SFS - Self Certifying Filesystem

This manpage was written as short description and as pointer to more complete documentation. Up to date documentation can be found as Info-pages of SFS. You can access the Info pages with command info sfs. An HTML version of the info pages may also be available on your system in /usr/local/lib/sfs/sfs.html or /usr/lib/sfs/sfs.html.

SFS is a secure, global network filesystem with completedly decentralized control. It takes NFS shares exported from localhost and transports them securely to other hosts; NFS services do not need to be exposed to network.

SFS features key management and authorization separated from filesystem with key revokation separated from key distribution.

More information and new versions can be found on the SFS website:

http://www.fs.net/

SFS mounts directories from fileservers under a directory in the form:

/sfs/@Location,HostID

Location is either ip address or DNS hostname of the server.

HostID is a collision-resistant cryptographic hash of the file server's public key.

Client side operation of SFS consists of following programs:

sfscd

creates and serves /sfs directory on client machine. Also starts nfsmounter and sfsrwcd as needed.

nfsmounter

mounts and unmounts NFS filesystems as kernel NFS client accesses them.

sfsrwcd

is a daemon that implements normal read/write filesystem protocol. It acts as a NFS server to local NFS client.

On client machine user normally uses the following prog- rams:

sfsagent

handles authentication as user moves to new filesystems. It also can fetch new HostIDs and perform revocation checks on them.

sfskey

manages user and server keys and is used to configure sfsagent for different situations.

rex

a remote login program, similar in spirit to SSH, that uses SFS's key management and authentication mechanisms, and can forward a user's sfsagent to remote machines.

Server side consists of following programs:

sfssd

handles incoming connections and spawns sfsrwcd and sfsrwcd as needed.

sfsrwcd

is a daemon that implements normal read/write filesystem protocol and talks to local NFS server.

sfsauthd

handles user authentication. It communicates directly with sfsrwsd to authenticate users of the file system. It also accepts connections over the network from sfskey to let users download their private keys or change their public keys.

rexd

remote login server that performs key exchange with remote rex clients and does authorization checking of remote users before allowing them to spawn or connect to proxy.

proxy

server-side of the rex remote login utility, which clients spawn and connect to through the privileged rexd server. There is typically one instance of proxy per user logged into a machine (regardless of how many times the user is logged in), running with the permissions of the user.

There are few small programs to help with misc tasks:

ssu

allows an unprivileged user to become root on the local machine without changing his SFS credentials.

rpcc

an RPC compiler for RFC1832-format XDR files. Used by other systems that link against the SFS libraries.

funmount

forcibly unmounts a file system, doing as little else as possible. May be of use when cleaning up a system after a crash.

dirsearch

can be used with sfskey certprog command to configure certification pathslists of directories in which to look for symbolic links to HostIDs.

sfskey(1), nfs(5), info(1), sfsagent(1)

Solid NFSv3 support is required from kernel and supporting utilities.

You really do not want to kill -9 nfsmounter, as it is responsible for cleaning up and unmounting filesystems on the client side, if sfscd has died or something else happened.

SFS was written by the SFS development team, sfsdev@redlab.lcs.mit.edu. This manpage was originally written by Jaakko Niemi for sfs packaging in Debian/GNU Operating System. It has since been edited by the SFS development team and included with the SFS distribution.