*nix Thread, cifs/smbfs Machine Account in Technical; I use this Automatic backup to a Windows share |*CensorNet which allows me to connect to a SAMBA share on ...
15th June 2012, 07:35 PM #16
I use this Automatic backup to a Windows share |*CensorNet which allows me to connect to a SAMBA share on boot.
in the fstab file.
//adserver/Public /mnt/win smbfs defaults,user,auto,username=joe,password=password123 0 0
The trouble is, you're not supposed to use smbfs and smbclient anymore, dunno why, but Ubuntu tells me off.
18th June 2012, 04:12 PM #17
@Geoff: Interesting.. messed around, created a Windows Server 2008 R2 NFS server and it looks like I can create an NFS share to allow only a specified host to connect. Then granting Everyone access in ntfs acl to grant access to unmapped unix users because I dont want to configure user mapping. Still not really using machine account as a means to authenticate but its close as im going to get to it i guess...?
18th June 2012, 04:36 PM #18
Yeah that'll do. Just watch out for issues with the permission and user/group ownership translation when writing files back to the NFS share.
19th June 2012, 09:19 AM #19
Right, I'll do a few tests and see how the permissions translate. BTW what are the security implications if i enable root access? It says Not Recommended in brackets. I know that when unmapped users access the nfs share it maps to Anonymous but if you enable root access, it maps root to Administrator. Can I assume that its only the nfs share that root has access to and nothing else i.e. there's no way for root to access any other part of of the computer or even the network as Administrator? Can I also assume that if the nfs share is on a DC then root will map to AD Administrator? so what are the issues with this?
19th June 2012, 09:56 AM #20
The default for NFS (at least on Linux) is for root to be mapped to guest. That way nothing bad happens when you mount an NFS share from a server you do not entirely trust or do not know where all its files came from. If you don't care about security then yes, allow root access.
19th June 2012, 10:50 AM #21
It seems that with Windows NFS, root gets mapped to Administrator and if you dont allow root access, then it does exactly that (stop root access). Sorry for all the questions, can I just clarify what would be the Security issue with enabling root? I assume its something to do with the fact that it gets mapped to Administrator but if it only has access to the nfs share only then I dont see how thats different from granting Everyone full permissions to the folder.
Originally Posted by Geoff
19th June 2012, 12:05 PM #22
Assume Bob and John both use the same NFS server for a shared project. Assume their client machines both mount the same NFS share with root access intacted. Now assume there is some script or program contained within this NFS share that needs root access to do its job. Bob alters this script/program and introduces an error that causes it to corrupt filesystem data. Bob doesn't test this change but John does. Bob just hosed Johns machine via NFS. The system administrator investigates and also runs the program without the protection of a chroot jail. Bob just broke the server too.
By FN-GM in forum Windows Server 2008 R2
Last Post: 5th March 2012, 03:41 PM
By bodminman in forum Windows
Last Post: 2nd November 2011, 08:28 PM
By KeithFermor in forum Bad Experiences
Last Post: 30th November 2007, 03:52 PM
By philjones2000 in forum *nix
Last Post: 21st August 2007, 02:11 PM
By mark in forum Wireless Networks
Last Post: 22nd August 2005, 04:52 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)