[KLUG Members] Re: fs permissions with smb/nfs/ldap

Bryan J. Smith members@kalamazoolinux.org
Sat, 12 Jan 2002 17:53:11 -0500

Previous message: [KLUG Members] fs permissions with smb/nfs/ldap
Next message: [KLUG Members] Re: fs permissions with smb/nfs/ldap
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Goron wrote:
> I have a RH 7.2 server running OpenLdap/Samba/NFS. I can
> create a user in the lDAP dir and login into any workstation
> fine, all seems well. If I mount a smb file share on the
> workstation the file permissions are mounted as root even
> though I specified the user to mount it as??

There are various issues with mounting smb shares.  SMB is designed for
Windows clients.

- Security

If you mount as root, root owns it.  You must use the "uid/gid" and
other options to set permissions.  If you mount as a regular user, the
programs smbmnt/smbmount will probably need to have SUID set, which is a
security issue.

- Case sensitivity from Windows SMB servers

NT does a good job of preserving case, but 9x/ME often makes all
uppercase if the filename fits in 8.3.

- Codepage issues

This is my biggest issue.  Windows uses 2-byte Unicode, UNIX uses either
1-byte USASCII or 4-byte ISO charsets.  I find all kinds of programs
core-dump especting 1-byte or 4-bytes, but getting 2.

As such, for UNIX clients, use NFS.

> I can specify the uid/gid in the mount parameters but I still have file
> permission errors even though the correct user I mounted the file share
> under is shown.

Hmmmm, I'd have to see it in action.  I haven't tried integrating LDAP
into my NFS/Samba networks yet (I'm still using age-old NIS).

> If I mount a remote file system using NFS I gain file system rights but
> everything I modify/create gets assigned an owner of nfsnobody??

It all depends on how you NFS export.  There are various issues, but the
NFS HOWTO handles them quite nicely:
   http://nfs.sourceforge.net/nfs-howto/

Again, my LDAP ignorance can't help you there.

> Can someone lead me down the right path so all these things
> can live in harmony?? I think I'm missing something simple here.
> Also, what is the best method to mount remote filesystems when
> you login on a workstation including the user's home directory??
> automounter?? Login scripts??

Automounter (autofs), by far.  The idea is that you should only be
mounting shares when you need them.  The better idea is that you
shouldn't be breaking down shares on a per-user basis (like Windows,
which is not multi-user focused), but on a per-group/server/usage basis
(remember, UNIX *IS* multi-user focused).

In the most simplistic case, just sharing out /home is all you may need
to do!  There are hundreds of approaches, if I know more about your
network/usage, I might be able to suggest better.

> Thanks in advance...........

-- Bryan

-- 
Bryan J. Smith, Engineer          mailto:b.j.smith@ieee.org
AbsoluteValue Systems, Inc.       http://www.linux-wlan.org
SmithConcepts, Inc.            http://www.SmithConcepts.com

Previous message: [KLUG Members] fs permissions with smb/nfs/ldap
Next message: [KLUG Members] Re: fs permissions with smb/nfs/ldap
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]