On Thursday 19 May 2005 09:43, George wrote: > In the Linux scheme of things, when a Linux server is presenting a portion > of its hard drive to a Windows world (Samba) where should the share go on > the Linux box? > > One thought would be: > > /windowsshare > > - or - > > /usr/share/windowsshare > > Are there security issues here or does it matter? > I currently have a /shares/ directory where I place all files that will be accessible outside my system. For example, I have: /shares/public_ftp /shares/music /shares/websites/xxxx I do this for backup reasons. There's nothing better than being able to do a tar -czvf /dev/st0 /shares to back it all up. (followed by the same command with /home instead. ) For security issues...you'll have to decide how you want to share. Do you want share level security? User level? User level will require you to maintain passwords on your system and samba as well. So, if somebody can access the samba share from windows, they'll also be able to ssh into your system. (I believe you can just nullify their home directory in /etc/passwd to prevent them from logging into the system though.) Samba requires a user account IDENTICAL to a user account on the system for it's authentication. I use share level security and make shares I don't want changed read only. For example, my ftp share is full access but my music share is read only. Also keep in mind that Linux permissions on the directory are in effect. So, if you have a directory that is 744, and you share it as full access in Samba with the group as the default account for the share, you'll still get errors that you can't write to the directory. That's because 744 is Owner: Full, Group: Read, Others: Read...group would need to be 6 (r+w), 764 on the directory. I just throw this out because just configuring Samba isn't the only thing you need to do when incorporating a Samba server. It's an extremely powerful server which has hundreds of options. Heck, even the man page is over 100 pages :) I hope this kinda helps to show you the complexity, and security considerations, of such a server. -- Sincerely, Jason Spatafore http://www.spatafore.net A+ Certified Service Professional --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss