Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experiences and Thoughts on SHFS?

Posted by Cliff on from the ssh-based-fileshares dept.

eugene ts wong asks: "I was looking over SHFS, & I thought that this seems like a very good software package. If I understand it correctly, then it should be the defacto way to mount shares across a network. I never heard of it till today, though. What do all of you think of this? What kinds of experiences do you have? I am interested in hearing some of your stories. I heard that NFS isn't secure. How do they both compare? Would you recommend SHFS for small, medium & large businesses?"

43 comments

  1. SSN Tried and true secure network by Anonymous Coward · · Score: 2, Funny

    Secure Sneaker Net
    Two feet
    Write Only Floppy Disk.

    1. Re:SSN Tried and true secure network by thempstead · · Score: 2, Funny
      but why are you carrying around a floppy disk which you can put data onto but not get it off ?????

      :)

      t

    2. Re:SSN Tried and true secure network by Anonymous Coward · · Score: 0

      Uh, because there's data on the other boxes that needs to be secured. Copy and delete!!

    3. Re:SSN Tried and true secure network by bhtooefr · · Score: 1

      Because Windows writes to bad disks, and the chance of a floppy disk living is calculated with this formula (P is probability, T is time):

      P = 1/T

  2. who told you NFS is not secure ? by johnjones · · Score: 4, Interesting

    or more to the point why do you think its secure ?

    it all comes down to trust...

    do you trust the network your pluged into ?
    how about the people who are selling that VPN ?

    I surgest that you have a look at IPSec

    it works on winXP linux solaris BSD's and then find a Networked File System that is high performance

    regards

    John Jones

    1. Re:who told you NFS is not secure ? by eugene+ts+wong · · Score: 1
      I surgest that you have a look at IPSec
      Thanks for the suggestion. I'll do that.

      I'd like to thank everybody for their responses. I really appreciate hearing the bad stuff. There's really no need to learn everything the hard way! :^)
      --
      testing out my trending skills
  3. I just recently found it myself by Padrino121 · · Score: 5, Interesting

    I wanted a transparent way to access my remote files over SSH since it's the only external access I trust and came upon SHFS a couple of weeks ago.

    It has worked out really nice and I now don't have to do the scp or SFTP dance all of the time to edit files on a remote box.

    One thing I came across though during "make install" under 2.6 is that the .ko module built for 2.6 that the install process copies to you lib/modules directory didn't work. There was however a .o as well built for 2.6 that worked great after I copied it manually.

  4. tried it by Satai · · Score: 4, Informative

    I tried it, and I found it to be a bit unreliable. This was last fall... Random accesses on files were slow, and frequently it hung, leaving me with orphaned partitions I couldn't umount. Otherwise it worked ok -- I mean, it was easy to configure and whatnot, but performance wise when I tried it it was found lacking.

    1. Re:tried it by OeLeWaPpErKe · · Score: 1

      look up the lazy unmount option ... And besides, NFS has this problem too.

      umount -fl /mnt/partition will work, even when the filesystem is having problems. It might not actually be removed from the kernel if you do it that way, but at least it won't bother you any more.

  5. same here by KnightStalker · · Score: 2, Interesting

    i had the same results more than a year ago. Eventually I settled on emacs + tramp which does a suitable job of allowing me to edit remote files over SSH with little pain.

    --
    * And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
    1. Re:same here by 1010011010 · · Score: 1

      SubEthaEdit plus Fugu does a nice job; I can sftp to a server and double-click a file. It opens in SubEthaEdit. When I save, Fugu copies it back.

      --
      Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
    2. Re:same here by KnightStalker · · Score: 1

      Nifty. Two more reasons to get a shiny powerbook, as if i needed them...

      --
      * And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
  6. 3 week experience. by Anonymous Coward · · Score: 5, Informative

    I have been using shfs for a few weeks now, and here are the pros and cons with my limited experience with it.

    Pros:
    (i) mounting remote filesystems over ssh is great, as you don't have to worry about opening up new ports.
    (ii) read-only performance is good (I haven't had any problems).

    Cons:
    (i) definitely *buggy* (do not even think of using this for mounting partitions w/ critical data). For e.g., I mounted it read-only and by mistake opened a file with vim. When I tried to !wq, vim refused to write (obviously!), and I just escaped with a q!. Much to my chagrin, the file was gone--- I later figured that this was not a random bug; it was repeatable.
    (ii) write performance (across a 1Mbps DSL conn.) *sucks*!

    1. Re:3 week experience. by gid · · Score: 3, Interesting

      That's really too bad. I tried shfs probably at least 3 years ago or so. I had similar problems. I tried reporting bugs about it, went back and forth a bit, trying new versions as new versions came out with supposed fixes which never quite resolved it. I eventually just lost interest and ended up using something else. There were also some permission problems, it's been awhile now, I can't remember exactly what the problem was but I remember being very frustrated and losing data. (test data mind you). It was also suggested not to "push it" opening too many files at once, another stipulation that made it useless to me. What's pushing it, accessing 2 files at once? 3? 4?

    2. Re:3 week experience. by gid · · Score: 2, Interesting

      Actually, it was ftpfs and then lufs that I used. Sounds like they have or had similar problems.

    3. Re:3 week experience. by Anonymous Coward · · Score: 0

      "Much to my chagrin, the file was gone."

      Why were you embarassed? Wasn't any fault of yours. Sorry, I have a major pet peeve when people use "chagrin" improperly, thinking it means "dismay".

  7. LUFS by telemnar · · Score: 5, Interesting

    sounds a lot like LUFS ( http://lufs.sf.net ) which lets you mount remote filesystems via SSH, FTP, and several other novel protocols.

    1. Re:LUFS by jefu · · Score: 3, Informative
      I've been using lufs across several machines (mostly for the sshfs filesystem) for a bit now with good results - a couple problems (keeping dates in sync for make has been a problem), but nothing insurmountable.

      Easy install, easy to use. Good stuff.

    2. Re:LUFS by dabrepus · · Score: 2, Insightful

      A good way to keep dates in sync would be to use ntp, don't you think?

      Just a small tip :)

  8. Tried it and now using FISH by wan-fu · · Score: 5, Informative

    I tried using shfs but it didn't work very well (YMMV, I'm running a Gentoo 2.6.3 kernel) with my system. Frequent timeouts and the program had problems unmounting shfs mounts. I recently switched to using the "FISH" feature in KDE (fish://username@host/path_to_stuff/) and that has worked fairly well for my purposes.

    1. Re:Tried it and now using FISH by hattmoward · · Score: 3, Interesting

      If you're not forced to do so, change it to sftp://. It is a much better solution if your ssh target has an sftp backend. FISH uses basic shell tools at the remote, like shfs, and that's just too much complexity to be a good solution.

  9. shfs: fine for casual use by Anonymous Coward · · Score: 3, Interesting

    i have been using it for months at home. works great on the home wireless network. well, up until i switched to using my 15" powerbook.

    despite being quite excited about the possibilities, i'd never run this in a production environment. alot of people run down nfs for being insecure and sucky on any number of levels. i have to say, we had a very active messaging system behind a very high profile website use nfs for two years due to a combination of stupid developers and vendor going out of business. it NEVER broke. and we were churning 100's of thousands of files over nfs per day.

    eventually i had to stop bringing it up in meetings cause it never broke. of course YMMV, mine sure did.

  10. ...or you can try sfs by dwoolridge · · Score: 5, Interesting
    From the main page for SFS (Self-certifying File System):
    SFS is a secure, global network file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities.
    1. Re:...or you can try sfs by Anonymous Coward · · Score: 0

      Agreed. SFS is freaking amazing. Thanks DARPA!

  11. Recommendations by winchester · · Score: 2, Informative
    I would most definitely not recommend SHFS for production use. The reason behind this is very simple. It is unproven for production use. With unproven i mean multi-year experience running it in a large-scale, mission critical environment. Contrary what you might think, your home setup is not a large-scale, mission critical environment.

    The place where I work is a UNIX shop, we use NFS all the time, because it operates reliably between various UNIX flavours. Every vendor has a robust implementation. We share terabyte-sized file systems, with no problems whatsoever. If you are worried about the security implications of NFS, there are other ways to combat them.

  12. Write Only Floppy Disk by Anonymous Coward · · Score: 0

    Write Only Floppy Disk... That means you can write, but you can't ever read, right?? Then, I suppose your data will be safe no matter what!

  13. dates by jefu · · Score: 2, Informative

    I've been using ntp on all the machines, but it doesn't seem to help much, there is still enough drift to cause make to fail. I'm not using any of the machines as an ntp server - though I have been thinking about that. Would that help? Especially given that one group of machines is rather a longish network trip from the rest (though only about three blocks in euclidean space).

    1. Re:dates by joto · · Score: 1

      Most likely that would help, yes.

  14. Try NFSv4, or you could tunnel samba over ssh by danpritts · · Score: 3, Informative

    I am not familiar with shfs other than a brief read of the website and this thread.

    w/r/t NFS security, NFSv4 should solve most if not
    all of the problems. Fundamentally two things always bothered me about NFS security.

    RPC - NFS makes heavy use of sun-style RPC, requiring you to use the RPC libraries and the portmapper. This stuff has a bad reputation for security problems, eg, buffer overflows, and there is a lot of it, and it runs on random ports so it's difficult to filter/firewall/tunnel it.

    no user credentials - NFS through V3 doesn't provide any user credentials - root on the client has access to all users' files on the mounted filesystem. There's no server-enforced security.

    NFSv4 fixes the RPC/multiple ports problem.
    I don't know about the user credential problem but i bet it fixes that too.

    On to the quick-and-dirty:
    In the past, I've set up a samba server and used the linux smbfs client to access it, and tunneled the whole business over SSH. It worked reliably, to the limited extent that i tested it (YMMV).
    I don't really remember how well it performed - it was more of a proof-of-concept for me.

    1. Re:Try NFSv4, or you could tunnel samba over ssh by eugene+ts+wong · · Score: 1

      Thanks for your comments. I especially appreciate the smbfs-ssh idea. Right now, we're running MS SFU, so we aren't really needing smbfs. However, I always want to know more options, because I tend to get into the habit of doing things only 1 way.

      --
      testing out my trending skills
    2. Re:Try NFSv4, or you could tunnel samba over ssh by danpritts · · Score: 1

      it did seem kinda "dirty" to me to be using smb to access a linux server from a linux client, but i really liked the ability to tunnel a single port (if i recall correctly) over ssh.

      One thing I remember about this that I forgot to mention is that smbfs didn't properly display unix file modes across the connection. Wasn't surprising when i thought about it, presumably no way in this windows-centric protocol to pass that info. I didn't investigate whether NT acls were somehow emulated, etc.

    3. Re:Try NFSv4, or you could tunnel samba over ssh by eugene+ts+wong · · Score: 1
      it did seem kinda "dirty" to me to be using smb to access a linux server from a linux client, but i really liked the ability to tunnel a single port (if i recall correctly) over ssh.
      I think that I know what you mean.

      I like using 1 "thing" to do as much as possible. So, when I found out that our customers could give us some data through ssh, I implemented it right away. I'm not sure if that's the best method, but I like the idea that we are supposed to be using ssh anyways, so we may as well use it as much as possible.

      If I understand your use of the word, "dirty", then I would argue that it's dirtier to design each tool for such a specific task, that it becomes obsolete in a short amount of time.
      --
      testing out my trending skills
  15. Highly recommend shfs by AlastairMurray · · Score: 1, Interesting

    I've been using shfs to connect to my uni ssh server to access my files from home for about 6 months now, no problems at all (with both 2.4 and 2.6 kernels).

    Would highly recommend it.

  16. NFS multiple ports in V3 by phorm · · Score: 2, Informative

    It's a pain in the butt, but you can at least fix the ports for NFSv3 in order to firewall:

    In your init:
    /sbin/rpc.mountd --port ${RPCMOUNTDPORT}
    /sbin/rpc.statd --port ${LISTEN_PORT}

    And in /etc/modutils/nfs (or whatever works on your distro to set module params):
    options lockd nlm_udpport=4001 nlm_tcpport=4001

    For the above, be sure to run update-modules after in deb. Then afterwards, allow "RPCMOUNTDPORT, LISTEN_PORT, and udp/tcp ports 4001 (or whichever you choose) through the firewall.

    1. Re:NFS multiple ports in V3 by danpritts · · Score: 1

      does this mean that you wouldn't even to run the portmapper?

    2. Re:NFS multiple ports in V3 by phorm · · Score: 1

      Portmapper on port 111... on the systems I've used that's a fixed thing so no special settings were needed to configure it at a fixed-port.

  17. For reading, yes - for writing, no by jabapi · · Score: 1

    If you only need to browse your shfs shares and read some data here and there, then go for it. But for heavier usage and especially if you need to write data... NO WAY. Check out the shfs source code if you need to find out, why. The write routine erm... could be better.