Node:sfs_config, Next:, Previous:SFS configuration, Up:SFS configuration



sfs_config--system-wide configuration parameters

The sfs_config file lets you set the following system-wide parameters:

sfsdir directory
The directory in which SFS stores its working files. The default is /var/sfs, unless you changed this with the --with-sfsdir option to configure.
sfsuser sfs-user [sfs-group]
As described in Building, SFS needs its own user and group to run. This configuration directive lets you set the user and group IDs SFS should use. By default, sfs-user is sfs and sfs-group is the same as sfs-user. The sfsuser directive lets you supply either a user and group name, or numeric IDs to change the default. Note: If you change sfs-group, you must make sure the the program /usr/local/lib/sfs/suidconnect is setgid to the new sfs-group.
anonuser {user | uid gid}
Specifies an unprivileged user id to be used for anonymous file access. If specified as user, the name user will be looked up in the password file, and the login group of that user used as the group id. Can alternatively be specified as a numeric uid and gid. The default is to use -1 for both the uid and gid, though the default sfs_config file specifies the user name nobody.
ResvGids low-gid high-gid
SFS lets users run multiple instances of the sfsagent program. However, it needs to modify processes' group lists so as to know which file system requests correspond to which agents. The ResvGids directive gives SFS a range of group IDs it can use to tag processes corresponding to a particular agent. (Typically, a range of 16 gids should be plenty.) Note that the range is inclusive--both low-gid and high-gid are considered reserved gids.

The setuid root program /usr/local/lib/sfs/newaid lets users take on any of these group IDs. Thus, make sure these groups are not used for anything else, or you will create a security hole. There is no default for ResvGids.

PubKeySize bits
Sets the default number of bits in a public key. The default value of bits is 1280.
PwdCost cost
Sets the computational cost of processing a user-chosen password. SFS uses passwords to encrypt users' private keys. Unfortunately, users tend to choose poor passwords. As computers get faster, guessing passwords gets easier. By increasing the cost parameter, you can maintain the cost of guessing passwords as hardware improves. cost is an exponential parameter. The default value is 7. You probably don't want anything larger than 10. The maximum value is 32--at which point password hashing will not terminate in any tractable amount of time and the sfskey command will be unusable.
LogPriority facility.level
Sets the syslog facility and level at which SFS should log activity. The default is daemon.notice.