
truc Advocate
Joined: 25 Jul 2005 Posts: 3199
|
Posted: Fri Nov 23, 2012 4:34 pm Post subject: Re: Cherokee + SSHFS on Gentoo |
|
|
gencol wrote: | I did think of simply giving 777 permissions but I don't think that's the most secure solution. |
It's actually worse than that, thinking about giving 777 means you don't really understand what the permissions are for. May I suggest you to experiment first on some basic tutorials about unix permissions? _________________ The End of the Internet! |
|
Back to top |
|
|
gencol n00b
Joined: 22 Nov 2012 Posts: 4
|
Posted: Fri Nov 23, 2012 5:17 pm Post subject: |
|
|
I quite well understand what unix permissions are. Ofcourse 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks. |
|
Back to top |
|
|
truc Advocate
Joined: 25 Jul 2005 Posts: 3199
|
Posted: Fri Nov 23, 2012 11:42 pm Post subject: |
|
|
gencol wrote: | I quite well understand what unix permissions are. Of course 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks. |
Have you check sshfs/fuse documentation? I see a lot of options(idmap/uidfile/gidfile and uid/gid/umask/...) which may or may not be of interest. _________________ The End of the Internet!
Last edited by truc on Sat Nov 24, 2012 12:37 am; edited 1 time in total |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Sat Nov 24, 2012 12:24 am Post subject: |
|
|
so, every technical forum will inevitably have an asshole who will, instead of telling you how to fix your app, suggest an alternative. I will be that asshole today, have you looked at using lsyncd for this?
'tis something i implemented recently for an application at work; we basically have a webapp that will create a file that users need to be able to access, and so every node needs to have a copy. And it has to be basically realtime, so that worked for us.
(and if not, have a peek at 'man sshfs', there are options for uid=, gid=, umask= and so forth that should accomplish what you want with sshfs) _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
|