Simplest way to allow one linux machine write permissions to another linux box
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Simplest way to allow one linux machine write permissions to another linux box
I have two linux machines, and I need one machine to have write permissions to one folder on the other box. This will be people using a PHP script to upload images, but when I move the files I want it to move them over to the other machine.
My understanding is I can create a user with permissions on that folder, then when I do the move have it move them as that user.
If these two computers are on the same LAN, and the LAN is secure, then the simplest method is to use nfs. Nfs is not really secure, but it's easy and provides very good performance.
In order to share files with nfs, you need to install an nfs server and modify the file /etc/exports. The exact method of installing an nfs server depends on the linux distribution involved.
He says nfs is not really secure because nfs does not encrypt your passwords. This would be a huge problem if you were going to use it between two machines over the internet without tunneling of some kind. However if both PC's are in a trusted private LAN you really should be fine with nfs. I use nfs all the time on my own LAN and it's great. You just have to remember that with nfs it will not encrypt your passwords so only use it in trusted LAN’s.
Umm...while it's technically true that nfs does not encrypt your passwords the reason is because nfs doesn't bother sending any passwords in the first place! Nfs security simply assumes that the other computer has already verified the user is legitimate. No passwords are ever exchanged with nfs. The server simply receives requests along with UID and GID numbers and the server just trusts the client computer has already checked passwords and such.
The passwords on the two different computers don't have to match. The usernames or groupnames on the different computers don't need to match either. For example, if user 1000 on the server is "kirk" and user 1000 on the client is "spock", then as far as the client computer can tell all of the files are owned by "spock". Conversely, file access requests from "spock" are seen by the server as if they were from "kirk". Neither computer ever sends any user names or passwords to the other over the network. They're entirely unaware that neither the user names nor the passwords match. All that's passed between them are uid and gid numbers.
What this means on an unsecure LAN is that any bad guy can connect his own computer with whatever user names and passwords he wants, and he can access nfs shared files pretending to be any user--even root.
You can do some things to mitigate the risk. The default "root_squash" option removes special root privileges, which puts a small speedbump into a bad guy's efforts. You can define nfs shares to only be accessable by particular IP addresses, but on an unsecure LAN a bad guy's can set his computer to pretend to be any IP address.
So basically, I would set up a NFS server on the machine I want to move them to. Would the upload page itself be able to move them over, or would that have to be a manual move?
You have many options. One option is to directly mount the nfs share in the web server's upload directory. Then you don't actually need to "move" any files. But if you'd rather use PHP scripting to first upload it to a directory on the web server and then move the file over, you can do it that way also.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.