Re: Where to Place a Samba Share for a Windows World?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jason Spatafore
Date:  
To: plug-discuss
Subject: Re: Where to Place a Samba Share for a Windows World?
On Thursday 19 May 2005 09:43, George wrote:
> In the Linux scheme of things, when a Linux server is presenting a portion
> of its hard drive to a Windows world (Samba) where should the share go on
> the Linux box?
>
> One thought would be:
>
> /windowsshare
>
> - or -
>
> /usr/share/windowsshare
>
> Are there security issues here or does it matter?
>


I currently have a /shares/ directory where I place all files that will be
accessible outside my system. For example, I have:

/shares/public_ftp
/shares/music
/shares/websites/xxxx

I do this for backup reasons. There's nothing better than being able to do a
tar -czvf /dev/st0 /shares to back it all up. (followed by the same command
with /home instead. )

For security issues...you'll have to decide how you want to share. Do you want
share level security? User level? User level will require you to maintain
passwords on your system and samba as well. So, if somebody can access the
samba share from windows, they'll also be able to ssh into your system. (I
believe you can just nullify their home directory in /etc/passwd to prevent
them from logging into the system though.) Samba requires a user account
IDENTICAL to a user account on the system for it's authentication.

I use share level security and make shares I don't want changed read only. For
example, my ftp share is full access but my music share is read only.

Also keep in mind that Linux permissions on the directory are in effect. So,
if you have a directory that is 744, and you share it as full access in Samba
with the group as the default account for the share, you'll still get errors
that you can't write to the directory. That's because 744 is Owner: Full,
Group: Read, Others: Read...group would need to be 6 (r+w), 764 on the
directory.

I just throw this out because just configuring Samba isn't the only thing you
need to do when incorporating a Samba server. It's an extremely powerful
server which has hundreds of options. Heck, even the man page is over 100
pages :) I hope this kinda helps to show you the complexity, and security
considerations, of such a server.

--
Sincerely,

Jason Spatafore
http://www.spatafore.net
A+ Certified Service Professional
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss