Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Linux system and a Windows system on the same net connected to a TeraStation Pro. The Linux system runs a cron.daily task to perform daily and weekly backups of the Linux and Windows system. I had it all working, until....
PROBLEM 1
I was required to turn off the Guest account on the windows machine, which now broke my mount point to the Windows shared C drive. Apparently to share the C drive, Windows must also enable the Guest account. I tried adding credentials to the Linux mount point in the FSTAB files, while it appears to successfully mount the Windows drive, but when I attempt to perform a LS command it echos "Permission Denied"
QUESTION 1
How can I mount the Windows C drive with valid credentials even if Windows won't play nice and let me backup protected paths?
PROBLEM 2
As mentioned, I have a cron.daily task that performs daily differential, and weekly/monthly full backups. Unfortunately, it also backs up the password files, audit logs, etc. which using the FSTAB mount point allows even non-root accounts to gain access to password files, one of which are the plain text credentials files I have the FSTAB pointing to mount the Windows machine and the TeraStation.
QUESTION 2
How to I make the mount point to the TeraStation root permission only to prevent non-root user from accessing backup files?
Any tips, tricks, or links would be greatly appreciated.
Thanks,
Elvis
UPDATE: Added lines from my FSTAB
//192.168.0.50/share /home/sedwr/terastation smbfs auto,lfs,user,rw,sync,credentials=/etc/samba/ts.cred 0 0
//192.168.0.6/c /home/sedwr/windows smbfs auto,lfs,user,ro,credentials=/etc/samba/win.cred 0 0
Last edited by ElvisImprsntr; 08-30-2007 at 11:46 PM.
First a bit of theory. The mount point is a directory in the filesystem tree. Whether or not a partition is mounted to that mount point, the permissions on that directory control who may have access to it before and after the partition is mounted.
Therefore,
chown root:root /TereStation
sets user and group ownership to root.
chmod ug+rwx /TeraStation
sets read write execute permissions to user and group (root and root). In the case of a directory, execute permission means "allowed to cd into" that directory.
chmod o-rwx /TeraStation
removes read write execute permissions for all other users. They may not cd into that directory; they may not read files in that directory; and they may not write files to that directory.
Try this test. As root, create a directory, and put a simple text file in it. Run the commands as above for that directory. Then as normal user, try to cd into it, list the contents, read the file in it, or write to that directory. You shouldn't be able to do that except as root.
SOLUTION 2
Since I am auto-mounting during boot up, I think root actually perform the mounts. Thus, I think the mounts inherit the owner:group and permissions from root. I added a new BACKUPS share on the Terastation to eliminate commingling of user and backup files. I had to add the UID and GUI, which the permissions are inherited or assigned defaults, so I added FMASK and DMASK to remove permissions to prevent unauthorized users from even reading backup files that may contain passwords or audit logs. I also set NOUSER to eliminate the desktop icons to avoid the temptation of users to access the folders/files. I did this in addition to setting the mount point owner:group and permissions as you suggested. I am sure this is not optimal, but it seems to work for between the Linux systems and the Terastation.
I am still having trouble mounting the Windows C:/ drive. I have tried using user authentication, administration, re-enabling the Guest account, re-sharing the C drive, etc. Use the built in C$ vs. adding a new share name, etc. All I get is the following error message:
Is there some setting on the Windows side that needs to be configured in addition to the Linux side? The error in the Windows Event Viewer is: EventID: 529 NT User: AUTHORIRY\SYSTEM Reason: Unknown user name or bad password, both of which I have double checked. Any hints/tips/tricks would be greatly appreciated.
Last edited by ElvisImprsntr; 09-04-2007 at 03:23 PM.
I figured it out, but I thought I would post my solution to PROBLEM 1/QUESTION 1
SOLUTION 1
On the Windows XP machine, open Settings -> Control Panels -> Administrative Tools -> Local Security Policy.
Open Security Settings -> Local Policies -> Security Options. Change the Network access: Sharing and security model for local accounts = Classic - local users authenticate as themselves.
Doing so will re-enable the Guest account until you set up access permissions for the drives/folders one wants to share to authenticated users. Right Mouse Click on the drive/folder -> Properties -> Sharing -> Permissions. Then remove Everyone entry and add Users ({yourcomputername}\Users). Once sharing permissions are set up you can go back and disable the Guest account using what ever mechanism you're most familiar with.
Then using the automount command in my FSTAB posted above with an appropriate credentials file will mount the Windows share with restrictive permissions that will prevent the standard user from access password files and security logs from the Linux side and protect my cron.daily backups on the Terastation
Again, many thanks.
Last edited by ElvisImprsntr; 09-05-2007 at 07:05 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.