[TriLUG] remote mounting of home directories
Paul D. Boyle
boyle at laue.chem.ncsu.edu
Fri Aug 17 09:19:27 EDT 2001
Robby Dermody wrote:
> I'll be going off to college soon. I plan on having a server at my dorm
> room, and a laptop I use for everything else. I want to be able to mount my
> home directory from the server on the go.
In general, I think it is a bad idea to export $HOME directories via NFS,
particularly if you have exported it as a writeable volume.
> 1. Still have a minimal home dir on my laptop, since if I use an NFS mount
> for /home/myusername and couldn't get to it, I'd be screwed. Mount the NFS
> homedir at like /mnt/nfshome or something, and manually put files on the
> server's homedir when I get the chance, if I've been using the laptop on the
> road.
To increase security a little you could have your $HOME directory
on the server be structured so that there is an 'export' directory
underneath home. Move what you need to be exported which is in your
$HOME directory now (*don't* move the "dot" and "rc" configuration
files, which you shouldn't want to change from your client anyway).
Edit your /etc/exports file to export this subdirectory. The laptop
could similarly have a subdirectory $HOME/mnt/ which would act as a
mount point for your NFS server.
> 2. If something like this exists, have something that replicates the
> server's copy of the homedir on my laptop, allowing me to work offlile when
> I can't be connected to the internet, then when I do have an active internet
> connection, will automatically synch up with the server's copy and publish
> changes. This would be great.
Try looking at rsync. I haven't used it personally but it may do what you
want.
> Another very important condition is that the process has to be secure.
As above, don't export your $HOME directory. The most obvious attack when
someone exports a $HOME directory (especially as writable) is a .rhosts
file to be placed in the $HOME which allows the attacker to rlogin in
and have free access to the directory tree looking for vulnerabilities.
They could also rcp nasty programs (e.g. one which are vulnerable to
buffer overrun exploits) and gain root access to your machine.
Good Luck,
Paul
--
Paul D. Boyle | boyle at laue.chem.ncsu.edu
Director, X-ray Structural Facility | phone: (919) 515-7362
Department of Chemistry - Box 8204 | FAX: (919) 515-5079
North Carolina State University |
Raleigh, NC, 27695-8204
http://laue.chem.ncsu.edu/web/xray.welcome.html
More information about the TriLUG
mailing list