Page 1 of 1

up-delay script won't execute sshfs

Posted: Fri Dec 16, 2016 7:01 pm
by flymike
I want to mount an sshfs file system that's dependent on a VPN, so I have an --up-delay --up script that contains the sshfs command. The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails with rc=1 and "failed to open /dev/fuse: Operation not permitted".
I have determined that the --up script runs as root when executed by openvpn. I've also tried it with --route-up and --route-delay 5, and got the same error.

Any ideas?

.conf file

Code: Select all

client
dev tun
proto udp
remote myhost myport
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
log-append /var/log/openvpn/client-starchy.log
verb 4
mute 20
script-security 2
up-delay
up up_script
up_script

Code: Select all

#!/bin/bash

sshfs someuser@vpn-address:/path  /mount-point -o ro -o nonempty -o allow_other -o IdentityFile=/home/myuser/.ssh/id_rsa

Re: up-delay script won't execute sshfs

Posted: Fri Dec 16, 2016 8:34 pm
by Pippin
Hi,

Try:

Code: Select all

up /full/path/to/up_script

Re: up-delay script won't execute sshfs

Posted: Fri Dec 16, 2016 9:00 pm
by flymike
The script IS executing. That's how I knew it was executing with root.

Re: up-delay script won't execute sshfs

Posted: Fri Dec 16, 2016 9:09 pm
by TinCanTech
As a security measure, client --up script is required to successfully complete before the VPN will pass data.

Re: up-delay script won't execute sshfs

Posted: Wed Jan 11, 2017 9:36 pm
by flymike
Please note that the --up script works perfectly when executed independently. It only fails when called from OpenVPN as the --up script.
Although I use --up-delay, I did also try splitting the --up script into two, so that the actual --up script only launches a 2nd script in background and returns with zero to OpenVPN. The 2nd script contains a sleep 30 before executing sshfs.
It still fails.

Re: up-delay script won't execute sshfs

Posted: Wed Jan 11, 2017 11:19 pm
by TinCanTech
flymike wrote:The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails
TinCanTech wrote:As a security measure, client --up script is required to successfully complete before the VPN will pass data.
The VPN will not allow packets over the VPN until all scripts have successfully completed.

try using sudo / Re: up-delay script won't execute sshfs

Posted: Thu Jan 19, 2017 9:40 am
by zeilenreiter
Using 2 scripts works for me. The first script, which is referenced by the "up" option in then openvpn config, just calls the second script in background and returns 0 to signal openvpn that everything is fine.

The second script sleeps for 5 seconds and then executes sshfs using sudo:

Code: Select all

sudo -u [local user] sshfs [remote_user]@[host]:/[path] [mountpoint]

Re: up-delay script won't execute sshfs

Posted: Sun Jan 29, 2017 4:04 pm
by flymike
I tried the 2 script solution, with a 15 second sleep, but get the error message "sudo: unable to execute /usr/bin/sshfs: Resource temporarily unavailable".
I did prefix the sshfs with "sudo -u some-local-user", but don't understand why sudo is needed, as the 2nd script is already running as root.

Re: up-delay script won't execute sshfs

Posted: Mon Jun 18, 2018 5:57 pm
by cybertize
if this matter still interests anyone ...

I was having the same problem and my script only ran after I inserted this line on top of it (see the original update-resolv-conf script):

#! / bin / bash