+ Post New Thread
Results 1 to 6 of 6
*nix Thread, Directory/Structure/Permissions On Home NAS in Technical; HI. I need a bit more advice about the Directory/Structure/Permissions On Home NAS please. http://www.edugeek.net/forums/nix/97...nas-raid1.html The data is sent via ...
  1. #1
    tickmike's Avatar
    Join Date
    Jul 2006
    Location
    South Derbyshire. U.K.
    Posts
    369
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    18

    Directory/Structure/Permissions On Home NAS

    HI.
    I need a bit more advice about the Directory/Structure/Permissions On Home NAS please.
    Home NAS With Raid1
    The data is sent via Luckybackup (rsync) root ssh connection to /raid1/Users then once a day backed up to /radid1/second-backup (This is a just in-case the first backup gets corrupted by the user.)

    The back up data is me, my wife, my daughter.
    1...Because I'm using PCLinuxOS Minime (cut down) as a server do I have to have the above names added to the server like it was a desktop computer ?.

    2. Will all the UID / GID have to be the same on all the machines ?.

    3.. Can you give me an idea of the permissions for /raid1/Users/ and /radid1/second-backup/ (I only want r & w access to this and not users)

    4. Do you normally log on to a server under root ?.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    File permissions and ownership should be preserved. Your backup machine wont know what they are supposed to mean (you'll probably just see numeric uids,gids or they may map to another user/group on your backup machine). If you want to fix this you'll have to muck about with the passwd, shadow and group files and make sure all the relevant numeric ids match up between the machines. On larger site installations it's better to use NIS or LDAP though to keep it all synced up.

    If they own the files, they have access to them. You cannot prevent this, no matter where the files are stored (unless you disable their login on the backup server ofc). I would suggest you consider some offline backup and do some incremental snapshots of the data. That way you can roll back.

    I usually only have a root account on servers that do a single task. On more generic systems like my home Linux server I have a root account for doing sysadmin stuff with and then a personal account for doing more mundane things with.
    Last edited by Geoff; 23rd August 2012 at 01:55 PM.

  3. #3
    tickmike's Avatar
    Join Date
    Jul 2006
    Location
    South Derbyshire. U.K.
    Posts
    369
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    18
    Quote Originally Posted by Geoff View Post
    File permissions and ownership should be preserved. Your backup machine wont know what they are supposed to mean (you'll probably just see numeric uids,gids or they may map to another user/group on your backup machine). If you want to fix this you'll have to muck about with the passwd, shadow and group files and make sure all the relevant numeric ids match up between the machines. On larger site installations it's better to use NIS or LDAP though to keep it all synced up.

    If they own the files, they have access to them. You cannot prevent this, no matter where the files are stored (unless you disable their login on the backup server ofc). I would suggest you consider some offline backup and do some incremental snapshots of the data. That way you can roll back.

    I usually only have a root account on servers that do a single task. On more generic systems like my home Linux server I have a root account for doing sysadmin stuff with and then a personal account for doing more mundane things with.
    Hi Geoff, hope you are well long time no speak
    Thanks for the advice.

    Yes I have never set the uid/gid before and like you say the data on the server does not know who owns what.

    What about '/raid1/Users' should they be /raid1 root:root / Users root:root ?.

    And '/radid1/second-backup' /raid1 root:root /second-backup root:root ? and when the users accounts are put in they will keep there own id's ?.

    Does it mater that I own root on all our home machines (All Linux) with my password, But for my daughters laptop (PCLinuxOS) there is a different password so she can do root things ?
    Regards Michael.

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    It doesn't matter if root owns the top level directory. As long as the username/group to uid/guid mapping is correct on both systems then the passwords don't matter. This is why you mount removable media and /home noexec, nodev, nosuid!

  5. #5
    tickmike's Avatar
    Join Date
    Jul 2006
    Location
    South Derbyshire. U.K.
    Posts
    369
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    18
    Quote Originally Posted by Geoff View Post
    It doesn't matter if root owns the top level directory. As long as the username/group to uid/guid mapping is correct on both systems then the passwords don't matter. This is why you mount removable media and /home noexec, nodev, nosuid!
    re.. "This is why you mount removable media and /home noexec, nodev, nosuid" Do you mean this want to go in my 'fstab' ? If so which bit ?

    'fstab'
    # Entry for raid1 added 24.6.2012
    /dev/md0 /raid1 xfs noatime,rw 0 0
    # Entry for /dev/sda1 :
    UUID=09db2276-132f-4593-9e1c-e3da366b317a / reiserfs defaults 1 1
    # Entry for /dev/sda6 :
    UUID=9a88e253-64bc-4343-b360-c523f6085d56 /home reiserfs defaults 1 2
    none /proc proc defaults 0 0
    # Entry for /dev/sda5 :
    UUID=3e74b30c-2f7f-44b2-b133-163e83af8f2e swap swap defaults 0 0
    none /dev/pts devpts defaults 0 0

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    yeah the issue is, your daughter can make a suid binary that gives her root and transfers it over to her home on the nas. Without nosuid and noexec she can run it and get root on the nas. nodev stops users making device nodes, for example firmware devices or memory and storage. Much fun can be had with a hex editor!

  7. Thanks to Geoff from:

    tickmike (30th August 2012)



SHARE:
+ Post New Thread

Similar Threads

  1. Easiest way to set NTFS permissions on home drives?
    By ihaveaproblem in forum Windows Server 2008 R2
    Replies: 3
    Last Post: 21st July 2012, 12:09 AM
  2. mass setting owner on home directories
    By Oops_my_bad in forum Windows
    Replies: 5
    Last Post: 31st March 2010, 07:13 PM
  3. Access Home Directories through Moodle on WAMP
    By TheFopp in forum Virtual Learning Platforms
    Replies: 3
    Last Post: 19th November 2009, 07:28 PM
  4. Replies: 2
    Last Post: 6th October 2007, 10:46 AM
  5. Replies: 27
    Last Post: 25th January 2007, 04:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •