28.10.20, 18:30 +0100 john doe:
> On 10/21/2020 11:02 PM, Markus Schönhaber wrote:
>> 21.10.20, 19:11 +0200, john doe:
>>
>>> On 10/20/2020 7:59 PM, Markus Schönhaber wrote:
>>
>>>> How about moving the 9pshare to a root-owned directory and pointing the
>>>> ChrootDirectory there, for example:
>>>> share -> /all/owned/by/root/9pshare
>>>> ChrootDirectory -> /all/owned/by/root
>>>>
>>>
>>> Thank you for this.
>>>
>>> I can only do that if 'passthrough' is used, as I don't realy understand
>>> the implecations of running qemu as root, I was hoping to find a way
>>> with 'mapped'.
>>> 'mapped' requires that the directory on the host is set to the group and
>>> user used by qemu, 'libvirt-qemu in this case.
>>
>> I don't see the problem with chown'ing the 9pshare directory to the qemu
>> user in my example above.
>>
>
> Okay, following your instructions I can now connect using sftp but I can
> not access the content of the share:
No, you seemingly didn't follow what I said.
> $ ls -dl /srv/sftp/9p
> drwx------ 8 root root ... /srv/sftp/9p
Isn't "9p" supposed to be the share directory? If it is, why is it owned
by root and has these restrictive permissions?
Assuming
ChrootDirectory -> /srv/sftp -> make this root:root, drwxr-xr-x
share -> /srv/sftp/9p -> make this libvirt-qemu:libvirt-qemu, drwxr-xr-x
> $ sftp sftp9p
> Connected to sftp9p.
> sftp> ls
> remote readdir("/"): Permission denied
Of course. Guessing from what you wrote above, only root can even list
the directory's contents (or change into it, in the first place).
--
Regards
mks
