Managing shares and authentication for a small network

To: debian-user@lists.debian.org
Subject: Managing shares and authentication for a small network
From: Balazs Javor <bjavor@freemail.hu>
Date: Fri, 6 May 2005 12:54:42 +0200
Message-id: <[🔎] 20050506105442.GA8847@zhadum.bjavor.com>
Mail-followup-to: debian-user@lists.debian.org

Hi all,

I'd like to ask your opinion on the best approach for setting up file
sharing and user authentication for a small home network with a diverse
list of clients.

I have currently a Debian server providing various services including
samba, nfs, ftp etc. In addition I have a few desktops and notebooks 
running a mixture of Debian, XP and OS X. 
Recently I've decided to move my old server to a Mac Mini and thought 
that it would be the right time to rethink how the variuos services are 
layed out and maybe solve a few issues along the way...

So here's what I have:
- the Debian server
- my notebook running Debian as well
- my wife's desktop running XP
- an iBook running OS X

The server's main purpose is to host all our common files that should be
accessible to all client machines. All clients should be able to
create/modify/delete files on the common shares, security is not an issue 
here.
Currently I have a special samba user/group set up which owns all the
shared files and all shares are forced to use these. I also have sticky bits
set on the main folders.

However I have a few issues:
- The linux boxes on the network access the files over nfs so I always
  need to be very carefull to create the users on each box so that they have
  the same uid/gid as on the server
- Files created/downloaded/unpacked directly on the server will have the 
  right group ownership (samba) but not the user. (The sticky bit only
  works for groups.) Combined with the default umask, the files created
  this way might not be readable or at least not deletable from the Windows
  machines.
  I don't want to change the default umask for the entire filesystem...
- Similarly sometimes Windows executable installer files refuse to run 
  directly from the network shares.

I've started this whole investigation when during the installation of my new
server I've again reached the point where I had to synchronise the user ids.

My first thought was whether I could make this easier or completely unnecessary.
This lead me to NIS and then immediately to LDAP.

My second thought after reading up on it a bit was that it might be a bit of 
an overkill for my needs. More specifically I'm not sure how much good LDAP
will do me for the notebooks on which I need to be able to log in even if I'm
not at home and hence do not have access to the LDAP server. 
As far as I understand this means that the user still needs to be in the passwd
file, which raises the question of synchronising the uids/gids again. 
This time between the LDAP server and the local passwd/group files...

Another thing that I've been contemplating was whether or not I should just
completely forget about nfs for the common shares and just mount them through
smbfs... If I would remount them even on the server to a different mount point
and would make sure to only modify the files throught that path then this might
take care of the ownership/umask problems. Are there any problems with this?

Finally, though I've found a lot of material on the net regarding how to
configure and populate LDAP and how to set up PAM, NSS and samba to use it,
so far I didn't find anything regarding how to use it to mount home directories
from a server for instance...

I would greatly appreciate if you could share your thoughs/experiences with me
on which conceptual approach would be the best in this situation!

Many thanks for your help in advance!

Balazs

Reply to:

Prev by Date: kernel: attempt to access beyond end of device
Next by Date: Re: Best file system for Disk quotas and undelete
Previous by thread: Re: kernel: attempt to access beyond end of device
Next by thread: vesafb problem in debian
Index(es):
- Date
- Thread