rev |
line source |
pankso@1
|
1 SliTaz Secure File Storage
|
pankso@1
|
2 ===============================================================================
|
pankso@1
|
3
|
pankso@1
|
4
|
paul@11
|
5 Ssfs is personal, secure, fast and light online file storage powered by
|
paul@11
|
6 SSH, Rsync, Lsyncd and SHell script. It monitors a local folder and automatically
|
paul@11
|
7 synchronizes the remote server. When files are transferred they are compressed and
|
paul@11
|
8 encrypted with SSH. Connections to the remote host are automated with a RSA key,
|
paul@11
|
9 and for each client the key must be sent to the server via a SSH password login.
|
pankso@1
|
10
|
paul@11
|
11 Using ssfs lets you have a live synchronized and secure folder between many
|
paul@11
|
12 computers with an online copy on a secure Linux server. But even without any
|
paul@11
|
13 connections you have access to your files. Connections to the remote server
|
pankso@1
|
14 can also be done using the command line and 'ssh' from any clients such as
|
pankso@1
|
15 BSD, Android, OSX or Windows via Putty.
|
pankso@1
|
16
|
paul@11
|
17 Ssfs is very easy to install, setup and configure to make your own secure online
|
paul@11
|
18 file storage. It provides a cmdline tool for the client and the server with a
|
paul@11
|
19 built in help. This README is also a howto in itself.
|
pankso@1
|
20
|
pankso@1
|
21 On the server side admin can choose by creating standard accounts or chrooted
|
paul@11
|
22 accounts which enforce server security by restricting available commands in a
|
pankso@1
|
23 minimal chroot environment. User $HOME should be set to 0700 so users can't see
|
pankso@1
|
24 other users files.
|
pankso@1
|
25
|
pankso@1
|
26
|
pankso@14
|
27 Overview
|
pankso@14
|
28 --------
|
pankso@14
|
29
|
pankso@14
|
30 * Online live sync with encrypted data
|
pankso@14
|
31 * Even without connection you have your data
|
pankso@14
|
32 * Fast and light using stable GNU tools
|
pankso@14
|
33 * Easy to setup on clent and server
|
pankso@14
|
34 * Virtual disk for storage with minimal chroot
|
pankso@14
|
35 * Easy to backup and maintain
|
pankso@14
|
36
|
pankso@14
|
37
|
pankso@1
|
38 Installation
|
pankso@1
|
39 ------------
|
paul@11
|
40 To work you need a SSH client, 'rsync' and 'lsyncd' installed. On SliTaz you
|
paul@11
|
41 can simply install ssfs and it's dependencies or 'make install' from the
|
pankso@8
|
42 source directory (see the Development section).
|
pankso@1
|
43
|
pankso@1
|
44
|
pankso@1
|
45 Client help and setup
|
pankso@1
|
46 ---------------------
|
paul@11
|
47 The cmdline interface ssfs lets you setup a client and start the daemon and
|
paul@11
|
48 synchronize live with your system session via the Window Manager autostart
|
paul@11
|
49 script or your personal ~/.profile file. To get a list of commands with
|
pankso@8
|
50 a short description:
|
pankso@1
|
51
|
pankso@1
|
52 $ ssfs help
|
pankso@1
|
53
|
pankso@1
|
54 To setup a client by creating a Lua configuration file and sending the RSA key
|
pankso@1
|
55 to the server, you can use the command 'setup'. Setup needs a login name and
|
paul@11
|
56 server name or IP address and it will also create a secure RSA if none exists:
|
pankso@1
|
57
|
pankso@1
|
58 $ ssfs setup --login=user --host=server
|
pankso@1
|
59
|
pankso@1
|
60
|
pankso@1
|
61 GUI & Web interface
|
pankso@1
|
62 -------------------
|
paul@11
|
63 Actually there is a small GTK/Yad but no web interface. The tool ssfs-box will
|
paul@11
|
64 display info if a configuration file exists or start the setup box.
|
pankso@1
|
65
|
pankso@1
|
66
|
pankso@1
|
67 Get configs on boot
|
pankso@1
|
68 -------------------
|
paul@11
|
69 Ssfs can be used in a boot scripts to connect to a remote host and retrieve data
|
paul@11
|
70 before a user session is started. It can be useful to provide persistent data for
|
pankso@1
|
71 Live systems and web boot.
|
pankso@1
|
72
|
pankso@1
|
73
|
pankso@1
|
74 Server setup
|
pankso@1
|
75 ------------
|
pankso@1
|
76 On the server you must have a SSH server running and an user account with a
|
pankso@13
|
77 ~/Sync folder in user home. You can have both, staandard accounts or chrooted
|
pankso@13
|
78 accounts, for a hosted service it is recommended to use a chroot and Ssfs
|
pankso@13
|
79 virtual disk. The vdisk can be any size you want and have a minimal chroot
|
pankso@13
|
80 environment that is under 3Mb.
|
pankso@1
|
81
|
pankso@13
|
82 If you want to create a vdisk and chroot automaticaly you can use use the tool
|
pankso@13
|
83 ssfs-server. Here is a short example to create a chroot and create a user
|
pankso@13
|
84 login 'tux-sync' with a protected $HOME in the chroot, the root directory can
|
pankso@13
|
85 be specified on the command line or changed in the configuration file. The
|
pankso@13
|
86 vdisk creation size is set in Gb and can be changed in config file or from
|
pankso@13
|
87 the cmdline:
|
pankso@13
|
88
|
pankso@13
|
89 # ssfs-server gen-vdisk --size=2
|
pankso@1
|
90 # ssfs-server adduser --login=tux-sync --id=2000 --pass=tuX0cc
|
pankso@1
|
91
|
paul@11
|
92 Users can be listed or completely deleted including all files in home. More
|
paul@11
|
93 information can be found with: ssfs-server usage
|
pankso@1
|
94
|
pankso@1
|
95
|
pankso@13
|
96 Ssfs virtual disk
|
pankso@13
|
97 -----------------
|
pankso@13
|
98 A virtual Ssfs disk is a raw file created with dd and formated in ext3. It is
|
pankso@13
|
99 mounted by default on /ssfs and contain a minimal chroot environemt with users
|
pankso@13
|
100 home directory. We use a virtual disk to enforce securiry and use a separate
|
pankso@13
|
101 media for Ssfs secure files, it also protect the host and limit storage size.
|
pankso@13
|
102 The tool ssfs-server handle vdisk creation but you can also create one manually
|
pankso@13
|
103 or use a separate HD if the server have more than one disk. To create 2Gb
|
pankso@13
|
104 vdisk and format it to ext3:
|
pankso@13
|
105
|
pankso@13
|
106 # dd if=/dev/zero of=/home/ssfs.ext3 bs=1G count=2
|
pankso@13
|
107 # mkfs.ext3 -T ext3 -L "Ssfs" -F /home/ssfs.ext3
|
pankso@13
|
108
|
pankso@13
|
109 Now you have a virtual disk you can mount it, the path must match SSFS_CHROOT
|
pankso@13
|
110 found in ssfs-server.conf, default mount point is /ssfs to clearly separate
|
pankso@13
|
111 the filesystem from the standard host file hierarchy:
|
pankso@13
|
112
|
pankso@13
|
113 # mkdir /ssfs
|
pankso@13
|
114 # mount -o loop -t ext3 /home/ssfs.ext3 /ssfs
|
pankso@13
|
115
|
pankso@13
|
116 To automaticaly mount the vdisk on boot you may want to add a ssfs system user
|
pankso@13
|
117 and a line into the file /etc/fstab:
|
pankso@13
|
118
|
pankso@13
|
119 # adduser -S -g "Ssfs Server" -h /ssfs -s /bin/false ssfs
|
pankso@13
|
120 /home/ssfs.ext3 /ssfs ext3 rw,loop,ssfs,ssfs 0 0
|
pankso@13
|
121
|
pankso@1
|
122 Server users config
|
pankso@1
|
123 -------------------
|
pankso@1
|
124 When adding a user with 'ssfs-server adduser', the user is added to the host
|
pankso@1
|
125 /etc/passwd and a custom user config file is created in SSFS_USERS with the
|
pankso@10
|
126 login name.
|
pankso@1
|
127
|
pankso@1
|
128
|
pankso@1
|
129 Development and Bugs
|
pankso@1
|
130 --------------------
|
paul@11
|
131 If you want to install the latest code to test and help in development you can
|
paul@11
|
132 clone the ssfs Mercurial repository. As usual, closely follow the SliTaz light
|
paul@11
|
133 philosophy with speed and security in mind:
|
pankso@1
|
134
|
pankso@13
|
135 $ hg clone http://hg.slitaz.org/ssfs
|
pankso@1
|
136
|
paul@11
|
137 Install with 'make install' (DESTDIR is supported for packaging), update the POT
|
paul@11
|
138 file if any new strings have been added with 'make pot', and merger PO files with
|
paul@11
|
139 the command 'make msgmerge'. Any ideas are welcome and can be discussed. If you
|
pankso@1
|
140 are searching for something to do you can have a look to the TODO file :-)
|
pankso@1
|
141
|
pankso@13
|
142 Bugs can be reported on the SliTaz mailing list, forum or scn since the devel
|
pankso@13
|
143 forum is synced. All sites are liked from the main website at:
|
pankso@13
|
144
|
pankso@13
|
145 http://www.slitaz.org/
|
pankso@1
|
146
|
pankso@1
|
147
|
pankso@1
|
148 ===============================================================================
|
pankso@1
|
149
|