0

Is there any possibility to connect to an SSH server using /ssh:user@server with read-only access, even if the account has write access? I need this to prevent accidental write.

Here is the function I use to connect:

(defun connect-b2b ()
  (interactive)
  (find-file-other-window "/ssh:user@server:/")
  buffer-read-only)
 (global-set-key (kbd "C-c C-d") 'connect-b2b)

Note that buffer-read-only does not help, neither does vc-toggle-read-only.

Update: Just to be clear what I want to achieve, I have an account with read+write access, however since this is a business critical server I wanted to prevent accidental changes. Unfortunately I cant change permissions on the user account itself, therefore I wanted to enforce this locally.

Drew
  • 29,895
  • 7
  • 74
  • 104
A.C
  • 423
  • 2
  • 4
  • 13

3 Answers3

2

Third suggestion: Use sshfs to provide the remote filesystem locally, and mount it read-only, and then point Emacs at that.

That way you're not subject to all of the pitfalls of being able to run commands directly on the remote server as a user who has write-permissions.

phils
  • 71,335
  • 11
  • 153
  • 198
1

If I've interpreted the question rightly, directory-local variables are a potential workaround. This would be overridden if there were dir-local configs nearer to the path in question, however, so YMMV.

(dir-locals-set-class-variables
 'read-only
 '((nil . ((buffer-read-only . t)))))

(dir-locals-set-directory-class "/ssh:user@server:/" 'read-only)
phils
  • 71,335
  • 11
  • 153
  • 198
  • This did not work, I'm still able to for example touch a file in the specified directory. I also tried this locally and only the buffer is read-only, however you can still used dired or other package to make changes. I updated my question just to be more clear. – A.C Jun 05 '20 at 07:35
0

I'm still able to for example touch a file in the specified directory.

That's got nothing to do with Emacs. You're asking for Emacs to employ OS-level access controls, which it can't do, because it's not the OS. In your case it's not even running on the same machine.

You need to create a new user with more limited access, and connect as that user instead.

phils
  • 71,335
  • 11
  • 153
  • 198
  • Well, of course it has with Emacs to do since the OS commands will be executed from Emacs. But I understand that this will be difficult to achieve since Emacs in my case will need to prevent ALL packages from executing any of the write commands. – A.C Jun 05 '20 at 10:02
  • @A.C even shell commands executed through emacs would'nt modify files? – Rorschach Jun 05 '20 at 18:52
  • Rorschach, it would since the account has write access. Maybe I was misunderstood when I said "touch files". I do not mean execute shell commands directly on the server, or usuing emacs shell packages. What I meant is that even if I use the dir-locals-set-class-variables to set readonly, that will not work if I try to say create a file using dired or any other emacs package. – A.C Jun 08 '20 at 07:09