Ubuntu: Mounting remote filesystem using davfs2 (FUSE)

Sunday, 9th Sep 2007 at 19:26 (administration, ubuntu)
Tags: , ,

If you have access to some webdav server you might want to give your system access to those files as if they were local ones so you don’t have to use some interactive application every time you need access. FUSE is very useful for that very task, also because it for user space (you don’t have to be root to mount it). After this set up it’s meant to work for any application that works on that webdav directory files just the same as they would on the local (read: hard drive) file system. What needs to be done:

  1. Install davfs2 package (you might use Synaptic instead): 
    $ apt-cache search davfs2
davfs2 - mount a WebDAV resource as a regular file system
$sudo aptitude install davfs2
  2. reconfigure the package since it needs to run suid if normal users should be able to use it: 
    sudo dpkg-reconfigure davfs2

    davfs2 SUID dpgk-reconfigure

  3. After confirming to SUID davfs2 select a user group, e.g. “davfs2”:
    davfs2 group dpgk-reconfigure
    davfs2 infoscreen dpgk-reconfigure
  4. make a mount point, i.e. a directory where the “file system” is hung into (directory webdove in a subdir of your home): 
    mkdir ~/mnt/webdove
  5. to testmount use something like (use quotes to tell bash to keep it’s hands off it): 
    sudo mount.davfs 'http://domain.tld/path' /path/to/webdove

    You will be prompted for user and password

  6. To allow regular users access I could only find a way where one needs to touch /etc/fstab to add a line like this one: 
    http://domain.tld/davath /path/to/webdove   davfs   user,rw,noauto   0   0

    Now any user can do mount mount /path/to/webdove and umount /path/to/webdove

From the man page:

If a proxy must be used this should be configured in /home/filomena/.davfs2/davfs2.conf
proxy proxy.mycompany.com:8080

Credentials are stored in /home/filomena/.davfs2/secrets
proxy.mycompany.com filomena “my secret”
http://webdav.org/dav webdav-username password

Note: If your webdav server supports https, i.e. encrypted transfer you might use that as well. Just replace http with https above.

Even though this works and does enable the user to mount a webdave server by himself it doesn’t integrate very well into Ubuntu (as I understand it). For example the user can’t choose where to mount it. Also, there is a lot that needs to be set up correctly by the admin. I really would like to hear comments to point me to other, easier solutions (see below). A good example for user friendliness would be sshfs.

Update 2008/05/08: A nice and working description about mounting the (Germany-based) GMX-Mediacenter via secure webdav2 I have listed below. Hopefully some day I will find the time to summerize it here as it is written in German.

Resources:

11 Comments

Ubuntu: Mounting remote filesystem using sshfs (FUSE)

Thursday, 23rd Aug 2007 at 16:33 (administration, linux, ubuntu)
Tags: , , ,

Wouldn’t it be nice and handy to go to your local home directory and from there just cd into a remote one (say university stuff or via WLAN or other sometimes unsecured lines) as if it were local data? Of course there is NFS or GNOME’s network folders (that use ssh; Places -> Connect to Server…) and I guess there are heaps of other ways to do it. I chose the sshfs way because it’s

  • easy to set up
  • only needs client side (local) side preparations
  • can be set up and mounted entirely by a “normal user”
  • data line is encripted just as ssh is (because data does go via ssh)

So, what needs to be done? I’d just list the steps with only the necessary explanation. For further introduction see below.

  1. sudo aptitude install sshfs
  2. via lsmod | grep fuse see if the fuse module is there. Otherwise modprobe it (sudo modprobe fuse).
  3. see if you user name is listed in the fuse user group: grep fuse /etc/group. If not do sudo adduser yourusername fuse. You might need to logout and log back in in order for this change to take effekt.
  4. ls -la /dev/fuse should give you crw-rw---- 1 root fuse.... The ownership root:fuse is important. If not, do sudo chown root:fuse /dev/fuse
  5. Now create the mountpoint: mkdir ~/unihome
  6. Actually mount the remote fs (syntax is like the one from ssh or scp): sshfs remoteuser@remotehost:remotepath ~/unihome . If no ssh-key stuff is configured you’ll be asked your remote password

You now can cd ~/unihome or otherwise use the data there as if it was local. To unmount the remote data do fusermount -u mountpoint. Here it would be fusermount -u ~/unihome.

More comfort

To make your daily life easier you can add a file called config to your (local) home’s .ssh directory with the following lines (insert you personal data):

Host wsl01         Hostname remotemachine's-name-or-ipUser remoteuser

After that you can shorten the mount command to sshfs -oreconnect wsl01: ~/unihome to mount the entire home directory (see bottom for why -oreconnect). Of course this only works for ssh’s default to go straight into your home directory after login. From sshfsfaq:

Automatic mounting, if desired, can be added to a shell script such as .bashrc (provided authentication is done using RSA/DSA keys).

See Kevin van Zonneveld’s Blog for how to setup everything to automatically login using ssh (and thus sshfs) without beeing promted for a password. But beware not to give anyone access to your private key file (see Kevin’s note under “Pitfalls” at the bottom)! Even though the key is user and machine specific anyone that gathers access to your machine and your user can hop to the remote machine with your remote login as well. After done generating and installing the keys you need the mount command from above in your .bashrc file in your home directory. It will be unmounted on system shut down or logout.

Now, you’re done.

Update: Tweak timeout

I’ve experienced several disconnects when the connection has been idle for to long. So I digged into it. From man 5 ssh_config:

BatchMode
If set to “yes”, passphrase/password querying will be disabled. In addition, the ServerAliveInterval and SetupTimeOut options will both be set to 300 seconds by default. This option is useful in scripts and other batch jobs where no user is present to supply the password, and where it is desirable to detect a broken network swiftly. The argument must be “yes” or “no”. The default is “no”.

(…)

ServerAliveCountMax
Sets the number of server alive messages (see below) which may be sent without ssh receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If, for example, ServerAliveInterval (see below) is set to 15, and ServerAliveCountMax is left at the default, if the server becomes unresponsive ssh will disconnect after approximately 45 seconds. This option works when using protocol version 2 only; in protocol version 1 there is no mechanism to request a response from the server to the server alive messages, so disconnection is the responsibility of the TCP stack.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives is a Debian-specific compatibility alias for this option.

So, I added a line in my .ssh/config file saying BatchMode “yes”. This, per default, gives the line $((300 / 60)) = 5 minutes (bash simple math, use with echo on the command line) until the ssh connection is dropped.

Update 2: Automounting

Add a line like the following to your /etc/fstab file (open in graphical mode with gksudo gvim /etc/fstab):

# <file system>       <mount point>         <type>  <options>
sshfs#wsl01:         /mountpointpath            fuse    optionsset 0 0

Remember to adopt the bits written itelic, i.e. wsl01, the path to your mount point and the options. A typical option set could be comment=sshfs,users,noauto,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks. It’s a mixture of basic mount options and fuse and sshfs, respectively, specific options. The main ones are:

  • users: anyone can mount this filesystem
  • noauto: don’t mount automatically on system start up since network is not up, yet
  • uid=1000,gid=1000: since mount is not run with your uid/gid this is needed (find out the numbers with id command)

Now configure fuse by using /etc/fuse.conf (infos locally in less /usr/share/doc/fuse-utils/README.gz). Add user_allow_other to be able to use the fstab option allow_other.

I was writing this section in parallel while testing it myself. And I suddenly noticed it’s not what I was looking for (which was auto reconnect). More so this seams less secure than the original since with this any local user could mount it. The only advantage was to have icons on the gnome desktop (because it’s in the fstab) or if you wanted to auto mount on network up/down. See the original forum post for how to do that.

Automatic reconnect is easily done by using the -o reconnect option with sshfs: sshfs -oreconnect wsl01: ~/mountpoint.

References:

6 Comments

Ubuntu: Wine and PortableApps

Thursday, 2nd Aug 2007 at 10:19 (administration, linux)
Tags: , , , , ,

Since I have been using PortableApps (especially Thunderbird) for a while I figured I’d use wine to avoid configuring email accounts and all that hassle. All it was, after collecting some information (I should have found that page before even installing Ubuntu!), is this:

  1. Get the PortableApps somewhere writable (I made a new ntfs partition using fuse-utils and ntfsprogs) — I have enabled compression on my Windows XP NTFS partitions which no Linux NTFS driver is capable of at the moment.
  2. Mount the partition eg. via sudo ntfsmount /dev/hda2 /media/portablestuff -o uid=1000
  3. Install wine: sudo aptitude install wine
  4. Run any program via command line something like this: $wine /media/portablestuff/path/to/ThunderbirdPortable/ThunderbirdPortable.exe
  5. To unmount use sudo fusermount -u /media/portablestuff

5 Comments