| rev |
line source |
|
pankso@1
|
1 SliTaz Secure File Storage
|
|
pankso@1
|
2 ===============================================================================
|
|
pankso@1
|
3
|
|
pankso@1
|
4
|
|
paul@11
|
5 Ssfs is personal, secure, fast and light online file storage powered by
|
|
paul@11
|
6 SSH, Rsync, Lsyncd and SHell script. It monitors a local folder and automatically
|
|
paul@11
|
7 synchronizes the remote server. When files are transferred they are compressed and
|
|
paul@11
|
8 encrypted with SSH. Connections to the remote host are automated with a RSA key,
|
|
paul@11
|
9 and for each client the key must be sent to the server via a SSH password login.
|
|
pankso@1
|
10
|
|
paul@11
|
11 Using ssfs lets you have a live synchronized and secure folder between many
|
|
paul@11
|
12 computers with an online copy on a secure Linux server. But even without any
|
|
paul@11
|
13 connections you have access to your files. Connections to the remote server
|
|
pankso@1
|
14 can also be done using the command line and 'ssh' from any clients such as
|
|
pankso@1
|
15 BSD, Android, OSX or Windows via Putty.
|
|
pankso@1
|
16
|
|
paul@72
|
17 Ssfs is very easy to install, setup and configure to create your own secure
|
|
paul@72
|
18 online file storage. It provides a cmdline tool for the client and server with
|
|
paul@72
|
19 a built in help. This README is also a howto in itself.
|
|
pankso@1
|
20
|
|
pankso@1
|
21 On the server side admin can choose by creating standard accounts or chrooted
|
|
paul@11
|
22 accounts which enforce server security by restricting available commands in a
|
|
pankso@1
|
23 minimal chroot environment. User $HOME should be set to 0700 so users can't see
|
|
pankso@1
|
24 other users files.
|
|
pankso@1
|
25
|
|
pankso@1
|
26
|
|
pankso@14
|
27 Overview
|
|
pankso@14
|
28 --------
|
|
pankso@14
|
29
|
|
pankso@14
|
30 * Online live sync with encrypted data
|
|
paul@30
|
31 * Drop files in a folder and they will be synced
|
|
paul@80
|
32 * Even without any connection you still have your data
|
|
pankso@17
|
33 * Fast and light using stable and mature GNU tools
|
|
paul@59
|
34 * Encrypted file transfer using SSH protocol
|
|
pankso@17
|
35 * Easy to setup on the client and server side
|
|
paul@59
|
36 * Virtual disk storage for quota management
|
|
paul@59
|
37 * Minimal and restrictive but yet powerful chroot
|
|
pankso@48
|
38 * Command line chrooted SSH access for users
|
|
pankso@17
|
39 * Easy to backup, update and maintain vdisk
|
|
pankso@14
|
40
|
|
pankso@14
|
41
|
|
pankso@16
|
42 Quick start guide
|
|
pankso@16
|
43 -----------------
|
|
pankso@16
|
44
|
|
pankso@16
|
45 * Install ssfs on server and clients if not yet done
|
|
pankso@16
|
46 * Create a vdisk on server # ssfs-server gen-vdisk
|
|
pankso@16
|
47 * Check if chroot works (exit to quit) # ssfs-server chroot
|
|
pankso@16
|
48 * Add a chrooted user to the Ssfs virtual disk so it can sync
|
|
pankso@16
|
49 files or connect via SSH from a client:
|
|
pankso@16
|
50 # ssfs-server adduser --login=demo --id=2000 --pass=demo
|
|
pankso@16
|
51 * On the client side: ssfs-box setup or from the cmdline:
|
|
pankso@16
|
52 $ ssfs setup --login=demo --host="server name or ip"
|
|
paul@30
|
53 * On the client you can start ssfs on user login via the WM
|
|
paul@30
|
54 autostart script and/or the command $ ssfs sync
|
|
paul@80
|
55 * Get support and show your love for Ssfs on the SCN group:
|
|
pankso@23
|
56 http://scn.slitaz.org/groups/ssfs/
|
|
pankso@16
|
57
|
|
pankso@16
|
58
|
|
pankso@1
|
59 Installation
|
|
pankso@1
|
60 ------------
|
|
paul@11
|
61 To work you need a SSH client, 'rsync' and 'lsyncd' installed. On SliTaz you
|
|
paul@83
|
62 can simply install ssfs and its dependencies or 'make install' from the
|
|
pankso@8
|
63 source directory (see the Development section).
|
|
pankso@1
|
64
|
|
pankso@1
|
65
|
|
pankso@1
|
66 Client help and setup
|
|
pankso@1
|
67 ---------------------
|
|
paul@11
|
68 The cmdline interface ssfs lets you setup a client and start the daemon and
|
|
paul@11
|
69 synchronize live with your system session via the Window Manager autostart
|
|
paul@11
|
70 script or your personal ~/.profile file. To get a list of commands with
|
|
pankso@8
|
71 a short description:
|
|
pankso@1
|
72
|
|
pankso@1
|
73 $ ssfs help
|
|
pankso@1
|
74
|
|
pankso@1
|
75 To setup a client by creating a Lua configuration file and sending the RSA key
|
|
pankso@1
|
76 to the server, you can use the command 'setup'. Setup needs a login name and
|
|
paul@11
|
77 server name or IP address and it will also create a secure RSA if none exists:
|
|
pankso@1
|
78
|
|
pankso@1
|
79 $ ssfs setup --login=user --host=server
|
|
pankso@1
|
80
|
|
paul@72
|
81 Once the client is setup you can synchronize from the server and start a live
|
|
pankso@66
|
82 sync. You can also get quick access to your files and ssfs info with a nice
|
|
pankso@66
|
83 startup icon in the desktop panel. To sync and start Ssfs notify:
|
|
pankso@66
|
84
|
|
pankso@66
|
85 $ ssfs sync
|
|
pankso@66
|
86 $ ssfs-box notify &
|
|
pankso@66
|
87
|
|
pankso@1
|
88
|
|
pankso@1
|
89 GUI & Web interface
|
|
pankso@1
|
90 -------------------
|
|
paul@11
|
91 Actually there is a small GTK/Yad but no web interface. The tool ssfs-box will
|
|
paul@30
|
92 display info if a configuration file exists or start the setup box. There is no
|
|
paul@86
|
93 plan for a users files web interface since security is more important, actually
|
|
paul@30
|
94 a user's home has 0700 mode so a standard web server running user www can't see
|
|
paul@30
|
95 the files. We may implement a HTTP Public dir which could handle xHTML pages, a
|
|
pankso@26
|
96 wiki, etc.
|
|
pankso@1
|
97
|
|
paul@72
|
98 The GTK gui provides a notification mode as explained previously and the main
|
|
paul@72
|
99 window can be started from the standard menu within the Network category.
|
|
pankso@66
|
100
|
|
pankso@1
|
101
|
|
pankso@31
|
102 Ssfs chroot SHell
|
|
pankso@31
|
103 -----------------
|
|
paul@33
|
104 The tool ssfs-sh is used to chroot a user on login and sets minimal environment
|
|
paul@33
|
105 variables. For each user ssfs-sh is the default SHell on the server and is
|
|
pankso@31
|
106 executed inside the new root. So ssfs-sh must be installed on the server and
|
|
pankso@31
|
107 in the virtual disk minimal chroot. Using a custom tool such as Ssfs SHell
|
|
pankso@68
|
108 enforces security and lets you execute commands on login, ssfs-sh also exports
|
|
pankso@68
|
109 the new user $HOME and changes the directory to it since chroot will drop us
|
|
pankso@68
|
110 in / by default.
|
|
pankso@68
|
111
|
|
paul@72
|
112 The SHell is part of Ssfs features and provides a secure user access, SSH
|
|
paul@72
|
113 login is automated with a RSA key where chrooted users have access to all
|
|
paul@80
|
114 commands in /bin and a helper tool called 'ssfs-env' is available. Ssfs-env
|
|
pankso@68
|
115 can display server info, list files and search for files or commands. Like
|
|
paul@72
|
116 all other Ssfs tools users can get a small built-in help usage. To connect
|
|
paul@72
|
117 to the server and display ssfs-env help:
|
|
pankso@68
|
118
|
|
pankso@68
|
119 $ ssfs login
|
|
pankso@68
|
120 user@ssfs:~$ ssfs-env help
|
|
pankso@31
|
121
|
|
pankso@31
|
122
|
|
pankso@1
|
123 Get configs on boot
|
|
pankso@1
|
124 -------------------
|
|
paul@30
|
125 Ssfs can be used in a boot script to connect to a remote host and retrieve data
|
|
paul@11
|
126 before a user session is started. It can be useful to provide persistent data for
|
|
pankso@1
|
127 Live systems and web boot.
|
|
pankso@1
|
128
|
|
pankso@1
|
129
|
|
pankso@20
|
130 Quota management
|
|
pankso@20
|
131 ----------------
|
|
paul@30
|
132 Actually the quota storage is based on a shared idea, the vdisk has a size and
|
|
paul@30
|
133 all users share the space. For a pay service the vdisk can grow following the
|
|
paul@72
|
134 users donations or monthly subscription. Also when sshs-server creates a user
|
|
paul@72
|
135 it assigns a default quota that could be used as a per user quota.
|
|
pankso@20
|
136
|
|
pankso@20
|
137
|
|
pankso@1
|
138 Server setup
|
|
pankso@1
|
139 ------------
|
|
paul@97
|
140 On the server you must have a SSH server running and a user account with a
|
|
paul@30
|
141 ~/Sync folder in user home. You can have both, standard accounts or chrooted
|
|
paul@30
|
142 accounts, for a hosted service it is recommended to use a chroot and a Ssfs
|
|
pankso@13
|
143 virtual disk. The vdisk can be any size you want and have a minimal chroot
|
|
pankso@61
|
144 environment that is under 2Mb with all binaries in /bin and libraries in /lib.
|
|
pankso@1
|
145
|
|
paul@30
|
146 If you want to create a vdisk and chroot automatically you can use use the tool
|
|
pankso@13
|
147 ssfs-server. Here is a short example to create a chroot and create a user
|
|
pankso@13
|
148 login 'tux-sync' with a protected $HOME in the chroot, the root directory can
|
|
pankso@13
|
149 be specified on the command line or changed in the configuration file. The
|
|
paul@30
|
150 vdisk creation size is set in Gb and can be changed in the config file or from
|
|
pankso@13
|
151 the cmdline:
|
|
pankso@13
|
152
|
|
pankso@13
|
153 # ssfs-server gen-vdisk --size=2
|
|
pankso@1
|
154 # ssfs-server adduser --login=tux-sync --id=2000 --pass=tuX0cc
|
|
pankso@1
|
155
|
|
paul@11
|
156 Users can be listed or completely deleted including all files in home. More
|
|
pankso@23
|
157 information can be found with the built in help:
|
|
pankso@23
|
158
|
|
pankso@23
|
159 # ssfs-server help
|
|
pankso@1
|
160
|
|
paul@72
|
161 The vdisk chroot system can be extended if you want to provide more commands
|
|
paul@72
|
162 to users. The minimal SliTaz chroot is easily maintainable and built using
|
|
paul@72
|
163 standard SliTaz packages. The package ssfs-busybox provides the minimal base
|
|
paul@72
|
164 commands such as ls, cp, mc, cat, grep and has no dependencies since we just
|
|
pankso@66
|
165 need a few shared libs in /lib. Ssfs original chroot files are stored in the
|
|
paul@86
|
166 directory /usr/share/ssfs/rootfs. The virtual disk contains a Linux journaled
|
|
pankso@66
|
167 ext3 filesystem that you can check and verify with:
|
|
pankso@66
|
168
|
|
pankso@66
|
169 # ssfs-server check-vdisk
|
|
pankso@66
|
170
|
|
paul@72
|
171 In a production environment don't forget to mount Ssfs vdisk on boot via fstab.
|
|
paul@72
|
172 For maintenance purposes you can manually mount or unmount the disk and also
|
|
paul@72
|
173 update it with a command, example:
|
|
pankso@66
|
174
|
|
pankso@66
|
175 # ssfs-server mount-vdisk
|
|
pankso@66
|
176 # ssfs-server up-vdisk
|
|
pankso@66
|
177
|
|
pankso@1
|
178
|
|
pankso@13
|
179 Ssfs virtual disk
|
|
pankso@13
|
180 -----------------
|
|
paul@72
|
181 A virtual Ssfs disk is a raw file created with dd and formatted in ext3. It is
|
|
paul@30
|
182 mounted by default on /ssfs and contains a minimal chroot environment with a user's
|
|
paul@30
|
183 home directory. We use a virtual disk to enforce security and use a separate
|
|
paul@30
|
184 media for Ssfs secure files, it also protects the host and limits storage size.
|
|
paul@30
|
185 The tool ssfs-server handles vdisk creation but you can also create one manually
|
|
paul@30
|
186 or use a separate HD if the server has more than one disk. To create a 2Gb
|
|
pankso@13
|
187 vdisk and format it to ext3:
|
|
pankso@13
|
188
|
|
pankso@21
|
189 # dd if=/dev/zero of=/home/ssfs.disk bs=1G count=2
|
|
pankso@65
|
190 # mkfs.ext3 -T ext3 -L "Ssfs" -F /home/ssfs.disk
|
|
pankso@13
|
191
|
|
pankso@13
|
192 Now you have a virtual disk you can mount it, the path must match SSFS_CHROOT
|
|
pankso@13
|
193 found in ssfs-server.conf, default mount point is /ssfs to clearly separate
|
|
pankso@13
|
194 the filesystem from the standard host file hierarchy:
|
|
pankso@13
|
195
|
|
pankso@13
|
196 # mkdir /ssfs
|
|
pankso@21
|
197 # mount -o loop -t ext3 /home/ssfs.disk /ssfs
|
|
pankso@13
|
198
|
|
paul@72
|
199 To automatically mount the vdisk on boot you may want to add a ssfs system user
|
|
pankso@13
|
200 and a line into the file /etc/fstab:
|
|
pankso@13
|
201
|
|
pankso@13
|
202 # adduser -S -g "Ssfs Server" -h /ssfs -s /bin/false ssfs
|
|
pankso@21
|
203 /home/ssfs.disk /ssfs ext3 rw,loop,ssfs,ssfs 0 0
|
|
pankso@13
|
204
|
|
pankso@20
|
205
|
|
pankso@1
|
206 Server users config
|
|
pankso@1
|
207 -------------------
|
|
pankso@1
|
208 When adding a user with 'ssfs-server adduser', the user is added to the host
|
|
pankso@1
|
209 /etc/passwd and a custom user config file is created in SSFS_USERS with the
|
|
pankso@10
|
210 login name.
|
|
pankso@1
|
211
|
|
pankso@1
|
212
|
|
pankso@26
|
213 Server web interface
|
|
pankso@26
|
214 --------------------
|
|
paul@80
|
215 The Ssfs package provides a small CGI SHell web interface to the server. The goal
|
|
paul@80
|
216 is to provide a service status and information. It uses the server configuration
|
|
paul@80
|
217 to know the Ssfs virtual disk path and display statistics about the filesystem.
|
|
pankso@26
|
218
|
|
pankso@26
|
219
|
|
pankso@1
|
220 Development and Bugs
|
|
pankso@1
|
221 --------------------
|
|
paul@11
|
222 If you want to install the latest code to test and help in development you can
|
|
paul@11
|
223 clone the ssfs Mercurial repository. As usual, closely follow the SliTaz light
|
|
pankso@25
|
224 philosophy with speed and security in mind: hg clone http://hg.slitaz.org/ssfs
|
|
pankso@1
|
225
|
|
pankso@78
|
226 Install with 'make && make install' (DESTDIR is supported for packaging),
|
|
pankso@78
|
227 update the POT file if any new strings have been added with 'make pot',
|
|
paul@97
|
228 and merge PO files with the command 'make msgmerge'. Any ideas are welcome
|
|
pankso@78
|
229 and can be discussed. If you are searching for something to do you can have a
|
|
paul@80
|
230 look at the TODO file :-)
|
|
pankso@1
|
231
|
|
pankso@13
|
232 Bugs can be reported on the SliTaz mailing list, forum or scn since the devel
|
|
paul@30
|
233 forum is synced. All sites are linked from: http://www.slitaz.org/
|
|
pankso@1
|
234
|
|
paul@30
|
235 To share ideas and get involved in the Ssfs project you can join the Ssfs group
|
|
pankso@23
|
236 on the SliTaz Community Network website : http://scn.slitaz.org/groups/ssfs/
|
|
pankso@23
|
237
|
|
pankso@1
|
238
|
|
pankso@1
|
239 ===============================================================================
|
|
pankso@1
|
240
|