i generally use option1 precisely to avoid sudo. even for localhost. ssh bla@localhost
On Fri, Mar 20, 2026 at 5:11 PM Jacob Moody <[email protected]> wrote: > On 3/18/26 17:42, qugalet via 9fans wrote: > > Good evening, I’ve started using Plan 9 as a graphical and very > > convenient gateway between all my work servers, connecting via sshnet to > > my main computer with WireGuard as the entry point. Using ACME and other > > cool tools to work with a large number of remote file systems in a > > graphical interface is really cool, but I have to constantly copy files > > from root directories to /tmp or /home directories just to make some > > changes and put them back where they belong. Is there a way to make this > > more convenient by logging in via SSH as a regular user (with sudo > > privileges) and then granting them root privileges? I’m not really keen > > on allowing root login on the servers due to security concerns, so yeah. > > > > qugalet > > > > There's a couple things you can do here. > You could open root with keyauth only and limit it to just the sftp > subsystem, could even restrict it to only the IPs coming in from your WG > tunnel. > > Also seems like you can instead specify an absolute path for the > subsystem, in the UNIX sftp client this is specified with -s. > I see some folks suggest changing that to "sudo /path/to/sftp-server", > however that will only work with passwordless sudo and you have > to know the absolute path of the sftp binary. If you wanted to try that > you can modify the args in sshfs(/sys/src/cmd/sshfs.c:1411) to specify > that I think? Something like "#sudo /path/to/sftp-server" perhaps? Not > sure how the word splitting there works (if there is any). > (This also assumes you're using 9front) > > I think personally I would pick option 1 instead of having passwordless > sudo on for my main user, but that's just like my opinion man. > > - moody > ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Td70802e6170e6971-M50003d74780af79234faf930 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
