SHFS -- "Mount ANY dir from ANY host in a SECURE way"

# shfs is a very nice way to circumvent the insecurities of nfs. It can mount a remote directory on your local machine, just as one would do with nfs (shfsmount and shfsumount understand the same syntax as the normal nfs mount and umount commands, but in stead of sending the files in the clear, they are sent through an ssh tunnel)...

Installing shfs

  1. basic installation:
    1. for debian/stable (woody):
      sudo apt-get install kernel-headers-`uname -r` fakeroot debhelper
      cd /lib/modules/`uname -r`
      sudo ln -s /usr/src/kernel-headers-`uname -r` build
      mkdir /tmp/shfs
      cd /tmp/shfs
      wget http://kent.dl.sourceforge.net/sourceforge/shfs/shfs-0.35.tar.gz # or any other server
      tar -xzvf shfs-0.35.tar.gz
      cd shfs-0.35
      make deb
      sudo dpkg -i ../shfs*deb
      sudo chmod u+s /usr/bin/shfsmount /usr/bin/shfsumount
      
    2. for debian/testing and debian/unstable:
      sudo apt-get install shfs-source shfs-utils module-assistant
      sudo module-assistant build shfs
      sudo module-assistant install shfs
      sudo modprobe /lib/modules/2.4.27/shfs/shfs.o
      echo shfs >> /etc/modules
      
  2. finishing touch:
    1. # once the shfs system works correctly, you can add a line similar to the following to your /etc/fstab:
      userid@remoteMachine:/remoteDirectory   /home/userid/remoteDirectory shfs       rw,user,noauto     0       0
      

Using shfs

  1. # mounting a remote directory. the --persistent flag makes the mount survive temporary connection outage by reconnecting to the server if it went down:
    mkdir ~/remoteDir
    shfsmount --persistent $USER@remote.machine.org:/home/$USER ~/remoteDir
    
  2. # mounting a remote home directory in nfs-replacement mode (i.e., preserving userid and groupid, making it available to all users, each user has only access to the files he/she is allowed to access, based on file/directory access permissions), and with symlink resolution (-s):
    mkdir -p /fileserver/home
    shfsmount -s --persistent root@remote.machine.org:/home /fileserver/home -o preserve,rmode=755
    
  3. # unmounting a mounted remote filesystem:
    shfsumount ~/remoteDir
    

Information about nfs

  1. # this link provides a very nice introduction to nfs
  2. # figuring out what nfs version some host uses:
     rpcinfo -p hostname |grep nfs 
    

For those who really need nfs (as you should consider using shfs in nfs mode rather than nfs!)

Configuring an nfs server

  1. # edit /etc/exports to reflect to which nfs clients you wish to export filesystems of your nfs server. Example: you may wish to export the /home filesystem of your nfs server to an nfs client computer with a particular ipaddress. The nfs client can mount the filesystem in readwrite mode:
    /home   192.168.0.100(rw)
    

Configuring an nfs client

  1. # create a mountpoint /remoteHome whereto you will mount the filesystem /home of the nfs server:
    mkdir /remoteHome
    
  2. # you can now mount the file server's filesystem:
    sudo mount -t nfs server.domain.org:/home /remoteHome
    
  3. # if you wish to mount the remote filesystem persistently, you can add the following line to your /etc/fstab:
    echo server.domain.org:/home      /remoteHome     nfs     defaults        0 0 >> /etc/fstab