Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Nfs for encrypted private directories
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Manu311
Tux's lil' helper
Tux's lil' helper


Joined: 17 Nov 2010
Posts: 128

PostPosted: Sat May 25, 2013 6:44 am    Post subject: Nfs for encrypted private directories Reply with quote

Hi,

I usually work at my notebook so there are my important datas (encrypted) - and I mount them to my apache directory (if I need them).
So while I'm at home, I would prefer to work on my pc while just mounting the directory for easy access (editors may work over gbit lan, but without network in between it's way better).

So I wanted to share the directorys via nfs - but if I try to mount it - nfs tells me "permission denied by server". That is for the encrypted (obviously unlocked) directory - if I mount the "mount --bind" version at apache - it just shows me an empty directory there.
So I've read about sth like this:
Code:
/export                 192.168.0.0/24(rw,fsid=0,no_subtree_check)
/export/home            192.168.0.0/24(rw,nohide,insecure,no_subtree_check)
/export/data            192.168.0.0/24(rw,nohide,insecure,no_subtree_check)

Tried it - and the moment I used "ls" nfs on client side just totally blocked.
In detail: I can't umount the directory at all - no matter what I try (I even "rmmod -f" the module - still) and if I access the directory and try "ls" the terminal freezes.

After that rmmod -f the ls in the parent directory of the mount works again but just shows me "killed" instead of the directories.

Actually I don't realy care if it's unsafe the way I do it (since it's just my very private network) I just want it working.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Sat May 25, 2013 4:09 pm    Post subject: Reply with quote

In what way is the directory encrypted? Have you considered using sshfs instead of NFS? Also, for some editors, X11 forwarding over a LAN is a good option.
Back to top
View user's profile Send private message
Manu311
Tux's lil' helper
Tux's lil' helper


Joined: 17 Nov 2010
Posts: 128

PostPosted: Sat May 25, 2013 9:34 pm    Post subject: Reply with quote

Hu wrote:
In what way is the directory encrypted? Have you considered using sshfs instead of NFS? Also, for some editors, X11 forwarding over a LAN is a good option.


Didn't knew about sshfs, I guess I'll try that. Currently I'm using X11 forwarding.
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Fri May 31, 2013 10:48 pm    Post subject: Reply with quote

If you still want to get NFS working, you need to post more information
1) NFS version?
2) kernel version on server and client
3) How is data on your server encrypted: dm-crypt?
4) on server and client: output of
Code:
ps -fe | grep rpc

5) on server and client: output of
Code:
showmount -e <ip address of server>

6) output of /etc/exports on your server
7) are there any firewalls on your client or on your server?
9) Which user do you use on your server and your client? Do they have exactly the same user-ids and group-ids?
Back to top
View user's profile Send private message
Manu311
Tux's lil' helper
Tux's lil' helper


Joined: 17 Nov 2010
Posts: 128

PostPosted: Sat Jun 01, 2013 7:23 am    Post subject: Reply with quote

bug_report wrote:
If you still want to get NFS working, you need to post more information
1) NFS version? ntf-utils-1.2.6
2) kernel version on server and client 3.9.0 (client) 3.9.3 (server)
3) How is data on your server encrypted: dm-crypt? ecryptfs (is that enough?)
4) on server and client: output of
Code:
ps -fe | grep rpc

Code:
root      2463     2  0 09:11 ?        00:00:00 [rpciod]
root      4926     1  0 09:14 ?        00:00:00 /sbin/rpcbind
root      4941     1  0 09:14 ?        00:00:00 /sbin/rpc.statd --no-notify
root      4971     1  0 09:14 ?        00:00:00 /usr/sbin/rpc.idmapd
root      4996     1  0 09:14 ?        00:00:00 /usr/sbin/rpc.mountd
(thought I've removed the grep statement from that)
5) on server and client: output of
Code:
showmount -e <ip address of server>
Exportlist here is actually empty, thought I've currently only had the directorys (apache-home) there which works.
6) output of /etc/exports on your server you prob mean what that file contents? since it's not executable (at least I didn't made it). But I tried multiple thinks and just tell me what to put there to make it work :P.
7) are there any firewalls on your client or on your server? no
9) Which user do you use on your server and your client? Do they have exactly the same user-ids and group-ids?
they even have the same password :P. I tried root as well.

After all I've got an idea why I can't mount that directory - since the "encrypting" is working via mount (-t ecryptfs) the home-directory is obviously mounted, and I was never able to export anything that's mounted. I would need to export the source directory - which is not possible.
Anyways I'm pretty happy with sshfs for now.
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Sat Jun 01, 2013 11:32 am    Post subject: Reply with quote

Quote:
Anyways I'm pretty happy with sshfs for now.


If you're happy with sshfs, keep it... :-)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum