Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Cherokee + SSHFS on Gentoo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
gencol
n00b
n00b


Joined: 22 Nov 2012
Posts: 4

PostPosted: Thu Nov 22, 2012 5:14 pm    Post subject: Cherokee + SSHFS on Gentoo Reply with quote

This is somewhat complicated and specific so I hope I'm in the right forum for that.
The issue is that of permissions and hopefully the solution should be simple.

I'm using Cherokee web server with php-fpm on a few gentoo machines I have.
Cherokee does load balancing and so some requests go to other machines.
However, I want uploaded files from one machine to be available to all the machines.
For example: a member uploads a forum attachment but the forum should be able to access that file from all machines.

For this to work properly, one machine has the real directory and the other machines mount it using sshfs
Here's the mount line from fstab to do that:
Code:
sshfs#root@server:/var/www/forums/files   /var/www/forums/files   fuse   allow_other,reconnect,port=1122,compression=yes


Problem is that although Cherokee is using user cherokee, files created via sshfs have "nobody" as an owner and so it cannot access the files it created and neither can the other machines. I did think of simply giving 777 permissions but I don't think that's the most secure solution.
I would have liked to connect to the other machine with user cherokee but cannot figure out how to generate a public key for the user cherokee as there's no home directory for it. Actually, only /root is available as a home directory with ~/.ssh being the directory for the ssh authenticated-keys.

Any ideas? :?: :?: :?:
Back to top
View user's profile Send private message
truc
Advocate
Advocate


Joined: 25 Jul 2005
Posts: 3199

PostPosted: Fri Nov 23, 2012 4:34 pm    Post subject: Re: Cherokee + SSHFS on Gentoo Reply with quote

gencol wrote:
I did think of simply giving 777 permissions but I don't think that's the most secure solution.


It's actually worse than that, thinking about giving 777 means you don't really understand what the permissions are for. May I suggest you to experiment first on some basic tutorials about unix permissions?
_________________
The End of the Internet!
Back to top
View user's profile Send private message
gencol
n00b
n00b


Joined: 22 Nov 2012
Posts: 4

PostPosted: Fri Nov 23, 2012 5:17 pm    Post subject: Reply with quote

I quite well understand what unix permissions are. Ofcourse 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks.
Back to top
View user's profile Send private message
truc
Advocate
Advocate


Joined: 25 Jul 2005
Posts: 3199

PostPosted: Fri Nov 23, 2012 11:42 pm    Post subject: Reply with quote

gencol wrote:
I quite well understand what unix permissions are. Of course 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks.


Have you check sshfs/fuse documentation? I see a lot of options(idmap/uidfile/gidfile and uid/gid/umask/...) which may or may not be of interest.
_________________
The End of the Internet!


Last edited by truc on Sat Nov 24, 2012 12:37 am; edited 1 time in total
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Sat Nov 24, 2012 12:24 am    Post subject: Reply with quote

so, every technical forum will inevitably have an asshole who will, instead of telling you how to fix your app, suggest an alternative. I will be that asshole today, have you looked at using lsyncd for this?

'tis something i implemented recently for an application at work; we basically have a webapp that will create a file that users need to be able to access, and so every node needs to have a copy. And it has to be basically realtime, so that worked for us.


(and if not, have a peek at 'man sshfs', there are options for uid=, gid=, umask= and so forth that should accomplish what you want with sshfs)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum