On Mon, 23 Apr 2007 13:52:58 -0400 Greg Folkert <[EMAIL PROTECTED]> wrote:
> On Mon, 2007-04-23 at 19:39 +0200, Rico Secada wrote: > > On Mon, 23 Apr 2007 11:26:42 -0400 > > Greg Folkert <[EMAIL PROTECTED]> wrote: > > > > About the union thing I first thought of somehow union mouting all the > > > > different home directories on a single machine which then serves as > > > > the access point, but I am affraid if that particular machine crashes, > > > > then no one can get to their files. > > > > > > > > Good ideas and experiences are greatly appreciated! > > > > > > Lookup sshfs (or shfs as it is commonly know) it is completely at the > > > whim of the user. They use an existing well known, well vetted daemon > > > (openssh-server) and in a local environment (meaning no slow links) with > > > 100Mbit/sec, I get nearly line speed transfer rates (100Mbit/sec == > > > 11MByte/sec). > > > > > > Though you will need to beef up end user knowledge about strong > > > passwords and key-auth only authentication, it'll more than makeup for > > > the traveling or remote user. > > > > > > I can say that sshfs is probably the singe best thing I've seen come > > > along in a long time. Mainly because, if you already have established > > > good SSH practices, there is really no additional server-side setup you > > > need to use. > > > > Thank you very much for your reply Greg. This is a very good solution > > but it does provide one obstacle since users do not have SSH access to > > the servers. If I where to use this solutuion I somehow need to jail > > the users to their home directories. As far as I know its not possible > > with SSH. > > Why would you need to jail them? > > With properly setup homedirs (chmod 0700) nothing needs to be worried > about as far as seeing other peoples stuff. And as long as they are only > users, no other groups besides their own group. There is no need to > worry. For example: > > username: joe UID=1110 GID=1110 > > No other membership in any additional group. Only can see his stuff > period. > > Infact, it is better than nfs or cifs in regards to security. EVERYTHING > is in userland and only allows them access to their own stuff on the > server... even IF they ssh in. Any suggestions regarding how to make it apear like there is only one server host? Should I perhaps locally mount all the directories via NFS unto a single host which will then serve SSH out to the world? Or is there some better solution? > -- > greg, [EMAIL PROTECTED] > > Novell's Directory Services is a competitive product to Microsoft's > Active Directory in much the same way that the Saturn V is a competitive > product to those dinky little model rockets that kids light off down at > the playfield. -- Thane Walkup > -- Best and kind regards Rico Secada -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]