= How to run a public/private key-based group file server with MacFUSE-based clients =
The ACLs are optional, but they guide default permissions for local and SSH (not SFTP) users.

== Advantages ==
 * Strong encryption
 * No passwords
 * Easy setup and administration
 * One port to open/forward for remote access
 * Integrates with Linux clients using FUSE, GNOME-VFS, or KIO Slaves
 * Works with Windows clients using standalone SFTP clients

== Disadvantages ==
 * No Windows Explorer integration
   * Workaround: Don't use Windows.
 * Encryption creates significant overhead
 * Doesn't report free space to client
   * Workaround: SSH to the server and run df

== Configuring the server ==
 1. `sudo apt-get install ssh acl`
 1. `cd /`
 1. `sudo mkdir export`
 1. `sudo chmod 755 export`

== Creating a user group ==
 1. `sudo groupadd [Group Name]`

== Adding a user to a group ==
 1. `sudo usermod -G [Group Name] -a [Username]`

== Configuring a share on the server ==
 1. Create/mount the directory to be shared. Ensure the mount supports ACLs.
 1. Have a group own the directory: `sudo chown :[Group Name] [Directory]`
 1. Give the group read/write access and force new items to be part of the directory's group: `sudo -R chmod 2770 [Directory]`
 1. Force all new files in the directory to be group writable: `sudo setfacl -d -m 'g:[Group Name]:rwx' [Directory]`
 1. `cd /export`
 1. `sudo ln -s [Directory] [Share Name]`

== Configuring a client and the corresponding server user ==
=== Client steps ===
 1. Install MacFUSE, SSHFS, and MacFusion.
 1. Generate public/private keys: `ssh-keygen -tdsa`
 1. Copy the output: `cat ~/.ssh/id_dsa.pub`
 1. Option A (current user only): Install and use TinkerTool to enable group writable permissions (Octal 002) by default. Ignore the warning; it only applies to restricting permissions further.
 1. Option B (current user only): Run in terminal: `defaults write -g NSUmask -int 2`
 1. Option C (all users): Run in terminal: `sudo defaults write /Library/Preferences/.GlobalPreferences NSUmask 2`
 1. Log out and log back in.

=== Server steps ===
 1. Create a user: `sudo useradd [Username on Server]`
 1. Create `/home/[Username on Server]/.ssh/authorized_keys` and paste the earlier copied output
 1. Ensure `.ssh` and authorized_keys have ownership `[Username on Server]:[Username on Server]`.
 1. Ensure `.ssh` has a chmod of 700 and authorized_keys has a chmod of 600.

== Adding a share on a configured client ==
Add shares as "Favorites" with the following properties:

 * Name: `[Anything]`
 * Server: `[Domain Name or IP Address for Server]`
 * Port: `22`
 * Server Path: `/export/[Share Name]`
 * Username: `[Username on Server]`
 * Authentication: Public Key
 * Extra Options (Advanced): `-oallow_other -oumask=7002 -odefer_permissions`

== Troubleshooting ==
=== If mount succeeds but no share appears in the Finder ===
Ensure the user belongs to the group that may use the share. See "Adding a user to a group."
----
CategoryNetworking