.\" Automatically generated by Pod::Man version 1.15 .\" Fri Dec 20 09:54:03 2002 .\" .\" Standard preamble: .\" ====================================================================== .de Sh \" Subsection heading .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used .\" to do unbreakable dashes and therefore won't be available. \*(C` and .\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" If the F register is turned on, we'll generate index entries on stderr .\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and .\" index entries marked with X<> in POD. Of course, you'll have to process .\" the output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .\" .\" For nroff, turn off justification. Always turn off hyphenation; it .\" makes way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. .bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ====================================================================== .\" .IX Title "SFS 1" .TH SFS 1 "perl v5.6.1" "2002-12-08" "User Contributed Perl Documentation" .UC .SH "NAME" \&\s-1SFS\s0 \- Self Certifying Filesystem .SH "DOCUMENTATION" .IX Header "DOCUMENTATION" This manpage was written as short description and as pointer to more complete documentation. Up to date documentation can be found as Info-pages of \s-1SFS\s0 (or from /usr/share/doc/sfs-common in Debian systems). You can access the Info pages with command \&\*(L"info sfs\*(R". .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1SFS\s0 is a secure, global network filesystem with comple- tedly decentralized control. It takes \s-1NFS\s0 shares expor- ted from localhost and transports them securely to other hosts; \s-1NFS\s0 services do not need to be exposed to network. .PP \&\s-1SFS\s0 features key management and authorization separated from filesystem with key revokation separated from key distribution. .PP More information and new versions can be found from: .PP http://www.fs.net .SH "GLOBAL NAMESPACE" .IX Header "GLOBAL NAMESPACE" \&\s-1SFS\s0 mounts directories from fileservers under a directory in the form: .PP /sfs/@\fBLocation\fR,\fIHostID\fR .PP \&\fBLocation\fR is either ip address or hostname of the server. .PP \&\fIHostID\fR is a collision-resistant cryptographic hash of the file server's public key. .SH "CLIENT DESCRIPTION" .IX Header "CLIENT DESCRIPTION" Client side operation of \s-1SFS\s0 consists of following prog- rams: .Ip "\fBsfscd\fR" 2 .IX Item "sfscd" creates and serves /sfs directory on client machine. Also starts nfsmounter and sfsrwcd as needed. .Ip "\fBnfsmounter\fR" 2 .IX Item "nfsmounter" mounts and unmounts \s-1NFS\s0 filesystems as kernel \s-1NFS\s0 client accesses them. .Ip "\fBsfsrwcd\fR" 2 .IX Item "sfsrwcd" is a daemon that implements normal read/write filesystem protocol. It acts as a \s-1NFS\s0 server to local \s-1NFS\s0 client. .SH "USER PROGRAMS" .IX Header "USER PROGRAMS" On client machine user normally uses the following prog- rams: .Ip "\fBsfsagent\fR" 2 .IX Item "sfsagent" handles authentication as user moves to new filesystems. It also can fetch new HostIDs and perform revocation checks on them. .Ip "\fBsfskey\fR" 2 .IX Item "sfskey" manages user and server keys and is used to configure sfsagent for different situations. .SH "SERVER DESCRIPTION" .IX Header "SERVER DESCRIPTION" Server side consists of following programs: .Ip "\fBsfssd\fR" 2 .IX Item "sfssd" handles incoming connections and spawns sfsrwcd and sfsrwcd as needed. .Ip "\fBsfsrwcd\fR" 2 .IX Item "sfsrwcd" is a daemon that implements normal read/write filesystem protocol and talks to local \s-1NFS\s0 server. .Ip "\fBsfsauthd\fR" 2 .IX Item "sfsauthd" handles user authentication. It communicates directly with sfsrwsd to authenticate users of the file system. It also accepts connections over the network from sfskey to let users download their private keys or change their public keys. .SH "HELPER BINARIES" .IX Header "HELPER BINARIES" There are few small programs to help with misc tasks: .Ip "\fBrpcc\fR" .IX Item "rpcc" To be documented. .Ip "\fBfunmount\fR" .IX Item "funmount" To be documented. .Ip "\fBdirsearch\fR" .IX Item "dirsearch" can be used with \fBsfskey certprog\fR command to configure certification paths \-\-lists of directories in which to look for symbolic links to \fIHostID\fRs. .PP Usage is: .Ip "\fBdirsearch\fR [\fB\-clpq\fR] dir1 [dir2 ...] name" 4 .IX Item "dirsearch [-clpq] dir1 [dir2 ...] name" \&\fBdirsearch\fR searches through dir1\-x untill it finds the file \*(L"name\*(R" and prints \*(L"dir/name\*(R". Following options affect this: .Ip "\fB\-c\fR" 4 .IX Item "-c" Print the contents of the file to standard output, instead of its pathname. .Ip "\fB\-l\fR" 4 .IX Item "-l" Require that \*(L"dir/name\*(R" be a symbolic link, and print the path of the link's destination, rather than the path of the link itself. .Ip "\fB\-p\fR" 4 .IX Item "-p" Print the path \*(L"dir/name\*(R". This is the default behavior anyway, so the option \fB\-p\fR has no effect. .Ip "\fB\-q\fR" 4 .IX Item "-q" Do not print anything. Exit abnormally if \*(L"name\*(R" is not found in any of the directories. .Ip "\fBssu\fR" .IX Item "ssu" The \fBssu\fR command allows an unprivileged user to become root on the local machine without changing his \s-1SFS\s0 credentials. \fBssu\fR invokes the command \fBsu\fR to become root. Thus, the access and password checks needed to become root are identical to those of the local operating system's \fBsu\fR command. \fBssu\fR also runs \fBnewaid\fR to alter the group list so that \s-1SFS\s0 can recognize the root shell as belonging to the original user. .Sp Usage: .Ip "\fBssu\fR [\fB\-f\fR | \fB\-m\fR | \fB\-l\fR | \fB\-c\fR command]" 4 .IX Item "ssu [-f | -m | -l | -c command]" .PD 0 .Ip "\fB\-f\fR" 4 .IX Item "-f" .Ip "\fB\-m\fR" 4 .IX Item "-m" .PD this and \fB\-f\fR command are passed through to the \fBsu\fR command. .Ip "\fB\-l\fR" 4 .IX Item "-l" This option causes the newly spawned root shell to behave like a login shell. .Ip "\fB\-c\fR command" 4 .IX Item "-c command" Tells ssu to tell su to run command rather than running a shell. .SH "SEE ALSO" .IX Header "SEE ALSO" sfskey(1), nfs(5), info(1), sfsagent(1) .SH "NOTES" .IX Header "NOTES" Solid NFSv3 support is required from kernel and supporting utilities. .SH "CAVEATS" .IX Header "CAVEATS" You really do not want to kill nfsmounter, as it is responsible for cleaning up and unmounting filesystems on the client side, if sfscd has died or something else happened. .SH "BUGS" .IX Header "BUGS" /sfs is not \s-1FHS\s0 compliant. \s-1FHS\s0 on the other hand is lack- ing mount points for system mounts. .SH "AUTHOR" .IX Header "AUTHOR" This manpage was written by Jaakko Niemi for sfs packaging in Debian/GNU Operating System.