Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am currently setting up a "trial-environment" at home, attempting to set up a office-type network with obsolete equipment and Linux. This is producing a couple of grey hairs, but has proven to be a very educational experience.
My question is this:
To achieve full functionality in file sharing with maximum security, which protocol/option should I choose? I have tried some of the types that are standard, but have actually landed on ftp for now, since it is the easiest to configure and can be accessed from outside my smoothwall without configuring anything I havn't done before..
Is there any "perfect solution" out there?
My desire is to mount network shares at boot-time, this will give me plenty of ways to configure what I need. But this has to be done securely, and must be done on a user-level security basis.
how about using nfs (which can deny root access over network) and a nis server (was: sun Yellow pages YP),
the nis can "copy" your passwd file, so the uids are in sync and then you can access your network mounted /home/...
but please don't ask difficult problems, since I've just started experimenting with that.
google for "HOWTO nis", this will bring a lot of info...
Would just like to say that after two+ years of using different experimental solutions, I wound up using a combination of SSH, rsync and home made scripts to keep a single NFS repository up-to-date at each office location.
So far the process has been running smoothly, but to run this in a large environment, I would have to spend a lot of time on rights management to make sure no-one overwrites anything. As long as this is small enough to keep an eye on, all I need is the backups once in a while...
The main reason for doing this is security. This leaves nothing but SSH open, and I can use SSH to forward other ports to my current location if I choose.
Probably a bit late now, but did you try ShFS? From what I can tell, it would be able to do everything you wanted, especially with a well configured sshd.conf on the server. If you have tried it and it's not suitable, I'd be interested in knowing why not.
I tried shfs, but it does not build against newer kernels than 2.6.19...?
FreeNAS is a standalone OS, is it not? Looked interesting, but I imagine Webmin on my server would give me the same (and more) when it comes to secure sharing/sync and web-based configuration.
Anyway, the only thing I was going for was a as-secure-as-possible way to share and synchronize my files, for now I am sticking with ssh/rsync and my scripts, but if shfs gets an update (or the kernel, for all I know, I have no idea why it does not build against the newer kernels, but I assume there is a good reason), I will look into it again.
I have also made some shortcuts on my desktop which gives me quick and easy access to the files directly if I should need it, and can have more control over password management if I do it manually. I am using keychain on some machines, but many of them are too publicly available for this to be a solution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.