LAMPS: Is it ok to run SMB on a Web Server?

[lightnb]

I have two computers:
A) a Kubuntu Desktop machine that I do all of my work on
B) a Ubuntu Server that runs a LAMP stack and nothing else.

The server will be publicly accessible on the internet. Since the server is on the same LAN and is literally 15 feet away from my desktop machine, it seems absurd to FTP the files across the internet to get to a computer on the other side of the room.

I was thinking that it would make sense to share the web root of the server using SMB and then mount the share on my desktop computer, so that I could edit the files directly.

Is it a stupid idea to do this? Ie, Does that open up security vulnerabilities?

Are there better alternatives?

Thank you for your advise.

[aqua]

Actually it is not absurd to use ftp to get your files from your server.

I am assuming that you have a router the connects both of your computers to the net. In that case, when you want to access your files, just type in your internal ip address of the server. This is probably in the form of 192.168.1.x. Use ifconfig on your server to find out your ip address.

I believe that some routers are also intelligent enough to figure out when a request is being made from within the network, and they treat it as local. This means that even if you access your server though a domain name, such as yourdomain.com, and you're on your home network, the router will figure this out, and connect you with your server directly, bypassing your service provider.

As for samba, you can configure it for authentication, and as long as you don't open up the samba port to the outside world, it can be relatively safe.

cheers

[lightnb]

Thanks Aqua,

Right now only ports 80, 81, and 443 are open tot he outside. (I don't know if samba uses a port or not). The trick to getting it to work right seems to be making your samba user a member of the group that owns the web file(s).

As long as the last digit isn't a seven, the files are safe? Ie. "chmod xx5"

[falko]

The values are as follows:
4 = read
2 = write
1 = execute

So 5 means "read + execute". 6 would mean "read + write", and 7 "read + write + execute".

[lightnb]

I pretty much understand how permissions work on a single system basis, but I'm having difficulty understanding how they work across two machines.

If i go to \\192.168.3.19 (the servers IP) and login as 'smusr' with my password,

I can read and write without a problem, since 'smbusr' a user on the server is a member of the 'web1' group, and the files are set to 575.

This is where it get's weird: If I mount the share \\192.168.3.19\web at /web on my local machine, using 'smbusr' and the password, it mounts, but does so as read only. Even though that user does have write access as far as the server is concerned. It seems like my desktop computer is trying to add permissions on top of a network resource that already has permissions.

[falko]

Is smbusr the owner of the files/directories? Are the permissions set to 575 or 755?

[lightnb]

the folder /var/www/web1 (in question) is owned by 'web1_joanne' in the group web1.

'smbusr' is a member of the 'web1' group.

It works fine when I conect using samba ie.. 'smb:\\192.168.3.19\web' but when I mount the share to my local directory tree using fstab, i loose write permissions.

My fstab entry is:

Code:

//192.168.3.19/www /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP 0  0

*please note that words in capitals are replacements for their actual value.

[falko]

You could try to add rw to the fstab entry, e.g.:

Code:

//192.168.3.19/www /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP,rw 0  0

[lightnb]

Still won't allow write access... When I mount it to /web and look at the permissions tab in properties, it says the owned is '10001' group '10001'.

Is that user/group 10001 on the server or on my local machine? My local machine doesn't have a user or system process with that number.

[falko]

Quote:

Originally Posted by lightnb

My local machine doesn't have a user or system process with that number.

I guess that is the problem. Create the same user/group on the local system with the uid/gid 10001.