[CS-FSLUG] To SHFS or SSHFS...

Don Parris evangelinux at matheteuo.org
Thu Oct 20 12:07:22 CDT 2005 

David Aikema wrote:
> On 10/19/05, Don Parris <evangelinux at matheteuo.org> wrote:
> 
>>SHFS and SSHFS are two projects that could replace NFS as a secure network
>>filesystem in our proposed LS3.  However, what are the the advantages of each?
> 
> 
> What's an LS3?
> 
> 

Sorry David.  I sometimes take things for granted that I probably shouldn't. 
  The LS3 is the Libre Software Solution Stack, a defined turn-key toolkit 
for churches.  It basically is a way of saying The Freely Project 
recommends, and will support churches that use this particular set of libre 
software packages.  It defines an OS distribution - currently Ubuntu is the 
front-runner - a set of networking services/utilities, and productivity 
apps, like OpenOffice.org, Lyricue, Sword apps, and ChurchInfo.

The idea is to give churches a well-defined solution set that they or their 
support providers can implement relatively easily.  Although not everyone 
will be able to support it fully - at least no initially, It gives support 
providers something to work on while we raise awareness of this as an 
option.  Churches would have either volunteer or commercial support, 
depending on the circumstances.  A couple of people from North Carolina, 
Oklahoma, and Pennsylvania are willing to provide support within their own 
limitations.  However, if something happens to the local relationship, it is 
possible to maintain the support via the Internet through The Freely Project.

I'll be posting an article about this soon through one of the news sites. 
That article should do 2 or 3 things:
<> raise awareness
<> stir interest among vendors that already work with churches
<> and possibly grab the attention of those folks that think there is 
nothing out there for churches to migrate to (or don't know where to begin)

<snip>
> 
> 
> To me it's SSHFS that seems a little more mature than SHFS ... the
> latter speaks of "perl and shell code for the remote (server) side" so
> it seems that it's a little more complicated to setup (and if the code
> is running as root on the opposite end, potentially less secure). 
> Additionally, the website for the latter also notes that "the code was
> originally developed as an assignment for an Operating Systems course
> at the Charles University, Prague," and you can take that however you
> wish.
> 
That doesn't really mean much to me.  It was a college student in Finland 
who started the development of a hobby OS that we now enjoy!  However, that 
doesn't imply that these people have done a great job of coding.  So that's 
why it doesn't mean much to me.  I would be very afraid if it had been 
written as part of a Microsoft project. ;-)

> 
>>SHFS can make root connections, while SSHFS suggests running as user, not
>>root.  I assume that means it's best not to make connections as root.
>>Someone else may have a sense of whether this is an advantage or
>>disadvantage.
> 
> 
> It's potentially more hazardous to run things as root.  However, there
> is the advantage mentioned of being able to maintain file ownership. 
> When a process is running as root, if well coded, it may be dropping
> root privileges when it doesn't need them through the usage of the
> setuid function, and this wuold limit the security risk somewhat.  (At
> the moment I'm simply too tired and/or lazy to check the source of
> shfs to confirm this though).
> 
I am aware of the hazards of running things as root, generally.  I wasn't 
sure how that would apply here.  It makes sense not to, but is there a need 
to do so?  Heck, even if I looked at the source, I wouldn't know if it was 
good or bad. ;-)

> I'm not really familiar with user-space file systems under Linux,
> though, so I can't really say much about FUSE and whether or not it's
> any good.
> 
One of my fellow LUGheads here is using SSHFS, so I'll have to ask him if he 
has any issues with the speed.

Thanks,
Don

More information about the Christiansource mailing list