# Cherokee + SSHFS on Gentoo

## gencol

This is somewhat complicated and specific so I hope I'm in the right forum for that.

The issue is that of permissions and hopefully the solution should be simple.

I'm using Cherokee web server with php-fpm on a few gentoo machines I have.

Cherokee does load balancing and so some requests go to other machines.

However, I want uploaded files from one machine to be available to all the machines.

For example: a member uploads a forum attachment but the forum should be able to access that file from all machines.

For this to work properly, one machine has the real directory and the other machines mount it using sshfs 

Here's the mount line from fstab to do that:

```
sshfs#root@server:/var/www/forums/files   /var/www/forums/files   fuse   allow_other,reconnect,port=1122,compression=yes
```

Problem is that although Cherokee is using user cherokee, files created via sshfs have "nobody" as an owner and so it cannot access the files it created and neither can the other machines. I did think of simply giving 777 permissions but I don't think that's the most secure solution.

I would have liked to connect to the other machine with user cherokee but cannot figure out how to generate a public key for the user cherokee as there's no home directory for it. Actually, only /root is available as a home directory with ~/.ssh being the directory for the ssh authenticated-keys.

Any ideas?  :Question:   :Question:   :Question: 

----------

## truc

 *gencol wrote:*   

> I did think of simply giving 777 permissions but I don't think that's the most secure solution.

 

It's actually worse than that, thinking about giving 777 means you don't really understand what the permissions are for. May I suggest you to experiment first on some basic tutorials about unix permissions?

----------

## gencol

I quite well understand what unix permissions are. Ofcourse 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks.

----------

## truc

 *gencol wrote:*   

> I quite well understand what unix permissions are. Of course 777 in the most insecure there is as it allows access to anyone to these files. However, considering the situation I've described above, I don't have a better idea. Let me know if u read the rest of my post and have any better ideas. Thanks.

 

Have you check sshfs/fuse documentation? I see a lot of options(idmap/uidfile/gidfile and uid/gid/umask/...) which may or may not be of interest.

----------

## cach0rr0

so, every technical forum will inevitably have an asshole who will, instead of telling you how to fix your app, suggest an alternative. I will be that asshole today, have you looked at using lsyncd for this? 

'tis something i implemented recently for an application at work; we basically have a webapp that will create a file that users need to be able to access, and so every node needs to have a copy. And it has to be basically realtime, so that worked for us. 

(and if not, have a peek at 'man sshfs', there are options for uid=, gid=, umask= and so forth that should accomplish what you want with sshfs)

----------

