5

I normally use NFS, however I am not so comfortable with the security as basically a root user can just change his UID to an arbitrarily one in order to obtain access to a shared folder.

Moreover, access can be restricted based on the IP address of a machine, but someone who has access to the router can temporarily change his IP address (to one having access).

I think the best solution would be a shared file system which uses public key authentication to manages access rights, e.g. similar to ssh.

Does such a technology exist for a multi-user network file system in linux with concurrent read/write access?

Improve this question
6
  • 2
    You can access filesystems over SSH using the FUSE plugin SSHFS. Commented Feb 8, 2014 at 23:02
  • unix.stackexchange.com/questions/tagged/sshfs Commented Feb 8, 2014 at 23:03
  • thx, do you mean this fuse.sourceforge.net/sshfs.html ? Is it a stable system or experimental? IT seems some users report data loss and not proper synchronization with a git repository... Commented Feb 8, 2014 at 23:10
  • from wikipedia "For distributed remote file systems with multiple users, protocols such as Apple Filing Protocol, Network File System and Server Message Block are more often used. SSHFS is an alternative to those protocols only in situations where users are confident that files and directories will not be targeted for writing by another user, at the same time"... so it seems it is not optimal for a multi-user environment... Commented Feb 8, 2014 at 23:19
  • Sorry you didn't mention multi-user env. Absolutely not the right choice. SMB would probably be the way to go. Commented Feb 8, 2014 at 23:30

2 Answers 2

Reset to default
1

Yes, NFS is rather weak in these areas. However, there's RPCGSS in NFS4+.

What you appear to be looking for is something along the lines of a clustered filesystem (shared block device), or a more modern client/server system (AFS comes to mind.) But in almost all cases, you are placing some amount of trust in the hosts -- and users of those hosts -- accessing your file server.

Improve this answer
1

I've been wanting to try tahoe-lafs for quite some time - sounds like it may fit your bill. The project page is here: https://tahoe-lafs.org/trac/tahoe-lafs

The setup guide I've had as a stale firefox tab for almost a year is: http://www.lowendguide.com/3/networking/how-to-set-up-your-own-distributed-redundant-and-encrypted-storage-grid-in-a-few-easy-steps-tahoe-lafs/

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.