I want to start looking at turning up my new 24-bay file server and I plan to use NFS. In this process I also want to revamp how I manage file permissions and what not.
I finally got permissions kinda sorted out, basically from what I understand I need to mostly mirror the userid/group so that I can properly access files remotely without it screwing up permissions for new files I create.
Then it occurred to me... in a situation where the network is more public, what stops someone from turning up a Linux VM or plugging in a Linux system and just creating an account with same user id/group id? It seems the passwords are completely ignored with NFS. I know there is IP based security where I only allow certain hosts, but that's not really that high end when someone can just set their IP accordingly.
Am I missing something here? I know I can also use SMB, but that's for Windows, there has to be a Linux way of making this secure?
Also is there an easy way to manage ACLs? I want more granuarity with file security and the biggest thing I want is inheritance. Say user1:group1 owns a file structure, I want to be able to list a bunch of users that can access it, but I don't want the permissions to be changed based on who writes to it.
Right now my file system is just a mess because of all the work arounds I have to do due to the primitive nature of linux file permissions. I want to use ACLs to hopefully be able to be more granular but at same time from what I'm reading it looks very complicated to manage. Is there not a way to do it through a GUI like you would for NTFS?
I finally got permissions kinda sorted out, basically from what I understand I need to mostly mirror the userid/group so that I can properly access files remotely without it screwing up permissions for new files I create.
Then it occurred to me... in a situation where the network is more public, what stops someone from turning up a Linux VM or plugging in a Linux system and just creating an account with same user id/group id? It seems the passwords are completely ignored with NFS. I know there is IP based security where I only allow certain hosts, but that's not really that high end when someone can just set their IP accordingly.
Am I missing something here? I know I can also use SMB, but that's for Windows, there has to be a Linux way of making this secure?
Also is there an easy way to manage ACLs? I want more granuarity with file security and the biggest thing I want is inheritance. Say user1:group1 owns a file structure, I want to be able to list a bunch of users that can access it, but I don't want the permissions to be changed based on who writes to it.
Right now my file system is just a mess because of all the work arounds I have to do due to the primitive nature of linux file permissions. I want to use ACLs to hopefully be able to be more granular but at same time from what I'm reading it looks very complicated to manage. Is there not a way to do it through a GUI like you would for NTFS?
. IoW, no. ACLs are always a pain, and have nearly zero GUI support, because we can always find some way to not use them, after trying again to see if they're any better than they used to be.
Facebook
Twitter