On Mon, 2007-04-23 at 22:22 +0200, Rico Secada wrote: > On Mon, 23 Apr 2007 13:52:58 -0400 > Greg Folkert <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-23 at 19:39 +0200, Rico Secada wrote: > > > On Mon, 23 Apr 2007 11:26:42 -0400 > > > Greg Folkert <[EMAIL PROTECTED]> wrote: > > > > > About the union thing I first thought of somehow union mouting all the > > > > > different home directories on a single machine which then serves as > > > > > the access point, but I am affraid if that particular machine crashes, > > > > > then no one can get to their files. > > > > > > > > > > Good ideas and experiences are greatly appreciated! > > > > > > > > Lookup sshfs (or shfs as it is commonly know) it is completely at the > > > > whim of the user. They use an existing well known, well vetted daemon > > > > (openssh-server) and in a local environment (meaning no slow links) with > > > > 100Mbit/sec, I get nearly line speed transfer rates (100Mbit/sec == > > > > 11MByte/sec). > > > > > > > > Though you will need to beef up end user knowledge about strong > > > > passwords and key-auth only authentication, it'll more than makeup for > > > > the traveling or remote user. > > > > > > > > I can say that sshfs is probably the singe best thing I've seen come > > > > along in a long time. Mainly because, if you already have established > > > > good SSH practices, there is really no additional server-side setup you > > > > need to use. > > > > > > Thank you very much for your reply Greg. This is a very good solution > > > but it does provide one obstacle since users do not have SSH access to > > > the servers. If I where to use this solutuion I somehow need to jail > > > the users to their home directories. As far as I know its not possible > > > with SSH. > > > > Why would you need to jail them? > > > > With properly setup homedirs (chmod 0700) nothing needs to be worried > > about as far as seeing other peoples stuff. And as long as they are only > > users, no other groups besides their own group. There is no need to > > worry. For example: > > > > username: joe UID=1110 GID=1110 > > > > No other membership in any additional group. Only can see his stuff > > period. > > > > Infact, it is better than nfs or cifs in regards to security. EVERYTHING > > is in userland and only allows them access to their own stuff on the > > server... even IF they ssh in. > > Any suggestions regarding how to make it apear like there is only one > server host? Should I perhaps locally mount all the directories via > NFS unto a single host which will then serve SSH out to the world? Or > is there some better solution?
Personally, I'd use a cluster/distributed filesystem with back links or references etc. But then... I'll have to look into that... but later, my Step father just called and said he bought a new "hard-drive"... yeah could be anything from an external to a new machine to an internal. But then I usually just have ONE HUGE-E-MONGOUS nfs/smb/cifs/afs/other file server doing the work, depending on the traffic, I used bonding of NICs. You could always setup an ssh forwarding service for various ports... 10021 for server A, 10022 for server B, 10023 for server C all using the same IP. IPtables or OpenBSD's PF works wonderful for that. Then all your people just need to know the "name" and the port. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
signature.asc
Description: This is a digitally signed message part
