Use ACL to share writable directory with multiple users over sshfs?

jieiku

Active Member
Jan 1, 2020
31
24
28
44
Use ACL to share writable directory with multiple users over sshfs?

I am trying to make it so that multiple users can connect via sshfs and have access to a directory (/fs) where they can modify or create files, either their own files or other peoples files. I am having trouble finding a way to force new files to be writable by the group.

## On Proxmox Host(s):

Bash:
sudo zfs set acltype=posixacl rpool
sudo zfs set acltype=posixacl zpool
sudo zfs set aclinherit=passthrough rpool
sudo zfs set aclinherit=passthrough zpool

## On FileServer (Ubuntu 22.04 LXC Container):

Bash:
sudo apt install -y acl

sudo groupadd FSuser
sudo usermod -aG FSuser tom
sudo usermod -aG FSuser jerry
sudo usermod -g FSuser tom
sudo usermod -g FSuser jerry

sudo mkdir -p /fs/obsidian/Test
sudo chown root:FSuser /fs -R
sudo chmod -R g+wX /fs
sudo find /fs -type d -print0 | xargs -0 sudo chmod 770

sudo getfacl /fs
sudo setfacl -d -m group:FSuser:rwx /fs
sudo setfacl -m group:FSuser:rwx /fs
sudo getfacl /fs

## On Client:

Bash:
sudo mkdir /mnt/fs

sudo nano /etc/fstab

tom@fs:/fs /mnt/fs fuse.sshfs x-systemd.automount,ServerAliveInterval=15,reconnect,_netdev,allow_other,user,idmap=user 0 0

## ACL before:

Bash:
sudo getfacl /fs
getfacl: Removing leading '/' from absolute path names
# file: fs
# owner: root
# group: FSuser
user::rwx
group::rwx
other::---

## ACL after:

Bash:
sudo getfacl /fs
getfacl: Removing leading '/' from absolute path names
# file: fs
# owner: root
# group: FSuser
user::rwx
group::rwx
group:FSuser:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:FSuser:rwx
default:mask::rwx
default:other::---

When I create new files under /fs they do not seem to use the ACL I have set.

They instead use the standard permissions that you normally see when ACL is not present:

Bash:
ls -alh

total 19K
drwxrwx--- 6 root FSuser 6 Jan 16 22:10 .
drwxrwx---+ 3 root FSuser 3 Jan 16 21:49 ..
drwxr-xr-x 2 tom FSuser 8 Jan 16 21:51 .obsidian
drwxrwx--- 2 root FSuser 3 Jan 16 21:49 Test
drwxr-xr-x 2 tom FSuser 2 Jan 16 21:52 Test2
drwxr-xr-x 2 tom FSuser 2 Jan 16 22:10 Test3

Notice Test2 and Test3 are not writeable by the group, this is what I am hoping to change, so that users can alter files within the /fs directory.

For some this might be a pretty basic question, but I have been reading documentation and trying most solutions I can find.

I really appreciate any help, thank you.
 
Last edited:
Nope! I ended up creating a user that we use to access this share, I then added all of our public keys to the authorized_keys file.

So we are all just accessing the file share as the same user, after spending two days trying to get it working, enough was enough.
 
Damn that sucks, I guess I'll just stick to using samba then. I have multiple application service accounts that need to touch files locally as well as regular users over the network. I ended up spending quite a bit of time on this also, very frustrating! Thanks for your response.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!