# Sharing login information & home folder from router

## etops

Hi,

I have wndr37av router and I am planning to flash it with dd-wrt, connect a usb hdd and share an ext3 partition.

What I want to do is, logging in every linux based device in my home network with same username/password and getting same home folder using this shared ext3 partition.

After succeeding this, next move is going to be sharing /usr/portage and /usr/portage/distfiles for syncing and downloading tarbals once for all computers.

What are your recommendations about this project? pros cons? dos don'ts? Or what would you do if you had same hardware?

And if you approve these, can you point me directions to achieve the first part? Guides to configure computers for shared login information, logging in to a same home folder? Can I have multi-sessions? What shall I use? (ldap? etc?) I am a 5-year gentoo user but never dove into that kind of stuff. I don't want to mess my current setup or accidentally expose a security risk by doing this setup inexperienced without a good tutorial.

Thanks in advance....

----------

## BradN

Pros:

Roaming profiles without a dedicated server (besides your router)

Reliable filesystem management in the case of machines crashing (as long as your router doesn't).

Cool factor.  I mean, literally, the router+hard drive is probably close to 20 watts.

Cons:

It will be noticeably slower.  20MB/s max, assuming you've got gigabit ethernet on everything, otherwise 8-10MB/s max.  Plus network latency.  Plus usb latency on a slower CPU.  Plus filesystem driver overhead on a slower CPU.

You might be able to overcome the slowness with a caching network filesystem, but I have never experimented with those so I can't say what other issues that might introduce.

If you screw up your router, you'll have problems on all your machines.

NFS has some weird issues with file locking at times.  I used to run my main machine network booted from another that had all the storage in it.  Stopped doing that when they changed something that horribly broke lots of stuff, related to file locking (maybe it's better now).

Security problems should be local only as long as you are using good wireless encryption (meaning AES(CCMP?) on WPA2).  TKIP is cracked.  WEP has been cracked for several years.

Make sure your nfs server is only listening on the local interface or firewalled off with iptables (you don't want it accessible from the internet!)

If you allow other users (especially remote users) on your system, you've probably got worse security problems to worry about already.

It's an interesting idea though, if you try it, be sure to report back how it went, especially what steps you had to do to flash the router.  I may be interested in a similar setup as a network fileserver (not for home profiles though) for my dad's computer repair business.

----------

## cach0rr0

I'd be more interested in something like this - http://www.gentoo.org/doc/en/diskless-howto.xml

I just don't see the router as having the horsepower or storage to really pull this off. Something like this running OpenBSD or maybe m0n0, but the consumer-grade routers not so much. 

I mean hell it's a neat idea, I'm just not convinced you'll be happy with the performance.

----------

## BradN

Storage might not be a big problem, you can get some pretty huge USB drives, but the CPU power and USB/ethernet throughput would be a terrible limitation.  Now, if you had 2 independent USB ports, you could RAID 2 drives for 40MB/s, assuming the CPU can keep up with all that.

At least for my application it wouldn't be a big deal since backing up a machine through its ethernet would be limited by the ethernet to start with in most cases, and if it takes 2 hours, work on something else in the meantime.  But I would be a little worried about performance in the case where all your thumbnails, internet caching, and things like that are being given extra latency.

Then again, when I ran my main machine diskless (early athlon 64), it was running over a plain 100mbit to a pentium II disk server/network gateway, and performance was tolerable for what I used.

----------

## etops

Thanks for the quick replies,

Cons seem to be more than Pros. There are 4 active computers that I was thinking to adapt to this project. But if the setting up and securing is not going worth for this kind of small network, I can live with different local logins with automounted network filesystem that is not home partition.

 *BradN wrote:*   

> Pros:
> 
> If you screw up your router, you'll have problems on all your machines.
> 
> NFS has some weird issues with file locking at times.  I used to run my main machine network booted from another that had all the storage in it.  Stopped doing that when they changed something that horribly broke lots of stuff, related to file locking (maybe it's better now).
> ...

 

Yeah, as you say that can prevent multi-logins so it can be dealbreaker for me.

 *BradN wrote:*   

> Security problems should be local only as long as you are using good wireless encryption (meaning AES(CCMP?) on WPA2).  TKIP is cracked.  WEP has been cracked for several years.
> 
> Make sure your nfs server is only listening on the local interface or firewalled off with iptables (you don't want it accessible from the internet!)
> 
> 

 

You are right, but I have no expreience with nfs so far, I can try a few configuration combinations etc..

 *BradN wrote:*   

> If you allow other users (especially remote users) on your system, you've probably got worse security problems to worry about already.
> 
> 

 

I think it is going to be me only, (maybe also my wife).

 *BradN wrote:*   

> It's an interesting idea though, if you try it, be sure to report back how it went, especially what steps you had to do to flash the router.  I may be interested in a similar setup as a network fileserver (not for home profiles though) for my dad's computer repair business.
> 
> 

 

Thanks, as long as router runs linux and has a stoge, I thought why not. But we will see if it is going to worth the trouble. By the way, I am away from home, I will not be able to try this for at least one month, I am researching, collecting information (thanks to all of you). But if you are interested here is the links:

For my routers flashing steps: (if you go to homepage there is a list of compatible routers):

http://www.dd-wrt.com/wiki/index.php/Netgear_WNDR3700

and for usb storage:

http://www.dd-wrt.com/wiki/index.php/USB_storage

and as an additional information, a bittorent daemon that I think I may install at the end:

http://www.dd-wrt.com/wiki/index.php/Transmission_daemon

 *cach0rr0 wrote:*   

> I'd be more interested in something like this - http://www.gentoo.org/doc/en/diskless-howto.xml
> 
> 

 

Diskless node is good, but I have enough disk space and cpu power an each pc, I just want sync'ed home partitions to work seamly among computers, for system, they will have gentoo, so I think I don't need that? Or what is the performance of this?

 *cach0rr0 wrote:*   

> I just don't see the router as having the horsepower or storage to really pull this off. Something like this running OpenBSD or maybe m0n0, but the consumer-grade routers not so much. 
> 
> I mean hell it's a neat idea, I'm just not convinced you'll be happy with the performance.
> 
> 

 

I was considering SheevaPlug kind of computer to pull this of but when I read about dd-wrt, and specifications of my router, I think it can be done without these alternatives.

```

NETGEAR WNDR3700 Router Specifications

CPU: AR7161 680 MHz

RAM: 64 MB

Flash: 8 MB

Switch: Realtek RTL8366SR

Radio (2.4 GHz): AR9223

Radio (5 GHz): AR9220

Antenna Type: Internal

# Of Antennas: 8

Antenna Gain (2.4 GHz): 2.8dBi

Antenna Gain (5 GHz): 3.9dBi

Max TX Power (2.4 GHz): 22dBm w/HT40, 26dBm w/HT20, 27dBm w/HT20 + G-Only

Max TX Power (5 GHz): 24dBm

Antenna Chains (TX/RX): 1+2/1+2

```

----------

## BradN

I don't think any possible locking issues will prevent multiple logins (when I ran into that issue years back, it flat out prevented things from working _at all_) - BUT there are other problems with using the same user account on multiple systems (or perhaps only multiple displays within the same system, I'm not totally sure).  At my other job I administer a two computer network where one is the main machine and the other is a crappy pentium II LTSP X server (plus sound & fuse based local storage for USB/floppy/cdrom).  Everything works great for the most part (video like youtube over 100 megabit is pretty choppy though).

But, there is one problem - certain programs (openoffice, kmail, firefox) will refuse to run on both machines with the same user at the same time, because they try flagging the existing program into opening a new window, and it either shows up on the wrong machine or not at all.  Since kmail is the most common offender, I made a script icon that can be clicked to close kmail on the other machine, and then it can be opened fine.

All of these headaches are much less of a combined headache than trying to copy data back and forth as needed.  Everything's in the exact same place on both terminals - the way it should be  :Smile:   Also, to reiterate, these problems are on a different setup where the same machine is running programs for both terminals (one local).

I wouldn't worry a lot about security in a setup like this.  Just make sure your router config/ssh/nfs can't be accessed from the outside, and has a good password for the administration (keep rogue flash content from reprogramming your router) and then your next biggest security concern will be having a good lock on the door (this is harder than it sounds, with the advent of bump keys...)

Say what you will about security through obscurity, but if nobody knows you're running NFS on your router, nobody will break into your house or conduct an elaborate social engineering stunt to attack it.  They'd probably sooner just steal it  :Wink: 

----------

## etops

 *BradN wrote:*   

> I don't think any possible locking issues will prevent multiple logins (when I ran into that issue years back, it flat out prevented things from working _at all_) - BUT there are other problems with using the same user account on multiple systems (or perhaps only multiple displays within the same system, I'm not totally sure).  At my other job I administer a two computer network where one is the main machine and the other is a crappy pentium II LTSP X server (plus sound & fuse based local storage for USB/floppy/cdrom).  Everything works great for the most part (video like youtube over 100 megabit is pretty choppy though).
> 
> But, there is one problem - certain programs (openoffice, kmail, firefox) will refuse to run on both machines with the same user at the same time, because they try flagging the existing program into opening a new window, and it either shows up on the wrong machine or not at all.  Since kmail is the most common offender, I made a script icon that can be clicked to close kmail on the other machine, and then it can be opened fine.

 

Actually I was aware of this, and I thought that I would close these pid-file-checker programs when I need a switch.

 *BradN wrote:*   

> All of these headaches are much less of a combined headache than trying to copy data back and forth as needed.  Everything's in the exact same place on both terminals - the way it should be   Also, to reiterate, these problems are on a different setup where the same machine is running programs for both terminals (one local).

 

yeah this comes to having a powerful server and sharing its cpu power over network. just running X on clients or your recommendations about diskless nodes. I remember some mod or something like that enables you attach detach X sessions like screen in console? right? or was I dreaming?

 *BradN wrote:*   

> 
> 
> I wouldn't worry a lot about security in a setup like this.  Just make sure your router config/ssh/nfs can't be accessed from the outside, and has a good password for the administration (keep rogue flash content from reprogramming your router) and then your next biggest security concern will be having a good lock on the door (this is harder than it sounds, with the advent of bump keys...)
> 
> Say what you will about security through obscurity, but if nobody knows you're running NFS on your router, nobody will break into your house or conduct an elaborate social engineering stunt to attack it.  They'd probably sooner just steal it 

 

if I login through ssh and forward X to clients, there will be nothing to share over NFS, because I would be remotely working local.

So sharing an ext3, or continuously running linux couldn't help me in my situation? maybe that bittorrent thing is all I can take benefit. Also I can share more non-local-process-critical-data like multimedia files, portage, distfiles or git server etc. I can use distcc in my all machines, which is not directly related to this subject.

If you have something in mind to use in a setup like this, please share...

thanks in advance...

----------

