darryl-90a536wCiRb3fQ9qLvQP4Q at public.gmane.org
Tue Nov 10 20:21:11 UTC 2009
Tyler Aviss wrote:
> On Thu, Nov 5, 2009 at 11:15 AM, Chris F.A. Johnson
> Ditto on SSHFS, it tends to be a little more friendly and a lot more
> secure than NFS, though I haven't tested it for massive deployment.
I'm not sure it could work for a massive deployment. At least not for
centrally mounted home directories the conventional way NFS does. sshfs
mounted directories will only have the same access as the user that
mounted them. There is no way this could work if /home is on another
machine, and several users are using the client machine.
I thought NFSv4 was going to include options for network encryption, or
require network login before making user files accessable, or something
like that. Is machine to machine encryption for filesystem data a big
deal in corporate deployments, when the machines are on the same local
A perpetrator could, I suppose, fake the UID of the user they want steal
files from. Root access can be denied so they would not be able to
damage the system. They would have to know the UID of the user who owns
the files they want, and they would have to bring in their own Linux box.
If you are concerned about file security that much, what about simply
encrypting the directories? That way even spoofing the UID wont help.
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy