For this mode all users may be authenticated by IP-address or login and password. All users will be able to read files in exported directory and write to files unless there is an "ro" option specified for this export.
rfsd worker process will be running with privileges of user (and group) specified by -u and -g options (root by default). Alternatively, worker process user and group may be overridden by specifying "user=" and "group=" options for a particular export.
For this mode, rfsd will log the user into the server's OS. It's like remote shell, but without the actual shell, just for file access. To enable this mode, set option "ugo" for export(s).
If ugo option is specified, -u and -g options in rsfd command line as well as "user=", "group=" and "ro" options in exports file are ignored.
You need to create system users with the same names as remotefs users. However, rfsd will not use system passwords database for authentication, it will use rfspasswd database instead.
In this mode users could use chown and chmod commands to set access rights. Remote and local systems should be synced for this mode to work fully. Otherwise the server may refuse to set the owner if it isn't aware of the specified user or group and the client may report the wrong owner or group.
See rfs(1) for description of side effects of unsynced systems at client's side.
Official recommendation for remotefs is to keep it away from untrusted networks. You normally setup rfsd to listen on a local network. If you absolutely need to use it over the Internet, you should at least firewall the connection with a specific IP-address.
Please consider this advice seriously.
BTW, rfsd will warn you about listening on an interface that is not local and will refuse to run until -q option is provided, or a local interface is specified.
Current SSL support uses certificates, but doesn't verify them. (Using certificates is an SSL requirement). For that reason it is currently vulnerable to the "Man-in-the-middle" attack (http://en.wikipedia.org/wiki/Man_in_the_middle).
We're only providing an encrypted session without any peer verification. Please keep it in mind when using built-in SSL.
If you're not satisfied with this, please consider other approaches like stunnel or ssl -L.
Please refer to examples in /etc/rfs-exports
Aleksey Tulinov: email@example.com
Jean-Jacques Sarton: firstname.lastname@example.org
GNU General Public License (GPL)