[KLUG Members] Re: fs permissions with smb/nfs/ldap
Chris Goron
members@kalamazoolinux.org
12 Jan 2002 18:41:15 -0500
On Sat, 2002-01-12 at 17:53, Bryan J. Smith wrote:
> Chris Goron wrote:
> > I have a RH 7.2 server running OpenLdap/Samba/NFS. I can
> > create a user in the lDAP dir and login into any workstation
> > fine, all seems well. If I mount a smb file share on the
> > workstation the file permissions are mounted as root even
> > though I specified the user to mount it as??
>
> There are various issues with mounting smb shares. SMB is designed for
> Windows clients.
>
> - Security
I take it you are suggesting nfs for my Linux clients?? SMB for my Win
clients?? My Samba server is configured as a PDC and works very well for
my Win clients. I have no problem with NFS for Linux clients.
>
> If you mount as root, root owns it. You must use the "uid/gid" and
> other options to set permissions. If you mount as a regular user, the
> programs smbmnt/smbmount will probably need to have SUID set, which is a
> security issue.
I'm using "mount -t smbfs -o" with the username/password of the fs
owner. It mounts as owner root unless I specify the uid/gid, but I still
have rights issues.
>
> - Case sensitivity from Windows SMB servers
>
> NT does a good job of preserving case, but 9x/ME often makes all
> uppercase if the filename fits in 8.3.
>
> - Codepage issues
>
> This is my biggest issue. Windows uses 2-byte Unicode, UNIX uses either
> 1-byte USASCII or 4-byte ISO charsets. I find all kinds of programs
> core-dump especting 1-byte or 4-bytes, but getting 2.
>
> As such, for UNIX clients, use NFS.
Ok. no problem there.
>
> > I can specify the uid/gid in the mount parameters but I still have file
> > permission errors even though the correct user I mounted the file share
> > under is shown.
>
> Hmmmm, I'd have to see it in action. I haven't tried integrating LDAP
> into my NFS/Samba networks yet (I'm still using age-old NIS).
Yup, I've used NIS and had no problems with this but I'm really keen on
using LDAP to manage my network.
>
> > If I mount a remote file system using NFS I gain file system rights but
> > everything I modify/create gets assigned an owner of nfsnobody??
>
> It all depends on how you NFS export. There are various issues, but the
> NFS HOWTO handles them quite nicely:
> http://nfs.sourceforge.net/nfs-howto/
I believe I'm specifying my NFS exports right. It sure seems like a LDAP
user issue here. I will check this site and go over my exports.
>
> Again, my LDAP ignorance can't help you there.
>
> > Can someone lead me down the right path so all these things
> > can live in harmony?? I think I'm missing something simple here.
> > Also, what is the best method to mount remote filesystems when
> > you login on a workstation including the user's home directory??
> > automounter?? Login scripts??
>
> Automounter (autofs), by far. The idea is that you should only be
> mounting shares when you need them. The better idea is that you
> shouldn't be breaking down shares on a per-user basis (like Windows,
> which is not multi-user focused), but on a per-group/server/usage basis
> (remember, UNIX *IS* multi-user focused).
But my mount points depend on which user is logging in?? Do I include
all possible mount points and if a user needs access afs takes care of
them if they have access rights?? Keep in mind I want my client
workstations to know nothing about the users logging in, it's all
handled by the server.
>
> In the most simplistic case, just sharing out /home is all you may need
> to do! There are hundreds of approaches, if I know more about your
> network/usage, I might be able to suggest better.
Yes, enlighten me. I currently have a package called pam_mount to mount
the users home dir but it only supports smb and netware. How do I mount
the users home dir with nfs lets say??
>
> > Thanks in advance...........
>
> -- Bryan
>
> --
> Bryan J. Smith, Engineer mailto:b.j.smith@ieee.org
> AbsoluteValue Systems, Inc. http://www.linux-wlan.org
> SmithConcepts, Inc. http://www.SmithConcepts.com
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>