-
Notifications
You must be signed in to change notification settings - Fork 489
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSHFS gives full access to every user even with -o allow_other #182
Comments
One more thing, I am using |
Regarding your workaround, you can mount read-only using the
|
Thanks for the report. This is intentional on the SSHFS side. |
Ah, nice. Looks like
Thanks for getting back to me. |
I'm pretty confused with this.
Non-root users can make folders, but they get owned by root. I'm using |
I've found that the default SSHFS package in Debian 9 (says SSHFS 2.8, FUSE 2.9.7, fuserrmount 2.9.7, kernel interface 7.19) allows any user to write, delete, etc, regardless of permissions. I'd say if this is intentional, it's a bit unobvious from the benign looking man page. If it is unintentional, it's a pretty big security issue and should maybe get a CVE.
Not sure if this is fixed in later versions. I could work with this behavior if there was a -o read_only mode, but I see none. I think that would be a nice feature to have.
I know you said you're busy with other things, I completely understand. I would appreciate it if you can tell me if this was fixed in later versions, intentional or not, etc.
Thank you for your time.
The text was updated successfully, but these errors were encountered: