Next Previous Contents

1. How to use Virtualfs (some examples)

After installing the appropriate glibc updates and Virtualfs itself you must run one command to make Virtualfs works. It is called virtualfs. Once you have done that, you can do various things. Virtualfs is a "personal" system: Each user may configure the various Virtualfs module without any superuser privileges. Here are some examples:

1.1 Quick examples

Once installed, defaults virtualfs configuration files are available in /etc/virtualfs. They allow you to do the following

        # Simple access to the floppy and cdrom
        # No mount/umount requires
        cd
        ls n/a:
        ls n/cdrom
        # Browsing printers and print queue
        ls n/printers
        ls n/printers/lp
        # Removing a job from the print queue of the "lp" printer
        rm n/printers/lp/60
        # browsing windows and samba servers
        # Getting the workgroup list
        ls n/browse
        # Getting the workgroup members
        ls n/browse/group
        # Getting the share published by a server
        ls n/browse/group/server
        # Accessing a share (A popup will require the password)
        ls n/browse/group/server/share
        

1.2 Cd ROM and floppy

To simplify access to CD and floppies (no mount and unmount needed anymore), you must run the remaudioserv (virtualfs-server package). It is the one responsible for doing the mount and unmount as needed. Just install the RPM and it will run.

Note that once virtualfs-server is running on a workstation, you can telnet to another host and enable Virtualfs there and you will have transparent access to the floppy and cd ROM on the workstation. This was done especially for X terminal users. You must also run the litefsd back-end on the workstation.

Once Virtualfs is enabled, here are some examples of the things you can do with it

        # Switch to your home directory
        cd
        # Put a CD in and view the content of the root directory (of the CD)
        cd n/cdrom
        ls -l
        # Remove the CD. You can remove it even if your current directory
        # is "inside" the CD.

        # Put another CD in and view its content
        ls -l
        
        # You can do the same thing with the floppy
        cd
        cd n/a:
        ls -l
        # No mount or umount necessary.
        

1.3 Network volumes (Smb/Windows and Novell)

You can access network volumes, on demand. No more smbmount or ncpmount. Further, each user may access the various servers using their own user account on those servers. Note that smbmount, smbmnt, smbumount, ncpmount and ncpumount must be set-uid for this to work.

Access to network volumes is done by the persmount Virtualfs driver. This drivers is configured using the .virtualfs/persmount.conf file in your home directory.

        # Create a file persmount.conf in the .virtualfs sub-directory
        # of your home and enter a line like
        # (where server is the name of an NT or Samba server)
        # (The line is folded in 3 in this document)
        # server .n/server      virtualfs-xsmb \
        #     --server server --share some_share \
        #     --mountdir .n/server
        # then you can do
        ls -l ~/n/server

        # and a pop-up will request the password. Then the listing
        # will show up.
        # You can add as many lines as needed in .persmount
        

1.4 Accessing file servers without file services

Here is a scenario. There is a server on the Internet. The only access you have on this server is ssh (Secure SHell). The only way you can copy files back and forth is by using ssh and scp (Secure CoPy). Not so fun. Unfortunately, for security reasons there is no file services you can use, not even ftp. Enter LiteFS.

Assuming the server is called remserv, create a file in your home called .virtualfs/litefs.conf. Enter the following line. This example assumes that you are primarily interested in maintaining the files in /home/httpd/html on the server.

        remserv .remserv litefs-ssh --host remserv --dir /home/httpd/html
        

Then you can do normal file operations in the sub-directory n/remserv of your home directory. The first time you will access a file in HOME/n/remserv, ssh will prompt you for a password unless you have appended your file .ssh/identity.pub to the file .ssh/authorized_keys on remserv account.

1.5 Extending Unix file privileges user ACLs (Access Control Lists)

Principles

The traditional Unix file privileges are somewhat limited. You can control 9 bits per file, grouped in 3 sets, one applying to the owner of the file (or directory), one applying to the group (a file belongs to a user and a group) and finally one set for all the other users. Each sets control the attribute "may read", "may write" and "may execute".

While this is enough for many situation, there are cases where one would like more control (more different privileges) and would like to assign those privileges to various people and groups, without much restriction.

One example

AclFS is one Virtualfs component delivering just that. By placing small ..acl files in critical areas of your linux file-system, you can control who do what (and ultimately when and how) there. Here is a sample ..acl that you can place at the top of your web hierarchy for example. On a Red-Hat system, this is /home/httpd/html.

        create-file-mode -,web,0444;
        mkdir-mode -,web,0555;
        list admin { jack, @prog }
        list writers { john, peter }
        file .htaccess {
                create-file-mode web,web,0440;
                context a {
                        grant { &admin }
                        rights ALL;
                }
        }
        file * {
                create-file-mode -,-,0660;
                mkdir-mode -,web,0555;
                context a {
                        grant ( &writers. &admin }
                        rights ALL;
                }
                context b {
                        grant { ALL}
                        rights read,readdir,stat;
        }
        

This simple file allows you to tell who can change what. This tells that only members of the list admin can view and modify the file .htaccess. All the other files (defined by the * wild-card) may be modified by the members of the writers list as well as the member of the admin list. Other users can see files (except .htaccess), view their size (stat) and browse directories.

Note that unless you place other ..acl files in the web sub-directories, this one will apply (inherited by sub-directories).

Configuring the aclfsd server

Access to files is managed by the /usr/sbin/aclfsd daemon. It must be start as root (generally), at boot time. You must configure the file /etc/aclfsd.conf. This file is trivial: It associates AclFS logical volumes to directories. It is a simple lookup table. Here is an example:

        html       /home/httpd/html
        anonftp         /home/ftp
        

This mapping hides the exact path of the directories you want to share. AclFS users simply access the resources in you HOME/n directory (like other Virtualfs logical volumes).

aclfsd is generally started without argument. Check out the man page to learn about the options.

Configuring your personal HOME/.aclfs file

Each user has an .aclfs file in his directory. This file maps a logical volume in the HOME/n directory to one AclFS volume (as known by the aclfsd server). This file is needed because other Virtualfs volume may conflict. Here is a sample .aclfs file:

        html    html
        ftp             anonftp
        

Changing one ..acl file while aclfsd is running

..acl files may be changed at any time, but the server is caching those file as long as it can. You must tell it that one file has changed. This is done by the following command

        /usr/sbin/aclfsd --reload directory_path
        

Using AclFS

Once you have the /etc/aclfsd.conf configured, dispatch one or more ..acl files here and there, have the aclfsd server running, and have configured your personal .aclfs file, you are all set.

You run the virtualfs command to enable Virtualfs and there you go. You access files in HOME/n/.... Have fun!

1.6 Using the sound card on a remote workstation

The remaudio Virtualfs driver (enabled by default by the virtualfs command) perform redirection/virtualization of the various sound devices (/dev/audio, /dev/mixer). Enable Virtualfs and use any unmodified sound utility and they will "play" on your workstation sound card.

You can play music CD also as the /dev/cdrom device is also redirected.

The /usr/sbin/remaudioserv program must be running on the workstation. (you must install virtualfs-server on the workstation).

1.7 Accessing the floppy and the cd-rom on an X terminal

You must install virtualfs on the X terminal. Those using the xterminal toolkit from http://www.solucorp.qc.ca/xterminals only have to install the virtualfs and virtualfs-server package like this:

        rpm --root /xterminals/root -i virtualfs-x.y-1.i386.rpm 
        rpm --root /xterminals/root -i virtualfs-server-x.y-1.i386.rpm
        

Using other linux base X terminal, just make sure that the following commands are executing:

        /usr/sbin/remaudioserv
        /usr/sbin/litefs-xterminal
        

Once done, you will be able to access floppies and cdroms simply by entering the n/a: and n/cdrom in your HOME directory.


Next Previous Contents