sfs(7)
NAME
SFS - Self Certifying Filesystem
DOCUMENTATION
- This manpage was written as short description and as
- pointer to more complete documentation. Up to date documentation
- can be found as Info-pages of SFS. You can access the Info pages
- with command "info sfs". An HTML version of the info pages may
- also be available on your system in /usr/local/lib/sfs/sfs.html
- or /usr/lib/sfs/sfs.html.
DESCRIPTION
- SFS is a secure, global network filesystem with completed
- ly decentralized control. It takes NFS shares exported from lo
- calhost and transports them securely to other hosts; NFS services
- do not need to be exposed to network.
- SFS features key management and authorization separated
- from filesystem with key revokation separated from key distribu
- tion.
- More information and new versions can be found on the SFS
- website:
- http://www.fs.net/
GLOBAL NAMESPACE
- SFS mounts directories from fileservers under a directory
- in the form:
- /sfs/@Location,HostID
- Location is either ip address or DNS hostname of the serv
- er.
- HostID is a collision-resistant cryptographic hash of the
- file server's public key.
CLIENT DESCRIPTION
- Client side operation of SFS consists of following pro
- grams:
- sfscd
- creates and serves /sfs directory on client machine. Al
- so starts nfsmounter and sfsrwcd as needed.
- nfsmounter
- mounts and unmounts NFS filesystems as kernel NFS client
- accesses them.
- sfsrwcd
- is a daemon that implements normal read/write filesystem
- protocol. It acts as a NFS server to local NFS client.
USER PROGRAMS
- On client machine user normally uses the following prog
- rams:
- sfsagent
- handles authentication as user moves to new filesystems.
- It also can fetch new HostIDs and perform revocation checks on
- them.
- sfskey
- manages user and server keys and is used to configure
- sfsagent for different situations.
- rex
- a remote login program, similar in spirit to SSH, that
- uses SFS's key management and authentication mechanisms, and can
- forward a user's sfsagent to remote machines.
SERVER DESCRIPTION
Server side consists of following programs:
- sfssd
- handles incoming connections and spawns sfsrwcd and sfs
- rwcd as needed.
- sfsrwcd
- is a daemon that implements normal read/write filesystem
- protocol and talks to local NFS server.
- sfsauthd
- handles user authentication. It communicates directly
- with sfsrwsd to authenticate users of the file system. It also
- accepts connections over the network from sfskey to let users
- download their private keys or change their public keys.
- rexd
- remote login server that performs key exchange with re
- mote rex clients and does authorization checking of remote users
- before allowing them to spawn or connect to proxy.
- proxy
- server-side of the rex remote login utility, which
- clients spawn and connect to through the privileged rexd server.
- There is typically one instance of proxy per user logged into a
- machine (regardless of how many times the user is logged in),
- running with the permissions of the user.
HELPER BINARIES
- There are few small programs to help with misc tasks:
- ssu
- allows an unprivileged user to become root on the local
- machine without changing his SFS credentials.
- rpcc
- an RPC compiler for RFC1832-format XDR files. Used by
- other systems that link against the SFS libraries.
- funmount
- forcibly unmounts a file system, doing as little else as
- possible. May be of use when cleaning up a system after a crash.
- dirsearch
- can be used with sfskey certprog command to configure
- certification paths--lists of directories in which to look for
- symbolic links to HostIDs.
SEE ALSO
sfskey(1), nfs(5), info(1), sfsagent(1)
NOTES
- Solid NFSv3 support is required from kernel and supporting
- utilities.
CAVEATS
- You really do not want to kill -9 nfsmounter, as it is re
- sponsible for cleaning up and unmounting filesystems on the
- client side, if sfscd has died or something else happened.
AUTHOR
- SFS was written by the SFS development team, sfsdev@red
- lab.lcs.mit.edu. This manpage was originally written by Jaakko
- Niemi for sfs packaging in Debian/GNU Operating System. It has
- since been edited by the SFS development team and included with
- the SFS distribution.
- perl v5.8.8 2004-01-07