#1357 assigned defect

'tahoe mount' command — at Version 4

Reported by: davidsarah Owned by: davidsarah
Priority: major Milestone: soon
Component: code-frontend-cli Version: 1.8.2
Keywords: sftp tahoe-mount Cc:
Launchpad Bug:

Description (last modified by daira)

ticket:1353#comment:1 suggested a tahoe mount command, which would mount a Tahoe directory at a local mount point.

tahoe mount [OPTIONS] [-o MOUNT_OPTION[,...]] TAHOE_PATH MOUNT_POINT

(As for all other CLI commands, TAHOE_PATH could be given relative to the default tahoe: alias, an explicit alias, or an explicit URI.)

I propose implementing this using SFTP+sshfs. The SFTP frontend would be changed to allow logging in with an arbitrary cap URI as root directory (#1356). Then the above mount command would be implemented by invoking sshfs with the -o password_stdin option, and passing the URI on stdin. This avoids exposing the URI via the command line. Because any aliases in TAHOE_PATH are resolved by tahoe mount, it also avoids ambient authority weaknesses, even when an attacker is not prevented from connecting to the SFTP server.

The host and port of the SFTP server would be obtained by determining the node directory as usual, and looking for a tahoe.cfg with an [sftpd]port setting in that directory. (It might be useful to allow specifying this in a separate sftp.url file analogous to node.url, I'm not sure.)

Change History (4)

comment:1 in reply to: ↑ description Changed at 2011-02-04T04:31:48Z by davidsarah

Replying to davidsarah:

Then the above mount command would be implemented by invoking sshfs with the -o password_stdin option, and passing the URI on stdin.

Note that this doesn't preclude supporting other ways to mount a Tahoe filesystem using the same tahoe mount syntax, if we implement other FUSE interfaces in future. There could be a tahoe.cfg setting to specify the command that is executed. For example:

[mount]
# What command will 'tahoe mount' use to mount the filesystem?
# This command will take the root URI on stdin. For SFTP, the root URI
# is the password. For example, when using sshfs you should pass the
# '-o password_stdin' option. The variables $MOUNTPOINT and $SFTPPORT
# can be used to specify the mount point, and SFTP port number if needed.

command = sshfs uri@127.0.0.1 $MOUNTPOINT -p $SFTPPORT -o password_stdin,reconnect,big_writes
Last edited at 2011-02-04T04:39:08Z by davidsarah (previous) (diff)

comment:2 Changed at 2011-02-04T04:43:33Z by davidsarah

  • Owner set to davidsarah
  • Status changed from new to assigned

comment:3 Changed at 2011-07-24T22:38:43Z by davidsarah

  • Milestone changed from 1.9.0 to 1.10.0

Out of time for 1.9.

comment:4 Changed at 2013-08-13T23:04:09Z by daira

  • Description modified (diff)
  • Milestone changed from 1.11.0 to 1.12.0
Note: See TracTickets for help on using tickets.