Many users have asked to mount their Mathnet home directory or other files
on a personal computer not under Mathnet's administrative control, referred to
as a rogue machine
. Most commonly this would be a machine at home, or
at another institution, or a personal laptop at Mathnet.
Mathnet exports files within Mathnet from the home directory or other server using the NFSv3 (UNIX) or CIFS (Windows) protocols. It is outside of Mathnet's security rules to export on these protocols to rogue machines, particularly when the connection is over the global Internet, because they are notoriously easy to subvert. We can keep a lid on viruses and malware on machines that we manage, but if we offered NFS or CIFS service to the general hacking community then we could expect successful exploits against us within hours.
(NFSv4 is designed with much tighter security, and is being tested on a few workstations, but is not quite ready to be deployed at Mathnet.)
Therefore we have documented alternative ways for a user to access Mathnet files from a rogue machine.
We recommend the use of sshfs, which is based upon fuse. To do some of the steps shown, you will need to be root on the rogue machine, which is not a problem if it belongs to you, or you will need the cooperation of its sysop.
You will need the fuse, libfuse2 and sshfs packages. (Package names sometimes vary slightly in some distros, but these should be pretty uniform.) If they are not already installed on your rogue machine, you will need to obtain and install them, which will require root access. It is assumed that you know how to install packages on your particular distro. Although these packages are very useful and the major distros all supply them, if you do have to compile from source, the primary sites are:
There should be a README file installed with sshfs; on OpenSuSE 10.3 it is /usr/share/doc/packages/sshfs/README . The instructions below are essentially copied from that file.
Check if the kernel module for fuse is already loaded, like this:
lsmod | grep fuse #--or--
grep fuse /proc/modules
If nothing is printed, the module is absent and you will have to load it, executing as root. (This module is standardly provided in up-to-date distro kernels; you should not need to compile it from source.) Use this command:
modprobe -v fuse
(-v is optional.) If you use fuse frequently you will want to configure your system to always load it at boot time. At least in OpenSuSE 10.3, this configuration is done automatically when you install the fuse package.
Now executing as an ordinary user, choose (or create) a mount point directory on the rogue machine owned by yourself; let's call it ~/mtpt for the example. Suppose your home directory server is Cedar (replace with the actual home site). This command will mount your Mathnet home directory on ~/mtpt. Remember the colon after the hostname. Provide your Mathnet password when ssh asks for it (not needed if you have a key agent running).
sshfs cedar.math.ucla.edu: ~/mtpt
Your Mathnet home directory will appear on the mount point. Response will not be as fast as with a local connection at Mathnet, particularly if your directory has many files at top level, because all the information has to be transferred through your dialup or DSL connection, but it is useable. You can read, execute, edit, create or delete files and directories in the normal way. But applications that involve file locking, or extensive seeking as with a SQLite database, may not work too well.
You can mount any directory to which your Mathnet account has access. Put the relative or absolute path name of the directory (as seen at Mathnet, relative to your home directory) after the colon. (Licensed software such as Matlab will start up but will fail to contact the license manager, a fatal error.)
If your loginID on the rogue machine differs from your Mathnet loginID, or if you have ssh at Mathnet set up to allow logging in to a group account, prepend the Mathnet loginID to the hostname separated by @ like this:
sshfs mathuser@cedar.math.ucla.edu: ~/mtpt
To unmount the directory, change your shell's working directory somewhere else and do this:
fusermount -u ~/mtpt
To be worked out . . .
| UCLA Department of Mathematics | Search | Site Map | Home |