+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
*nix Thread, cifs/smbfs Machine Account in Technical; I use this Automatic backup to a Windows share |*CensorNet which allows me to connect to a SAMBA share on ...
  1. #16
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    I use this Automatic backup to a Windows share |*CensorNet which allows me to connect to a SAMBA share on boot.

    Basically:
    Code:
    //adserver/Public /mnt/win smbfs defaults,user,auto,username=joe,password=password123 0 0
    in the fstab file.

    The trouble is, you're not supposed to use smbfs and smbclient anymore, dunno why, but Ubuntu tells me off.

  2. #17
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    @Geoff: Interesting.. messed around, created a Windows Server 2008 R2 NFS server and it looks like I can create an NFS share to allow only a specified host to connect. Then granting Everyone access in ntfs acl to grant access to unmapped unix users because I dont want to configure user mapping. Still not really using machine account as a means to authenticate but its close as im going to get to it i guess...?

  3. #18

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Yeah that'll do. Just watch out for issues with the permission and user/group ownership translation when writing files back to the NFS share.

  4. #19
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    Right, I'll do a few tests and see how the permissions translate. BTW what are the security implications if i enable root access? It says Not Recommended in brackets. I know that when unmapped users access the nfs share it maps to Anonymous but if you enable root access, it maps root to Administrator. Can I assume that its only the nfs share that root has access to and nothing else i.e. there's no way for root to access any other part of of the computer or even the network as Administrator? Can I also assume that if the nfs share is on a DC then root will map to AD Administrator? so what are the issues with this?

  5. #20

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    The default for NFS (at least on Linux) is for root to be mapped to guest. That way nothing bad happens when you mount an NFS share from a server you do not entirely trust or do not know where all its files came from. If you don't care about security then yes, allow root access.

  6. #21
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    Quote Originally Posted by Geoff View Post
    The default for NFS (at least on Linux) is for root to be mapped to guest. That way nothing bad happens when you mount an NFS share from a server you do not entirely trust or do not know where all its files came from. If you don't care about security then yes, allow root access.
    It seems that with Windows NFS, root gets mapped to Administrator and if you dont allow root access, then it does exactly that (stop root access). Sorry for all the questions, can I just clarify what would be the Security issue with enabling root? I assume its something to do with the fact that it gets mapped to Administrator but if it only has access to the nfs share only then I dont see how thats different from granting Everyone full permissions to the folder.

  7. #22

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Assume Bob and John both use the same NFS server for a shared project. Assume their client machines both mount the same NFS share with root access intacted. Now assume there is some script or program contained within this NFS share that needs root access to do its job. Bob alters this script/program and introduces an error that causes it to corrupt filesystem data. Bob doesn't test this change but John does. Bob just hosed Johns machine via NFS. The system administrator investigates and also runs the program without the protection of a chroot jail. Bob just broke the server too.

  8. Thanks to Geoff from:

    apeo (21st June 2012)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 4
    Last Post: 5th March 2012, 02:41 PM
  2. Replies: 4
    Last Post: 2nd November 2011, 07:28 PM
  3. Research Machines
    By KeithFermor in forum Bad Experiences
    Replies: 46
    Last Post: 30th November 2007, 02:52 PM
  4. Replies: 7
    Last Post: 21st August 2007, 01:11 PM
  5. Problem accessing machines from a sub-domain
    By mark in forum Wireless Networks
    Replies: 13
    Last Post: 22nd August 2005, 03:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •