So I am fairly new user in openhab2 with the following installation:
- Openhab2 installed in a raspberry pi 4 running raspbian based on Buster
- Desktop box running Debian as well, running VS Code 1.51.1 and openhab2 extension 0.7.0
So although I was planning to use sshfs instead of samba, I still have not found a valid way to go through as you can see in this post
So I have gone down the samba way in order to share my /etc/openhab2 folder from my pi to my desktop and although the samba share is mounted in “files” (the equivalent to explorer in win or finder in mac) I can’t seem to be able to open the folder within the VS Code gui.
When I try to open folder within the VS Code gui the samba share mount is nowhere to be seen in the left hand vertical menu of files where all shared & mounted file systems reside.
Anyone of you had a similar experience, any ideas?
thank you in advance,
I use the remote development extension to connect to my pi 4
Hi I also use the same as @denominator from a LM20 laptop to my OH2 (prod)/OH3 (dev) builds both in docker containers and works like a charm, no need for nfs or smb shares just the ssh plugin.
@denominator thanks for your prompt reply. And how do you about file permissions.
I mean when handling the /etc/openhab2 files locally I use sudo in order to write in files and change them. How would that go by with the remote development extension without allowing root login in the Pi? From what I have read sudo remotely is not supported over the extension.
@KevinI Thank you as well for your prompt reply.
How do you handle file permissions in this case without allowing root access in the pi?
openhab2 configuration files reside in /etc/openhab2 which require root access or sudo use in order to manipulate them. How do you tuckle this issue?
@zuperkoleoptera, the /etc/openhab2 folder should be set with perms for user/group openhab and therefore I used a shared ssh key from my LM20 user to the openhab user on the pi4.
When adding the public key I also add some extra options to try and reduce the security risks, for example adding “from=‘IP address of LM20’” at the beginning of the public key.
I also lock down some of the other OpenSSh options on the pi side to limit access and secure the device.
@KevinI You are right the user/group openhab2 does exist, but by design logging in and using this user is not allowed. The idea of the openhab2 developers is to limit what one service can do…
Although I hate samba and I would prefer to use ssh or sshfs instead, unless there is a solid solution handling file permissions I think the only way is samba…
So returning in my 1st question, has anybody managed to configure the VS Code extension using samba share and all that in a debian gnome environment?
It’s been a while but I got it working using samba. Did you properly “mount” the smb share? Then you should be able to see it from VS Code. Maybe the “files” app is accessing the share without a proper mount point. I’ve seen this on some distros. Try mounting the share using fstab or the mount command instead.
Hi, I guess I’m not so worried about that as my openhab instances are in docker and the openhab user on the pi doesn’t have any control over them, or anything else, so is only useful for editing the files owned by the openhab user.
It would be possible to configure a chroot jail and allow only access to the etc/openhab2 folder via a bind mount perhaps but I don’t really need that level of paranoia.
I used to do this via nfs exports/mounts but preferred the vsc ssh option in the end.
Never been much of a fan of samba so hope you have some luck.
Samba is a windows share thing and you have 2 linux machines.
Why not use NFS built for linux machines.
I totally agree I login using a user key that’s safe enough.
@denominator I never thought the NFS solution as I am not familiar with it. I tried it though and I think is pretty similar to the samba solution as far as privileges with the difference that in my case it works in combination with the VS Code extension, which is nice.
Anyway after giving it some thought for now and until I find a better solution, I will go the sshfs way while using the openhab user. I think it’s the solution with the least exposure in my environment.
Thank all for you for your insights!!