ssfs view README @ rev 49
ssfs-box: small improvment
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Sun Jun 12 19:16:41 2011 +0200 (2011-06-12) |
| parents | 95b88686a283 |
| children | 51160b20e291 |
line source
1 SliTaz Secure File Storage
2 ===============================================================================
5 Ssfs is personal, secure, fast and light online file storage powered by
6 SSH, Rsync, Lsyncd and SHell script. It monitors a local folder and automatically
7 synchronizes the remote server. When files are transferred they are compressed and
8 encrypted with SSH. Connections to the remote host are automated with a RSA key,
9 and for each client the key must be sent to the server via a SSH password login.
11 Using ssfs lets you have a live synchronized and secure folder between many
12 computers with an online copy on a secure Linux server. But even without any
13 connections you have access to your files. Connections to the remote server
14 can also be done using the command line and 'ssh' from any clients such as
15 BSD, Android, OSX or Windows via Putty.
17 Ssfs is very easy to install, setup and configure to make your own secure online
18 file storage. It provides a cmdline tool for the client and server with a
19 built in help. This README is also a howto in itself.
21 On the server side admin can choose by creating standard accounts or chrooted
22 accounts which enforce server security by restricting available commands in a
23 minimal chroot environment. User $HOME should be set to 0700 so users can't see
24 other users files.
27 Overview
28 --------
30 * Online live sync with encrypted data
31 * Drop files in a folder and they will be synced
32 * Even without any connection you have your data
33 * Fast and light using stable and mature GNU tools
34 * Encrypted file tranfert using SSH protocol
35 * Easy to setup on the client and server side
36 * Virtual disk for storage with a minimal chroot
37 * Command line chrooted SSH access for users
38 * Easy to backup, update and maintain vdisk
41 Quick start guide
42 -----------------
44 * Install ssfs on server and clients if not yet done
45 * Create a vdisk on server # ssfs-server gen-vdisk
46 * Check if chroot works (exit to quit) # ssfs-server chroot
47 * Add a chrooted user to the Ssfs virtual disk so it can sync
48 files or connect via SSH from a client:
49 # ssfs-server adduser --login=demo --id=2000 --pass=demo
50 * On the client side: ssfs-box setup or from the cmdline:
51 $ ssfs setup --login=demo --host="server name or ip"
52 * On the client you can start ssfs on user login via the WM
53 autostart script and/or the command $ ssfs sync
54 * Get support and show your love for Ssfs on SCN group:
55 http://scn.slitaz.org/groups/ssfs/
58 Installation
59 ------------
60 To work you need a SSH client, 'rsync' and 'lsyncd' installed. On SliTaz you
61 can simply install ssfs and it's dependencies or 'make install' from the
62 source directory (see the Development section).
65 Client help and setup
66 ---------------------
67 The cmdline interface ssfs lets you setup a client and start the daemon and
68 synchronize live with your system session via the Window Manager autostart
69 script or your personal ~/.profile file. To get a list of commands with
70 a short description:
72 $ ssfs help
74 To setup a client by creating a Lua configuration file and sending the RSA key
75 to the server, you can use the command 'setup'. Setup needs a login name and
76 server name or IP address and it will also create a secure RSA if none exists:
78 $ ssfs setup --login=user --host=server
81 GUI & Web interface
82 -------------------
83 Actually there is a small GTK/Yad but no web interface. The tool ssfs-box will
84 display info if a configuration file exists or start the setup box. There is no
85 plan for a users files web interface since security if more important, actually
86 a user's home has 0700 mode so a standard web server running user www can't see
87 the files. We may implement a HTTP Public dir which could handle xHTML pages, a
88 wiki, etc.
91 Ssfs chroot SHell
92 -----------------
93 The tool ssfs-sh is used to chroot a user on login and sets minimal environment
94 variables. For each user ssfs-sh is the default SHell on the server and is
95 executed inside the new root. So ssfs-sh must be installed on the server and
96 in the virtual disk minimal chroot. Using a custom tool such as Ssfs SHell
97 enforces security and lets you execute commands on login, ssfs-sh also exports the
98 new user $HOME and changes the directory to it since chroot will drop us in / by
99 default.
102 Get configs on boot
103 -------------------
104 Ssfs can be used in a boot script to connect to a remote host and retrieve data
105 before a user session is started. It can be useful to provide persistent data for
106 Live systems and web boot.
109 Quota management
110 ----------------
111 Actually the quota storage is based on a shared idea, the vdisk has a size and
112 all users share the space. For a pay service the vdisk can grow following the
113 users donations or monthly subscription.
116 Server setup
117 ------------
118 On the server you must have a SSH server running and an user account with a
119 ~/Sync folder in user home. You can have both, standard accounts or chrooted
120 accounts, for a hosted service it is recommended to use a chroot and a Ssfs
121 virtual disk. The vdisk can be any size you want and have a minimal chroot
122 environment that is under 3Mb.
124 If you want to create a vdisk and chroot automatically you can use use the tool
125 ssfs-server. Here is a short example to create a chroot and create a user
126 login 'tux-sync' with a protected $HOME in the chroot, the root directory can
127 be specified on the command line or changed in the configuration file. The
128 vdisk creation size is set in Gb and can be changed in the config file or from
129 the cmdline:
131 # ssfs-server gen-vdisk --size=2
132 # ssfs-server adduser --login=tux-sync --id=2000 --pass=tuX0cc
134 Users can be listed or completely deleted including all files in home. More
135 information can be found with the built in help:
137 # ssfs-server help
140 Ssfs virtual disk
141 -----------------
142 A virtual Ssfs disk is a raw file created with dd and formated in ext3. It is
143 mounted by default on /ssfs and contains a minimal chroot environment with a user's
144 home directory. We use a virtual disk to enforce security and use a separate
145 media for Ssfs secure files, it also protects the host and limits storage size.
146 The tool ssfs-server handles vdisk creation but you can also create one manually
147 or use a separate HD if the server has more than one disk. To create a 2Gb
148 vdisk and format it to ext3:
150 # dd if=/dev/zero of=/home/ssfs.disk bs=1G count=2
151 # mkfs.ext3 -T ext3 -L "Ssfs" -F /home/ssfs.ext3
153 Now you have a virtual disk you can mount it, the path must match SSFS_CHROOT
154 found in ssfs-server.conf, default mount point is /ssfs to clearly separate
155 the filesystem from the standard host file hierarchy:
157 # mkdir /ssfs
158 # mount -o loop -t ext3 /home/ssfs.disk /ssfs
160 To automaticaly mount the vdisk on boot you may want to add a ssfs system user
161 and a line into the file /etc/fstab:
163 # adduser -S -g "Ssfs Server" -h /ssfs -s /bin/false ssfs
164 /home/ssfs.disk /ssfs ext3 rw,loop,ssfs,ssfs 0 0
167 Server users config
168 -------------------
169 When adding a user with 'ssfs-server adduser', the user is added to the host
170 /etc/passwd and a custom user config file is created in SSFS_USERS with the
171 login name.
174 Server web interface
175 --------------------
176 Ssfs package provides a small CGI SHell web interface to the server. The goal is
177 to provide a service status and information. It uses the server configuration to
178 know the Ssfs virtual disk path and display statistics about the filesystem.
181 Development and Bugs
182 --------------------
183 If you want to install the latest code to test and help in development you can
184 clone the ssfs Mercurial repository. As usual, closely follow the SliTaz light
185 philosophy with speed and security in mind: hg clone http://hg.slitaz.org/ssfs
187 Install with 'make install' (DESTDIR is supported for packaging), update the POT
188 file if any new strings have been added with 'make pot', and merger PO files with
189 the command 'make msgmerge'. Any ideas are welcome and can be discussed. If you
190 are searching for something to do you can have a look to the TODO file :-)
192 Bugs can be reported on the SliTaz mailing list, forum or scn since the devel
193 forum is synced. All sites are linked from: http://www.slitaz.org/
195 To share ideas and get involved in the Ssfs project you can join the Ssfs group
196 on the SliTaz Community Network website : http://scn.slitaz.org/groups/ssfs/
199 ===============================================================================