Provided by: sfs-common_0.8-0+pre20060720.1-1.1_i386 bug

NAME

       SFS - Self Certifying Filesystem

DOCUMENTATION

       This manpage was written as short description and as pointer to more
       complete documentation. Up to date documentation can be found as Info-
       pages of SFS.  You can access the Info pages with command "info sfs".
       An HTML version of the info pages may also be available on your system
       in /usr/local/lib/sfs/sfs.html or /usr/lib/sfs/sfs.html.

DESCRIPTION

       SFS is a secure, global network filesystem with completedly
       decentralized control. It takes NFS shares exported from localhost and
       transports them securely to other hosts; NFS services do not need to be
       exposed to network.

       SFS features key management and authorization separated from filesystem
       with key revokation separated from key distribution.

       More information and new versions can be found on the SFS website:

       http://www.fs.net/

GLOBAL NAMESPACE

       SFS mounts directories from fileservers under a directory in the form:

       /sfs/@Location,HostID

       Location is either ip address or DNS hostname of the server.

       HostID is a collision-resistant cryptographic hash of the file server’s
       public key.

CLIENT DESCRIPTION

       Client side operation of SFS consists of following programs:

       sfscd
         creates and serves /sfs directory on client machine. Also starts
         nfsmounter and sfsrwcd as needed.

       nfsmounter
         mounts and unmounts NFS filesystems as kernel NFS client accesses
         them.

       sfsrwcd
         is a daemon that implements normal read/write filesystem protocol.
         It acts as a NFS server to local NFS client.

USER PROGRAMS

       On client machine user normally uses the following prog- rams:

       sfsagent
         handles authentication as user moves to new filesystems.  It also can
         fetch new HostIDs and perform revocation checks on them.

       sfskey
         manages user and server keys and is used to configure sfsagent for
         different situations.

       rex
         a remote login program, similar in spirit to SSH, that uses SFS’s key
         management and authentication mechanisms, and can forward a user’s
         sfsagent to remote machines.

SERVER DESCRIPTION

       Server side consists of following programs:

       sfssd
         handles incoming connections and spawns sfsrwcd and sfsrwcd as
         needed.

       sfsrwcd
         is a daemon that implements normal read/write filesystem protocol and
         talks to local NFS server.

       sfsauthd
         handles user authentication. It communicates directly with sfsrwsd to
         authenticate users of the file system. It also accepts connections
         over the network from sfskey to let users download their private keys
         or change their public keys.

       rexd
         remote login server that performs key exchange with remote rex
         clients and does authorization checking of remote users before
         allowing them to spawn or connect to proxy.

       proxy
         server-side of the rex remote login utility, which clients spawn and
         connect to through the privileged rexd server.  There is typically
         one instance of proxy per user logged into a machine (regardless of
         how many times the user is logged in), running with the permissions
         of the user.

HELPER BINARIES

         There are few small programs to help with misc tasks:

       ssu
         allows an unprivileged user to become root on the local machine
         without changing his SFS credentials.

       rpcc
         an RPC compiler for RFC1832-format XDR files.  Used by other systems
         that link against the SFS libraries.

       funmount
         forcibly unmounts a file system, doing as little else as possible.
         May be of use when cleaning up a system after a crash.

       dirsearch
         can be used with sfskey certprog command to configure certification
         paths--lists of directories in which to look for symbolic links to
         HostIDs.

SEE ALSO

       sfskey(1), nfs(5), info(1), sfsagent(1)

NOTES

       Solid NFSv3 support is required from kernel and supporting utilities.

CAVEATS

       You really do not want to kill -9 nfsmounter, as it is responsible for
       cleaning up and unmounting filesystems on the client side, if sfscd has
       died or something else happened.

AUTHOR

       SFS was written by the SFS development team, sfsdev@redlab.lcs.mit.edu.
       This manpage was originally written by Jaakko Niemi for sfs packaging
       in Debian/GNU Operating System.  It has since been edited by the SFS
       development team and included with the SFS distribution.