Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th June 2007, 00:49
lightnb lightnb is offline
Junior Member
 
Join Date: Jun 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default LAMPS: Is it ok to run SMB on a Web Server?

I have two computers:
A) a Kubuntu Desktop machine that I do all of my work on
B) a Ubuntu Server that runs a LAMP stack and nothing else.

The server will be publicly accessible on the internet. Since the server is on the same LAN and is literally 15 feet away from my desktop machine, it seems absurd to FTP the files across the internet to get to a computer on the other side of the room.

I was thinking that it would make sense to share the web root of the server using SMB and then mount the share on my desktop computer, so that I could edit the files directly.

Is it a stupid idea to do this? Ie, Does that open up security vulnerabilities?

Are there better alternatives?

Thank you for your advise.
Reply With Quote
Sponsored Links
  #2  
Old 7th June 2007, 02:07
aqua aqua is offline
Member
 
Join Date: Mar 2006
Posts: 60
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Actually it is not absurd to use ftp to get your files from your server.

I am assuming that you have a router the connects both of your computers to the net. In that case, when you want to access your files, just type in your internal ip address of the server. This is probably in the form of 192.168.1.x. Use ifconfig on your server to find out your ip address.

I believe that some routers are also intelligent enough to figure out when a request is being made from within the network, and they treat it as local. This means that even if you access your server though a domain name, such as yourdomain.com, and you're on your home network, the router will figure this out, and connect you with your server directly, bypassing your service provider.

As for samba, you can configure it for authentication, and as long as you don't open up the samba port to the outside world, it can be relatively safe.

cheers
Reply With Quote
  #3  
Old 12th June 2007, 01:35
lightnb lightnb is offline
Junior Member
 
Join Date: Jun 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Aqua,

Right now only ports 80, 81, and 443 are open tot he outside. (I don't know if samba uses a port or not). The trick to getting it to work right seems to be making your samba user a member of the group that owns the web file(s).

As long as the last digit isn't a seven, the files are safe? Ie. "chmod xx5"
Reply With Quote
  #4  
Old 12th June 2007, 15:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

The values are as follows:
4 = read
2 = write
1 = execute

So 5 means "read + execute". 6 would mean "read + write", and 7 "read + write + execute".
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 13th June 2007, 03:40
lightnb lightnb is offline
Junior Member
 
Join Date: Jun 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I pretty much understand how permissions work on a single system basis, but I'm having difficulty understanding how they work across two machines.

If i go to \\192.168.3.19 (the servers IP) and login as 'smusr' with my password,

I can read and write without a problem, since 'smbusr' a user on the server is a member of the 'web1' group, and the files are set to 575.

This is where it get's weird: If I mount the share \\192.168.3.19\web at /web on my local machine, using 'smbusr' and the password, it mounts, but does so as read only. Even though that user does have write access as far as the server is concerned. It seems like my desktop computer is trying to add permissions on top of a network resource that already has permissions.
Reply With Quote
  #6  
Old 14th June 2007, 21:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Is smbusr the owner of the files/directories? Are the permissions set to 575 or 755?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 15th June 2007, 05:42
lightnb lightnb is offline
Junior Member
 
Join Date: Jun 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the folder /var/www/web1 (in question) is owned by 'web1_joanne' in the group web1.

'smbusr' is a member of the 'web1' group.

It works fine when I conect using samba ie.. 'smb:\\192.168.3.19\web' but when I mount the share to my local directory tree using fstab, i loose write permissions.

My fstab entry is:

Code:
//192.168.3.19/www /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP 0  0
*please note that words in capitals are replacements for their actual value.
Reply With Quote
  #8  
Old 16th June 2007, 14:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

You could try to add rw to the fstab entry, e.g.:

Code:
//192.168.3.19/www /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP,rw 0  0
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 17th June 2007, 12:56
lightnb lightnb is offline
Junior Member
 
Join Date: Jun 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Still won't allow write access... When I mount it to /web and look at the permissions tab in properties, it says the owned is '10001' group '10001'.

Is that user/group 10001 on the server or on my local machine? My local machine doesn't have a user or system process with that number.
Reply With Quote
  #10  
Old 18th June 2007, 12:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
 
Default

Quote:
Originally Posted by lightnb
My local machine doesn't have a user or system process with that number.
I guess that is the problem. Create the same user/group on the local system with the uid/gid 10001.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Forwarding Incoming Requests to Other Internal Machines (not the web server) jkrell Installation/Configuration 16 28th October 2006 00:46
Web server and Mail server on 2 ispconfig adrenalinic Installation/Configuration 1 3rd September 2006 18:55
Ubuntu 6.06 as a Web Server on a Windows Network timbo Installation/Configuration 1 4th August 2006 13:43
newbie setting up web server needs help rayman HOWTO-Related Questions 5 21st May 2006 22:10
web server test nenad Installation/Configuration 0 30th March 2006 01:50


All times are GMT +2. The time now is 18:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.