Re: sshfs has fubared mount

[ellanios82]

On 2/10/21 3:05 PM, Gene Heskett wrote:
re: gf

That took years because most were afraid of a geek.



 - how marvelous, that, today one can "Search" internet for geekish gf!!


 [ my dob: 1937]

.

 my respects , & best wishes

.

 Richard

Re: sshfs has fubared mount

[Andrei POPESCU]

On Mi, 10 feb 21, 07:31:51, Gene Heskett wrote:
> 
> But where I was now forced to use root to make this newer subdir, because 
> the re-organization of all this crap that hides root only commands from 
> the user, now forced me to use root to make that new subdir even though 
> I owned the parent directory. So I was by some, to me missquided 
> thinking about security, forced to use root AND as root change the 
> ownership to me before it would work as intended.

[unreproducible]

amp@acr13:~$ export LANG=C.UTF-8
amp@acr13:~$ ls -ld /
drwxr-xr-x 18 root root 4.0K 10 Feb 16:37 /

[/ is owned by root, naturally]

amp@acr13:~$ mkdir /testdir
mkdir: cannot create directory ‘/testdir’: Permission denied

[no surprise here]

amp@acr13:~$ sudo mkdir /testdir
amp@acr13:~$ mkdir /testdir/subdir
mkdir: cannot create directory ‘/testdir/subdir’: Permission denied

[no surprise here either, /testdir is owned by root]

amp@acr13:~$ sudo chown amp:amp /testdir
amp@acr13:~$ mkdir /testdir/subdir
amp@acr13:~$ ls -l /testdir
total 4.0K
drwxr-xr-x 2 amp amp 4.0K 10 Feb 16:38 subdir

[after changing permissions the 'mkdir' succeeds (as expected) and the 
new directory is owned by 'amp' (as expected)]

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: sshfs has fubared mount

[Gene Heskett]

On Wednesday 10 February 2021 02:16:21 Anssi Saari wrote:

> Gene Heskett  writes:
> > See my reply to David. All those mounts are to the root of the
> > filesystems on the other machines, and that then accounted for the
> > fact I was seeing root:root for the already mounted systems.  A
> > point that if I ever knew it, I've since forgotten since the other
> > entries are now many years old.  Relatively short term memory isn't
> > so good at 86 yo.
>
> I think that's one of those things in Unix-likes that isn't really
> covered anywhere. At least I don't remember seeing it documented but
> it does follow from what mounting is. Anyways, I can only hope I
> remember things half as well as you do when I'm your age.

Take your vitamins, but steer clear of any one-a-day vitamins that 
contain vitamin k.  That was blamed for the pulmonary embolism I had 
when I was 79. That, in addition to being subject to a < 2% survival 
rate, did cost me a few points of IQ.  So today my pilltainer holds, in 
addition to the prescribed stuff because I've had some heart attacks and 
a new valve plus a pacemaker, has Some A,C,D, b12 because I am diabetic 
which flushes B12, selenuim because nobody with traces of that has died 
of the wuhan flu and a bunch of OTC stuff for strong bones, prostate 
restrictions and arthritis.  As for the IQ, I made a 98 on the AFQT 
during the Korean part in '52.  Next best score out of 137 other boys 
taking that test that day was 36. THAT got me 4F'd, so I started looking 
for a girl since I wasn't subject to the draft any more. That took years 
because most were afraid of a geek.

Take care and stay well Anssi.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[Gene Heskett]

On Wednesday 10 February 2021 04:08:15 Andrei POPESCU wrote:

> On Ma, 09 feb 21, 13:00:23, David Christensen wrote:
> > We were all confused by a feature of mount(1) -- mounting a remote
> > filesystem changes the owner and group of the mount point on the
> > local machine while the remote filesystem is mounted:
>
> Maybe it's easier to understand that a file system is mounted "on top"
> of a mount point (which is typically, but not necessarily, an empty
> directory).
>
> There is no change of permissions involved, one is just looking at two
> different directories, that just happen to be attached at the same
> point in the file system hierarchy.
>
> > 2021-02-09 12:13:43 dpchrist@tinkywinky ~
> > $ mount | grep '/po'
> >
> > 2021-02-09 12:23:26 dpchrist@tinkywinky ~
> > $ ls -ld /po
> > drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po
> >
> > 2021-02-09 12:23:29 dpchrist@tinkywinky ~
> > $ mount /po
> >
> > 2021-02-09 12:24:14 dpchrist@tinkywinky ~
> > $ mount | grep '/po'
> > po:/ on /po type fuse.sshfs
> > (ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=d
> >pchrist)
> >
> > 2021-02-09 12:24:17 dpchrist@tinkywinky ~
> > $ ls -ld /po
> > drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po
>
> These are the permissions of the root directory of the mounted file
> system.
>
> > The owner and group are restored when the filesystem is unmounted:
> >
> > 2021-02-09 12:24:21 dpchrist@tinkywinky ~
> > $ fusermount -u /po
> >
> > 2021-02-09 12:25:45 dpchrist@tinkywinky ~
> > $ ls -ld /po
> > drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po
>
> Here you are looking again at the mount point.
>
> Kind regards,
> Andrei

Going back in history to when that original /sshnet was initially set up, 
I faintly recall have to do that mkdir as root but then had to change 
its ownership to me, and then I was able to mkdir the other subdirs as 
mount points I could use as me.

But where I was now forced to use root to make this newer subdir, because 
the re-organization of all this crap that hides root only commands from 
the user, now forced me to use root to make that new subdir even though 
I owned the parent directory. So I was by some, to me missquided 
thinking about security, forced to use root AND as root change the 
ownership to me before it would work as intended.

So that decision by somebody in a position to change the distribution 
cost me, and several other trying to help which I thank ypu for, over a 
week to find and fix the perms problem. I'm happy its fixed, but this 
sort of stuff contributes nothing to security AFAIAC, and is the sort of 
stuff normally found on the ground, warm, even steaming, behind the male 
of the bovine specie.  I can't begin to describe the odor from a 20 acre 
missnomer called a "drylot", with 250 head of them, eating nothing but 
ear corn from a 50,000 bushel self feeder, even 100 yards upwind on a 5F 
morning in February. Mear words are not adequate. I may have made a more 
than adequate living in electronics for 73 years now, but I was raised 
on an Iowa farm.  BTDT, remember it well 73 years later.

Again, I thank all that helped, while probably wondering what this old 
fart is up to now. What I am doing is making it save me work by making 
it do what I want it to do. That doesn't seem like such an un-reasonable 
expectation to me.  OTOH, I am probably the individual George Bernard 
Shaw was describeing when he stated that all progress was made by an 
un-reasonable man, seen in sigs now and again.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[Anssi Saari]

Gene Heskett  writes:

> See my reply to David. All those mounts are to the root of the 
> filesystems on the other machines, and that then accounted for the fact 
> I was seeing root:root for the already mounted systems.  A point that if 
> I ever knew it, I've since forgotten since the other entries are now 
> many years old.  Relatively short term memory isn't so good at 86 yo.

I think that's one of those things in Unix-likes that isn't really
covered anywhere. At least I don't remember seeing it documented but it
does follow from what mounting is. Anyways, I can only hope I remember
things half as well as you do when I'm your age.

Re: sshfs has fubared mount

[Andrei POPESCU]

On Ma, 09 feb 21, 13:00:23, David Christensen wrote:
> 
> We were all confused by a feature of mount(1) -- mounting a remote
> filesystem changes the owner and group of the mount point on the local
> machine while the remote filesystem is mounted:

Maybe it's easier to understand that a file system is mounted "on top" 
of a mount point (which is typically, but not necessarily, an empty 
directory).

There is no change of permissions involved, one is just looking at two 
different directories, that just happen to be attached at the same point 
in the file system hierarchy.

> 2021-02-09 12:13:43 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> 
> 2021-02-09 12:23:26 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po
> 
> 2021-02-09 12:23:29 dpchrist@tinkywinky ~
> $ mount /po
> 
> 2021-02-09 12:24:14 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> po:/ on /po type fuse.sshfs
> (ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=dpchrist)
> 
> 2021-02-09 12:24:17 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po
 
These are the permissions of the root directory of the mounted file 
system.
 
> The owner and group are restored when the filesystem is unmounted:
> 
> 2021-02-09 12:24:21 dpchrist@tinkywinky ~
> $ fusermount -u /po
> 
> 2021-02-09 12:25:45 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po

Here you are looking again at the mount point.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 16:00:23 David Christensen wrote:

> On 2021-02-09 05:15, Gene Heskett wrote:
> > On Tuesday 09 February 2021 02:29:02 David Christensen wrote:
> >> On 2021-02-08 21:01, Gene Heskett wrote:
> >>> Greetings all;
> >>>
> >>> I have sshfs setup so I can move files around between this box and
> >>> 4 others, 3 of which are now running buster.  Works only for the
> >>> user, me.
> >>
> >> I have previously installed my public SSH key from the local
> >> computer 'tinkywinky' to the remote computer 'po' with
> >> ssh-copy-id(1):
> >
> > Don't recall doing this, plz describe>
>
> I initially created an SSH keypair with a passphrase using
> ssh-keygen(1).  If a villian gets my SSH keypair, he also has to get
> my SSH passphrase to access the computers and accounts where I have
> installed the SSH public key.
>
>
> When I open a terminal, I run ssh-agent(1) and ssh-add(1) to manage my
> SSH keys.  I enter my passphrase once, and ssh-agent(1) will provide
> it to SSH-aware software for me:
>
> 2021-02-09 12:32:30 dpchrist@tinkywinky ~
> $ ssh-agent bash -l
>
> 2021-02-09 12:32:32 dpchrist@tinkywinky ~
> $ ssh-add
> Enter passphrase for /home/dpchrist/.ssh/id_rsa:
> Identity added: /home/dpchrist/.ssh/id_rsa
> (/home/dpchrist/.ssh/id_rsa)
>
>
> If I remove my SSH public key from po, I can demonstrate
> ssh-copy-id(1). ssh-agent(1) will provide my SSH passphrase, but I
> will need to enter the password for the account on the remote host:
>
> 2021-02-09 12:12:02 dpchrist@tinkywinky ~
> $ ssh-copy-id po
> /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
> to filter out any that are already installed
> /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you
> are prompted now it is to install the new keys
> dpchrist@po's password:
>
> Number of key(s) added: 1
>
> Now try logging into the machine, with:   "ssh 'po'"
> and check to make sure that only the key(s) you wanted were added.
>
>
> I can now login in to 'po' using ssh(1).  ssh-agent(1) will provide my
> passphrase.  I do not need to enter my SSH passphrase or my remote
> account password:
>
> 2021-02-09 12:12:10 dpchrist@tinkywinky ~
> $ ssh po
> Linux po 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64
> Last login: Tue Feb  9 12:10:11 2021 from 192.168.5.74
>
> 2021-02-09 12:12:12 dpchrist@po ~
> $
>
>
> Similarly, scp(1), rsync(1), and others will operate without requiring
> passphrases or passwords.  This is especially useful for scripts,
> cron(8) jobs, etc..
>
> >> I created an fstab(5) entry on the local machine for mounting the
> >> remote root directory with my unprivileged account.  Note the
> >> options:
> >>
> >> 2021-02-08 22:37:51 dpchrist@tinkywinky ~
> >> $ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
> >> po:/ /po fuse.sshfs ro,noauto,user 0 0
> >
> > I've never had any of this below in my fstab, haven't needed it for
> > the other 4 machines.
>
> fstab(1) is the canonical location for mount information.  By putting
> it there, standard tools will know where to find it.
>
> >> I created a mount point and I set the owner and group to match my
> >> unprivileged account.  The directory is empty:
> >>
> >> 2021-02-08 22:39:38 dpchrist@tinkywinky ~
> >> $ ls -la /po
> >> total 8
> >> drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
> >> drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..
> >
> > Matches mine. Difference is that I put all those mountpoints in the
> > /sshnet subdir gene@coyote:~$ ls -la /sshnet/
> > total 36
> > drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
> > drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
> > drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
> > drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root 4096 May  2  2019 vna
>
> Assuming that command was run when /sshnet/Hardingel was not mounted
> (see below), the owner and group of Hardingel is root:root, not
> gene:gene.
>
> On 2021-02-09 07:05, David Wright wrote:
>  > Change the ownership of Hardinge1.
>
> Yes, that is the correct solution.
>
>
> We were all confused by a feature of mount(1) -- mounting a remote
> filesystem changes the owner and group of the mount point on the local
> machine while the remote filesystem is mounted:
>
> 2021-02-09 12:13:43 dpchrist@tinkywinky ~
> $ mount | grep '/po'
>
> 2021-02-09 12:23:26 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po
>
> 2021-02-09 12:23:29 dpchrist@tinkywinky ~
> $ mount /po
>
> 2021-02-09 12:24:14 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> po:/ on /po type fuse.sshfs
> (ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=dpc
>hrist)
>
> 2021-02-09 12:24:17 dpchrist@tinkywinky ~
> $ ls -ld /po
> drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po
>
>
> T

Re: sshfs has fubared mount

[David Christensen]

On 2021-02-09 05:15, Gene Heskett wrote:

On Tuesday 09 February 2021 02:29:02 David Christensen wrote:


On 2021-02-08 21:01, Gene Heskett wrote:

Greetings all;

I have sshfs setup so I can move files around between this box and 4
others, 3 of which are now running buster.  Works only for the user,
me.



I have previously installed my public SSH key from the local computer
'tinkywinky' to the remote computer 'po' with ssh-copy-id(1):


Don't recall doing this, plz describe>



I initially created an SSH keypair with a passphrase using 
ssh-keygen(1).  If a villian gets my SSH keypair, he also has to get my 
SSH passphrase to access the computers and accounts where I have 
installed the SSH public key.



When I open a terminal, I run ssh-agent(1) and ssh-add(1) to manage my 
SSH keys.  I enter my passphrase once, and ssh-agent(1) will provide it 
to SSH-aware software for me:


2021-02-09 12:32:30 dpchrist@tinkywinky ~
$ ssh-agent bash -l

2021-02-09 12:32:32 dpchrist@tinkywinky ~
$ ssh-add
Enter passphrase for /home/dpchrist/.ssh/id_rsa:
Identity added: /home/dpchrist/.ssh/id_rsa (/home/dpchrist/.ssh/id_rsa)


If I remove my SSH public key from po, I can demonstrate ssh-copy-id(1). 
 ssh-agent(1) will provide my SSH passphrase, but I will need to enter 
the password for the account on the remote host:


2021-02-09 12:12:02 dpchrist@tinkywinky ~
$ ssh-copy-id po
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to 
filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you 
are prompted now it is to install the new keys

dpchrist@po's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'po'"
and check to make sure that only the key(s) you wanted were added.


I can now login in to 'po' using ssh(1).  ssh-agent(1) will provide my 
passphrase.  I do not need to enter my SSH passphrase or my remote 
account password:


2021-02-09 12:12:10 dpchrist@tinkywinky ~
$ ssh po
Linux po 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1 (2019-04-12) x86_64
Last login: Tue Feb  9 12:10:11 2021 from 192.168.5.74

2021-02-09 12:12:12 dpchrist@po ~
$


Similarly, scp(1), rsync(1), and others will operate without requiring 
passphrases or passwords.  This is especially useful for scripts, 
cron(8) jobs, etc..




I created an fstab(5) entry on the local machine for mounting the
remote root directory with my unprivileged account.  Note the options: 


2021-02-08 22:37:51 dpchrist@tinkywinky ~
$ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
po:/ /po fuse.sshfs ro,noauto,user 0 0


I've never had any of this below in my fstab, haven't needed it for the
other 4 machines.



fstab(1) is the canonical location for mount information.  By putting it 
there, standard tools will know where to find it.




I created a mount point and I set the owner and group to match my
unprivileged account.  The directory is empty:

2021-02-08 22:39:38 dpchrist@tinkywinky ~
$ ls -la /po
total 8
drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..


Matches mine. Difference is that I put all those mountpoints in the /sshnet 
subdir
gene@coyote:~$ ls -la /sshnet/
total 36
drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
drwxr-xr-x  2 root root 4096 May  2  2019 vna



Assuming that command was run when /sshnet/Hardingel was not mounted 
(see below), the owner and group of Hardingel is root:root, not gene:gene.



On 2021-02-09 07:05, David Wright wrote:
> Change the ownership of Hardinge1.

Yes, that is the correct solution.


We were all confused by a feature of mount(1) -- mounting a remote 
filesystem changes the owner and group of the mount point on the local 
machine while the remote filesystem is mounted:


2021-02-09 12:13:43 dpchrist@tinkywinky ~
$ mount | grep '/po'

2021-02-09 12:23:26 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po

2021-02-09 12:23:29 dpchrist@tinkywinky ~
$ mount /po

2021-02-09 12:24:14 dpchrist@tinkywinky ~
$ mount | grep '/po'
po:/ on /po type fuse.sshfs 
(ro,nosuid,nodev,noexec,relatime,user_id=13250,group_id=13250,user=dpchrist)


2021-02-09 12:24:17 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 1 root root 4096 Aug 30 18:09 /po


The owner and group are restored when the filesystem is unmounted:

2021-02-09 12:24:21 dpchrist@tinkywinky ~
$ fusermount -u /po

2021-02-09 12:25:45 dpchrist@tinkywinky ~
$ ls -ld /po
drwxr-xr-x 2 dpchrist dpchrist 4096 Jan 21 13:32 /po


Finally, you might want to make the 'mount-machines' script idempotent:

https://en.wikipedia.org/wiki/Idempotent


E.g. add a conditio

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 10:52:02 Anssi Saari wrote:

> Gene Heskett  writes:
> > fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> > which is
> > ls -la /sshnet/ (on this machine)
> > total 84
> > drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> > drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
> > drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
> > drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root  4096 May  2  2019 vna
>
> With a little testing mounting with sshfs needs write access to the
> mount point so it's not possible to mount to your /sshnet/Hardinge1
> since you don't have write permission, only root does. So you need to
> add write permissions to your mount point /sshnet/Hardinge1.
>
> Now, if you're saying you can mount to sixty40, lathe, GO704, rpi4
> without write permissions then I'm baffled. You seem to indicate the
> listing shows that those directories are currently mounted in which
> case the mount point permissions are not shown?

See my reply to David. All those mounts are to the root of the 
filesystems on the other machines, and that then accounted for the fact 
I was seeing root:root for the already mounted systems.  A point that if 
I ever knew it, I've since forgotten since the other entries are now 
many years old.  Relatively short term memory isn't so good at 86 yo.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[Anssi Saari]

Gene Heskett  writes:

> fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> which is
> ls -la /sshnet/ (on this machine)
> total 84
> drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
> drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
> drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> drwxr-xr-x  2 root root  4096 May  2  2019 vna

With a little testing mounting with sshfs needs write access to the
mount point so it's not possible to mount to your /sshnet/Hardinge1
since you don't have write permission, only root does. So you need to
add write permissions to your mount point /sshnet/Hardinge1.

Now, if you're saying you can mount to sixty40, lathe, GO704, rpi4
without write permissions then I'm baffled. You seem to indicate the
listing shows that those directories are currently mounted in which case
the mount point permissions are not shown?

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 10:05:34 David Wright wrote:

> On Tue 09 Feb 2021 at 00:01:03 (-0500), Gene Heskett wrote:
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
> >
> > Same install medium, a usb key, has installed buster to a 5th
> > machine, which is identical to two of the other 4.
> >
> > But the mount permissions are inverted, only root can mount this 5th
> > machine.  ssh -Y aliasname works normally, and I am logged into this
> > 5th machine fron a konsole as me, user 1000.
> >
> > Only I can execute these 4 lines of a script in my bin directory
> > #!/bin/bash
> > sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> > sshfs gene@lathe:/  /sshnet/lathe
> > sshfs gene@GO704:/  /sshnet/GO704
> > sshfs pi@rpi4:/ /sshnet/rpi4
> >
> > but only root can execute this last line
> >
> > sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> >
> > generating this error when I run this script as me.
> > gene@coyote:~$ bin/mount-machines
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
> >
> > The above mounts have already been done, and the onwership and perms
> > of /sshnet/Hardinge1 are identical to the other 4 above
> >
> > fusermount: user has no write access to mountpoint /sshnet/Hardinge1
>
> That's correct, isn't it?
>
> > which is
> > ls -la /sshnet/ (on this machine)
> > total 84
> > drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> > drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> > drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> > drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
>
> ↑
>
> Root has write permission on that mount point, but not gene.
>
> > drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
>
> 
>
> You say this mount point has already been mounted on, so that won't
> be the ownership of the mount point, but of what's mounted on it.
>
> > drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> > drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> > drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> > drwxr-xr-x  2 root root  4096 May  2  2019 vna
> >
> > How do I fix this? I do not want a root perms holder to have access.
> > Anything I need to do to any of thse machines that needs root, can
> > be done with sudo from a normal login as the first user.
>
> Change the ownership of Hardinge1.
>
> Cheers,
> David.

And that was indeed the magic twanger, David, many thanks.

I was not aware that the perms ls -la was showing me were the perms of 
the mountED path.  Subtle diff, and apparently not documented 
sufficiently enough to get my attention.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[David Wright]

On Tue 09 Feb 2021 at 00:01:03 (-0500), Gene Heskett wrote:
> I have sshfs setup so I can move files around between this box and 4 
> others, 3 of which are now running buster.  Works only for the user, me.
> 
> Same install medium, a usb key, has installed buster to a 5th machine, 
> which is identical to two of the other 4.
> 
> But the mount permissions are inverted, only root can mount this 5th 
> machine.  ssh -Y aliasname works normally, and I am logged into this 5th 
> machine fron a konsole as me, user 1000.
> 
> Only I can execute these 4 lines of a script in my bin directory
> #!/bin/bash
> sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> sshfs gene@lathe:/  /sshnet/lathe
> sshfs gene@GO704:/  /sshnet/GO704
> sshfs pi@rpi4:/   /sshnet/rpi4
> 
> but only root can execute this last line
> 
> sshfs gene@Hardinge1://sshnet/Hardinge1
> 
> generating this error when I run this script as me.
> gene@coyote:~$ bin/mount-machines
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option
> 
> The above mounts have already been done, and the onwership and perms 
> of /sshnet/Hardinge1 are identical to the other 4 above
> 
> fusermount: user has no write access to mountpoint /sshnet/Hardinge1

That's correct, isn't it?

> which is
> ls -la /sshnet/ (on this machine)
> total 84
> drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
> drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
> drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
> drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1

↑

Root has write permission on that mount point, but not gene.

> drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe



You say this mount point has already been mounted on, so that won't
be the ownership of the mount point, but of what's mounted on it.

> drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
> drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
> drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
> drwxr-xr-x  2 root root  4096 May  2  2019 vna
> 
> How do I fix this? I do not want a root perms holder to have access.
> Anything I need to do to any of thse machines that needs root, can be 
> done with sudo from a normal login as the first user.

Change the ownership of Hardinge1.

Cheers,
David.

Re: sshfs has fubared mount

[tomas]

On Tue, Feb 09, 2021 at 08:37:12AM -0500, Gene Heskett wrote:

[...]

> > Sorry. I can't relate this mail's subject, your longer description
> > and the error messages you show.

[...]

> Those 4 messages aren't reallly germain to this [...]
> [...] So those are smoke in this instance.

I see.

> The final line of that bash script:
> sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> generates this response:
> fusermount: user has no write access to mountpoint /sshnet/Hardinge1
> 
> yet its ownership and attributes are identical to all the others that 
> Just Work.

Hm. Tied up in video call ATM. Perhaps later.

Cheers
 - t


signature.asc
Description: Digital signature

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 04:11:10 to...@tuxteam.de wrote:

> On Tue, Feb 09, 2021 at 12:01:03AM -0500, Gene Heskett wrote:
> > Greetings all;
> >
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
> >
> > Same install medium, a usb key, has installed buster to a 5th
> > machine, which is identical to two of the other 4.
> >
> > But the mount permissions are inverted, only root can mount this 5th
> > machine.  ssh -Y aliasname works normally, and I am logged into this
> > 5th machine fron a konsole as me, user 1000.
> >
> > Only I can execute these 4 lines of a script in my bin directory
> > #!/bin/bash
> > sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> > sshfs gene@lathe:/  /sshnet/lathe
> > sshfs gene@GO704:/  /sshnet/GO704
> > sshfs pi@rpi4:/ /sshnet/rpi4
> >
> > but only root can execute this last line
> >
> > sshfs gene@Hardinge1:/  /sshnet/Hardinge1
> >
> > generating this error when I run this script as me.
> > gene@coyote:~$ bin/mount-machines
> > fuse: mountpoint is not empty
> > fuse: if you are sure this is safe, use the 'nonempty' mount option
>
> [rest deleted]
>
> Sorry. I can't relate this mail's subject, your longer description
> and the error messages you show.
>
> Mount is complaining that the directory where you mount the file
> systems "to" (aka "mountpoint") has stuff in it and refusing to
> do its job (unless you force it, with an extra option).
>
> My hunch is that either something is already mounted there, or
> that something got copied to those directories (while they were
> not mounted to) by accident.
>
> I'm counting exactly four like error messages, corresponding to
> the four mount commands in your script above. Whatever conclusions
> that leads us to.
>
Those 4 messages aren't reallly germain to this, they are mounts refusal 
to redo a mount already done by many invocations of the 
~/bin/mount-machines as I attempt to solve this. I only showed those for 
completeness. So those are smoke in this instance.

The final line of that bash script:
sshfs gene@Hardinge1:/  /sshnet/Hardinge1
generates this response:
fusermount: user has no write access to mountpoint /sshnet/Hardinge1

yet its ownership and attributes are identical to all the others that 
Just Work.

Thanks Tomas

 > Cheers
>  - t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sshfs has fubared mount

[Gene Heskett]

On Tuesday 09 February 2021 02:29:02 David Christensen wrote:

> On 2021-02-08 21:01, Gene Heskett wrote:
> > Greetings all;
> >
> > I have sshfs setup so I can move files around between this box and 4
> > others, 3 of which are now running buster.  Works only for the user,
> > me.
>
> My Debian machines are Stretch, but I would expect that the basics of
> sshfs(1) have not changed on Buster (?).

So would I since the same install media was used to install the 3 wintel
boxes, the 4th is an rpi4b running raspbian buster. And it Just Works too.
>
> My username 'dpchrist', UID, groupname 'dpchrist', and GID are the
> same on all of my machines.

ditto
>
> I have previously installed my public SSH key from the local computer
> 'tinkywinky' to the remote computer 'po' with ssh-copy-id(1):

Don't recall doing this, plz describe>
>
> sshd_config(5) is the same on both computers:
>
> 2021-02-08 23:20:06 dpchrist@tinkywinky ~
> $ grep -v '#' /etc/ssh/sshd_config | grep .
> ChallengeResponseAuthentication no
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> AcceptEnv LANG LC_*
> Subsystem sftp/usr/lib/openssh/sftp-server
>
> 2021-02-08 23:19:53 dpchrist@po ~
> $ grep -v '#' /etc/ssh/sshd_config | grep .
> ChallengeResponseAuthentication no
> UsePAM yes
> X11Forwarding yes
> PrintMotd no
> AcceptEnv LANG LC_*
> Subsystem sftp/usr/lib/openssh/sftp-server
>
>
> If you modify sshd_config(5) on either machine, be sure to restart
> sshd(8).
>
>
> ssh_config(5) is the same on both computers:
>
> 2021-02-08 23:20:59 dpchrist@tinkywinky ~
> $ grep -v '#' /etc/ssh/ssh_config | grep .
> Host *
> ForwardAgent yes
>  SendEnv LANG LC_*
>  HashKnownHosts yes
>  GSSAPIAuthentication yes
>
> 2021-02-08 23:19:57 dpchrist@po ~
> $ grep -v '#' /etc/ssh/ssh_config | grep .
> Host *
> ForwardAgent yes
>  SendEnv LANG LC_*
>  HashKnownHosts yes
>  GSSAPIAuthentication yes
>
>
> I created an fstab(5) entry on the local machine for mounting the
> remote root directory with my unprivileged account.  Note the options:

I've never had any of this below in my fstab, haven't needed it for the
other 4 machines.

> 2021-02-08 22:37:51 dpchrist@tinkywinky ~
> $ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
> po:/ /po fuse.sshfs ro,noauto,user 0 0
>
>
> I created a mount point and I set the owner and group to match my
> unprivileged account.  The directory is empty:
>
> 2021-02-08 22:39:38 dpchrist@tinkywinky ~
> $ ls -la /po
> total 8
> drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
> drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..

Matches mine. Difference is that I put all those mountpoints in the /sshnet 
subdir
gene@coyote:~$ ls -la /sshnet/
total 36
drwxr-xr-x  9 gene gene 4096 Feb  9 07:37 .
drwxr-xr-x 28 root root 4096 Dec 12 03:44 ..
drwxr-xr-x  1 root root 4096 Feb  4 15:59 GO704
drwxr-xr-x  2 root root 4096 Feb  8 10:10 Hardinge1
drwxr-xr-x  1 root root 4096 Feb  3 14:16 lathe
drwxr-xr-x  2 root root 4096 Apr 25  2019 redpitaya
drwxr-xr-x  1 root root 4096 Feb  1 04:46 rpi4
drwxr-xr-x  1 root root 4096 Feb  4 15:43 sixty40
drwxr-xr-x  2 root root 4096 May  2  2019 vna

The 2 extra mountpoints are for a vector network analyser when it was 
setup for testing, I am a retired broadcast engineer whose been known
to tune an AM stations tower now and then. Doing that right usually involves a
dead chicken and other bits of black art. :) But using a vna instead 
of a 75 yo General Radio rf bridge, makes it 100x faster.  The vna 
draws a smith chart in seconds.

> I use mount(8) to mount the remote filesystem:
>
> 2021-02-08 22:42:15 dpchrist@tinkywinky ~
> $ mount /po

Where I'm using sshfs, not mount.

> 2021-02-08 22:42:32 dpchrist@tinkywinky ~
> $ mount | grep '/po'
> po:/ on /po type fuse.sshfs
> (ro,nosuid,nodev,noexec,relatime,user_id=redacted,group_id=redacted,us
>er=dpchrist)
>
> 2021-02-08 23:15:47 dpchrist@tinkywinky ~
> $ ls -ld /po/home/dpchrist
> drwxr-xr-x 1 dpchrist dpchrist 4096 Feb  8 15:02 /po/home/dpchrist
>
>
> RTFM sshfs(1) is wrong regarding unmounting:
>
> 2021-02-08 23:15:38 dpchrist@tinkywinky ~
> $ man sshfs | grep -B 4 umount
> mounting
> sshfs [user@]host:[dir] mountpoint [options]
>
> unmounting
> umount mountpoint
>
> 2021-02-08 22:50:21 dpchrist@tinkywinky ~
> $ umount /po
> umount: /po: Permission denied
>
>
> Old-school fusermount(1) works:
>
> 2021-02-08 22:51:57 dpchrist@tinkywinky ~
> $ fusermount -u /po
>
And mount by itself, lists this at the end of a long list
on ths machine:

fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
g...@sixty40.coyote.den:/ on /sshnet/sixty40 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
pi@rpi4:/ on /sshnet/rpi4 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
gene@lathe:/ on /sshnet/lathe type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
gene@GO704:/ on /sshnet/GO704 type fuse.sshfs 
(rw,nosuid,nodev,relatime,user_id=1000,group

Re: sshfs has fubared mount

[tomas]

On Tue, Feb 09, 2021 at 12:01:03AM -0500, Gene Heskett wrote:
> Greetings all;
> 
> I have sshfs setup so I can move files around between this box and 4 
> others, 3 of which are now running buster.  Works only for the user, me.
> 
> Same install medium, a usb key, has installed buster to a 5th machine, 
> which is identical to two of the other 4.
> 
> But the mount permissions are inverted, only root can mount this 5th 
> machine.  ssh -Y aliasname works normally, and I am logged into this 5th 
> machine fron a konsole as me, user 1000.
> 
> Only I can execute these 4 lines of a script in my bin directory
> #!/bin/bash
> sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
> sshfs gene@lathe:/  /sshnet/lathe
> sshfs gene@GO704:/  /sshnet/GO704
> sshfs pi@rpi4:/   /sshnet/rpi4
> 
> but only root can execute this last line
> 
> sshfs gene@Hardinge1://sshnet/Hardinge1
> 
> generating this error when I run this script as me.
> gene@coyote:~$ bin/mount-machines
> fuse: mountpoint is not empty
> fuse: if you are sure this is safe, use the 'nonempty' mount option

[rest deleted]

Sorry. I can't relate this mail's subject, your longer description
and the error messages you show.

Mount is complaining that the directory where you mount the file
systems "to" (aka "mountpoint") has stuff in it and refusing to
do its job (unless you force it, with an extra option).

My hunch is that either something is already mounted there, or
that something got copied to those directories (while they were
not mounted to) by accident.

I'm counting exactly four like error messages, corresponding to
the four mount commands in your script above. Whatever conclusions
that leads us to.

Cheers
 - t


signature.asc
Description: Digital signature

Re: sshfs has fubared mount

[David Christensen]

On 2021-02-08 21:01, Gene Heskett wrote:

Greetings all;

I have sshfs setup so I can move files around between this box and 4
others, 3 of which are now running buster.  Works only for the user, me.



My Debian machines are Stretch, but I would expect that the basics of 
sshfs(1) have not changed on Buster (?).



My username 'dpchrist', UID, groupname 'dpchrist', and GID are the same 
on all of my machines.



I have previously installed my public SSH key from the local computer 
'tinkywinky' to the remote computer 'po' with ssh-copy-id(1):



sshd_config(5) is the same on both computers:

2021-02-08 23:20:06 dpchrist@tinkywinky ~
$ grep -v '#' /etc/ssh/sshd_config | grep .
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem   sftp/usr/lib/openssh/sftp-server

2021-02-08 23:19:53 dpchrist@po ~
$ grep -v '#' /etc/ssh/sshd_config | grep .
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem   sftp/usr/lib/openssh/sftp-server


If you modify sshd_config(5) on either machine, be sure to restart sshd(8).


ssh_config(5) is the same on both computers:

2021-02-08 23:20:59 dpchrist@tinkywinky ~
$ grep -v '#' /etc/ssh/ssh_config | grep .
Host *
ForwardAgent yes
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes

2021-02-08 23:19:57 dpchrist@po ~
$ grep -v '#' /etc/ssh/ssh_config | grep .
Host *
ForwardAgent yes
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes


I created an fstab(5) entry on the local machine for mounting the remote 
root directory with my unprivileged account.  Note the options:


2021-02-08 22:37:51 dpchrist@tinkywinky ~
$ grep 'po:/' /etc/fstab | perl -pe 's/\t+/ /g'
po:/ /po fuse.sshfs ro,noauto,user 0 0


I created a mount point and I set the owner and group to match my 
unprivileged account.  The directory is empty:


2021-02-08 22:39:38 dpchrist@tinkywinky ~
$ ls -la /po
total 8
drwxr-xr-x  2 dpchrist dpchrist 4096 Jan 21 13:32 .
drwxr-xr-x 27 root root 4096 Jan 21 13:32 ..


I use mount(8) to mount the remote filesystem:

2021-02-08 22:42:15 dpchrist@tinkywinky ~
$ mount /po

2021-02-08 22:42:32 dpchrist@tinkywinky ~
$ mount | grep '/po'
po:/ on /po type fuse.sshfs 
(ro,nosuid,nodev,noexec,relatime,user_id=redacted,group_id=redacted,user=dpchrist)


2021-02-08 23:15:47 dpchrist@tinkywinky ~
$ ls -ld /po/home/dpchrist
drwxr-xr-x 1 dpchrist dpchrist 4096 Feb  8 15:02 /po/home/dpchrist


RTFM sshfs(1) is wrong regarding unmounting:

2021-02-08 23:15:38 dpchrist@tinkywinky ~
$ man sshfs | grep -B 4 umount
   mounting
   sshfs [user@]host:[dir] mountpoint [options]

   unmounting
   umount mountpoint

2021-02-08 22:50:21 dpchrist@tinkywinky ~
$ umount /po
umount: /po: Permission denied


Old-school fusermount(1) works:

2021-02-08 22:51:57 dpchrist@tinkywinky ~
$ fusermount -u /po


David

sshfs has fubared mount

[Gene Heskett]

Greetings all;

I have sshfs setup so I can move files around between this box and 4 
others, 3 of which are now running buster.  Works only for the user, me.

Same install medium, a usb key, has installed buster to a 5th machine, 
which is identical to two of the other 4.

But the mount permissions are inverted, only root can mount this 5th 
machine.  ssh -Y aliasname works normally, and I am logged into this 5th 
machine fron a konsole as me, user 1000.

Only I can execute these 4 lines of a script in my bin directory
#!/bin/bash
sshfs g...@sixty40.coyote.den:/ /sshnet/sixty40
sshfs gene@lathe:/  /sshnet/lathe
sshfs gene@GO704:/  /sshnet/GO704
sshfs pi@rpi4:/ /sshnet/rpi4

but only root can execute this last line

sshfs gene@Hardinge1:/  /sshnet/Hardinge1

generating this error when I run this script as me.
gene@coyote:~$ bin/mount-machines
fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option
fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option

The above mounts have already been done, and the onwership and perms 
of /sshnet/Hardinge1 are identical to the other 4 above

fusermount: user has no write access to mountpoint /sshnet/Hardinge1
which is
ls -la /sshnet/ (on this machine)
total 84
drwxr-xr-x  9 gene gene  4096 Feb  8 10:10 .
drwxr-xr-x 28 root root  4096 Dec 12 03:44 ..
drwxr-xr-x  1 root root  4096 Feb  4 15:59 GO704
drwxr-xr-x  2 root root  4096 Feb  8 10:10 Hardinge1
drwxr-xr-x  1 root root  4096 Feb  3 14:16 lathe
drwxr-xr-x  2 root root  4096 Apr 25  2019 redpitaya
drwxr-xr-x  1 root root  4096 Feb  1 04:46 rpi4
drwxr-xr-x  1 root root  4096 Feb  4 15:43 sixty40
drwxr-xr-x  2 root root  4096 May  2  2019 vna

How do I fix this? I do not want a root perms holder to have access.
Anything I need to do to any of thse machines that needs root, can be 
done with sudo from a normal login as the first user.

Thanks all.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page