View previous topic :: View next topic |
Author |
Message |
Manu311 Tux's lil' helper
Joined: 17 Nov 2010 Posts: 128
|
Posted: Sat May 25, 2013 6:44 am Post subject: Nfs for encrypted private directories |
|
|
Hi,
I usually work at my notebook so there are my important datas (encrypted) - and I mount them to my apache directory (if I need them).
So while I'm at home, I would prefer to work on my pc while just mounting the directory for easy access (editors may work over gbit lan, but without network in between it's way better).
So I wanted to share the directorys via nfs - but if I try to mount it - nfs tells me "permission denied by server". That is for the encrypted (obviously unlocked) directory - if I mount the "mount --bind" version at apache - it just shows me an empty directory there.
So I've read about sth like this:
Code: | /export 192.168.0.0/24(rw,fsid=0,no_subtree_check)
/export/home 192.168.0.0/24(rw,nohide,insecure,no_subtree_check)
/export/data 192.168.0.0/24(rw,nohide,insecure,no_subtree_check) |
Tried it - and the moment I used "ls" nfs on client side just totally blocked.
In detail: I can't umount the directory at all - no matter what I try (I even "rmmod -f" the module - still) and if I access the directory and try "ls" the terminal freezes.
After that rmmod -f the ls in the parent directory of the mount works again but just shows me "killed" instead of the directories.
Actually I don't realy care if it's unsafe the way I do it (since it's just my very private network) I just want it working. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21490
|
Posted: Sat May 25, 2013 4:09 pm Post subject: |
|
|
In what way is the directory encrypted? Have you considered using sshfs instead of NFS? Also, for some editors, X11 forwarding over a LAN is a good option. |
|
Back to top |
|
|
Manu311 Tux's lil' helper
Joined: 17 Nov 2010 Posts: 128
|
Posted: Sat May 25, 2013 9:34 pm Post subject: |
|
|
Hu wrote: | In what way is the directory encrypted? Have you considered using sshfs instead of NFS? Also, for some editors, X11 forwarding over a LAN is a good option. |
Didn't knew about sshfs, I guess I'll try that. Currently I'm using X11 forwarding. |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Fri May 31, 2013 10:48 pm Post subject: |
|
|
If you still want to get NFS working, you need to post more information
1) NFS version?
2) kernel version on server and client
3) How is data on your server encrypted: dm-crypt?
4) on server and client: output of
5) on server and client: output of Code: | showmount -e <ip address of server> |
6) output of /etc/exports on your server
7) are there any firewalls on your client or on your server?
9) Which user do you use on your server and your client? Do they have exactly the same user-ids and group-ids? |
|
Back to top |
|
|
Manu311 Tux's lil' helper
Joined: 17 Nov 2010 Posts: 128
|
Posted: Sat Jun 01, 2013 7:23 am Post subject: |
|
|
bug_report wrote: | If you still want to get NFS working, you need to post more information
1) NFS version? ntf-utils-1.2.6
2) kernel version on server and client 3.9.0 (client) 3.9.3 (server)
3) How is data on your server encrypted: dm-crypt? ecryptfs (is that enough?)
4) on server and client: output of
Code: | root 2463 2 0 09:11 ? 00:00:00 [rpciod]
root 4926 1 0 09:14 ? 00:00:00 /sbin/rpcbind
root 4941 1 0 09:14 ? 00:00:00 /sbin/rpc.statd --no-notify
root 4971 1 0 09:14 ? 00:00:00 /usr/sbin/rpc.idmapd
root 4996 1 0 09:14 ? 00:00:00 /usr/sbin/rpc.mountd | (thought I've removed the grep statement from that)
5) on server and client: output of Code: | showmount -e <ip address of server> | Exportlist here is actually empty, thought I've currently only had the directorys (apache-home) there which works.
6) output of /etc/exports on your server you prob mean what that file contents? since it's not executable (at least I didn't made it). But I tried multiple thinks and just tell me what to put there to make it work .
7) are there any firewalls on your client or on your server? no
9) Which user do you use on your server and your client? Do they have exactly the same user-ids and group-ids? | they even have the same password . I tried root as well.
After all I've got an idea why I can't mount that directory - since the "encrypting" is working via mount (-t ecryptfs) the home-directory is obviously mounted, and I was never able to export anything that's mounted. I would need to export the source directory - which is not possible.
Anyways I'm pretty happy with sshfs for now. |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Sat Jun 01, 2013 11:32 am Post subject: |
|
|
Quote: | Anyways I'm pretty happy with sshfs for now. |
If you're happy with sshfs, keep it... |
|
Back to top |
|
|
|