Thug - Secure Network File System
What is Thug?
Thug is a secure network file system for Linux. Thug strives for security,
stability and performance. Thug is distributed freely under the GNU public license.
Thug has the following characteristics:
- Statefull protocol. Unlike NFS, Thug maintains an open socket
with its clients throughout the session.
- Encryption. The login procedure can be encrypted using OpenSSL, protecting the user name and password.
- Password based authentication. Unlike NFS, Thug performs client's authentication
itself and exports directories on a per user basis.
- PAM based authentication. This allows flexibility in using user's databases.
- File transfer is completely kernel based. Unlike Samba, the server performs all
file operations inside the kernel to improve performance.
Resources
Download.
CVS
Mailing list.
Web based forum.
SourceForge summary.
Status
After more than two years of not maintaining this project I recently came back to it. I decided to start by porting Thug to Linux kernel 2.6 that has been released in the last year. I also decided to improve the installation by automating as much as possible. All the manual work that was part of the old releases is now gone. The first version that included support for the 2.6 kernel was 0.26. Version 0.27 added support for byte range locking. Older (pre 0.26) versions support only the 2.4 kernel but are no longer maintained. While not production ready, this version is a milestone that is already usable in several aspects.
It is provided for interested hackers in order to test it and start digging up
bugs. Right now basic file
system operations (open, read, write, etc) are working as well as password based
authentication and per user authorization.
News
25/3/2005 - Version 0.28 released (CVS tag: THUG_0_28)
- Most of the login procedure encryption code has been rewritten and is now fully functional.
- Install guide and man pages updated.
20/2/2005 - Version 0.27 released (CVS tag: THUG_0_27)
- Implemented range locking.
- Message reference counting.
- Added message cancellation.
- Roll over when reaching the end of the host array.
- Fixed semaphore problems when process exits.
- Fixed bug in symlink where response was written on the stack instead of user buffer.
- Fixed server threads shutdown sequence.
18/12/2004 - Version 0.26 released (CVS tag: THUG_0_26)
- Ported to the 2.6 kernel. The 2.6 kernel is the only kernel supported by this release.
- New perl based installation system. Installation has become much simpler using perl scripts that take care of the whole kernel module compilation process and installation of binaries. This should also, hopefully, makes it easier to install Thug on multiple distributions that don't necessarily use RPM.
4/5/2002 - Version 0.12 released.
- Display list of connected clients through /proc/thug/clients
- 'groups' specifier for permissions
- Allow client disconnect
- man page for 'exports.thug'
- Memory leak on failure to a allocate new inode
- Incorrect return code in read_super that could crash
- Overflow in error table
- Race condition between thugd unload and creating a new
- Make sure no section in the rules contains a empty 'users'
- Update of last client outside of critical section
22/2/2002 - Version 0.11 released. Mostly bug fixes:
- No accumulation of koyzer zombies.
- Fix to crash on mount when socket error.
- Correct kill of thugmount process on umount.
- Read write locking of the client's table (a must for SMP).
- Fix to mkdir race condition.
- Fix to koyzer crash on rule parsing errors.
- Major overhaul of error handling stuff.
22/1/2002 - Version 0.1 released. New in this release:
- Patching the kernel is no longer required. only module compilation.
- Login process is encrypted using OpenSSL.
- Server threads running in root jail for better security.
- Several major symlinks bugfixes.
- Configuration file directory can be specified on the commmand line.
16/12/2001 - Version 0.02 released. A lot of bug fixes and various changes
to the protocol and the design of the system.
22/10/2001 - Version 0.01 released.
Installing Thug
You will need the sources for the kernel under which you plan to use Thug. The released tarball contains both sources for the kernel modules that will be compiled by the installation script and binaries that were compiled on my Fedora Core 3 machine. Simply gunzip and untar the package from the files release page, cd into the directory that was created, and run thug_install.pl. Should you encounter symbol incompatibilities when running Koyzer (the Thug server) or Thugmount (the client mount program), you may need to grab the source tarball and compile them yourself. The files release page is located here.
Your feedback
Your feedback would be highly appreciated. I welcome comments, bug reports, suggestions and
of course - patches. Send your mail to mailing list.
You can also reach me here.
CVS
To get the latest sources from CVS do the following:
cvs -d:pserver:anonymous@cvs.thug.sourceforge.net:/cvsroot/thug login
cvs -z3 -d:pserver:anonymous@cvs.thug.sourceforge.net:/cvsroot/thug co thug
Requirements
Thug requires PAM on the server machine.
Etay Meiri
Email: etaym@users.sourceforge.net