Re: Filesharing on small LAN

• Previous message: Guido Heumann: "Re: Filesharing on small LAN"
• In reply to: Lars: "Filesharing on small LAN"
• Next in thread: Luis Fernando Llana Díaz: "Re: Filesharing on small LAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 28 Nov 2005 23:22:36 +0100
To: debian-user@lists.debian.org

On Mon, Nov 28, 2005 at 10:22:31PM +0100, Lars wrote:
> Hey
>
> I'm running a small LAN and is a bit lost in the question regarding a
> simple filesharing on a small LAN...
> NFS: I don't get it. If anyone plugs into the lan and have a
> root-account they are on the share.

No, actually the root user is normally mapped to the user nobody that
won't have any access on the remote share. If you read the manpage of
exports this concept is called "squashing", so the root account on the
remote machine is normally not the issue. The issue is rather that the
root user on the remote machine can become any other user (or actually
user id) that he wants and gain access to the files on the remote
share as that user. You control that by limiting who (what IPs) that
are allowed to mount your share. You therefore need to be able to
control who can gain access to what IP number on your network.

without knowing more about what kind of environment you are trying to
secure here it is hard to suggest a good solution. You mention "anyone
plugs in" which makes me believe that you are concerned about access
from people that have physical access to your equipment. If that is
the case, you will have serious trouble securing your network. But
then again, maybe your servers are kept in a secure location?

/Daniel

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Guido Heumann: "Re: Filesharing on small LAN"
• In reply to: Lars: "Filesharing on small LAN"
• Next in thread: Luis Fernando Llana Díaz: "Re: Filesharing on small LAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages PIX 501 VPN problem.. ... Once the remote machine is authenticated on the VPN do 'ipconfig /all' and note that I have another IP address: 192.168.4.1 from the 'Alien' pool on the PIX. ... From the remote machine attempt to map a drive on the LAN: ... fixup protocol dns maximum-length 512 ... vpdn group PPTP-VPDN-GROUP ppp authentication pap ... (comp.dcom.sys.cisco) Different machines and ASPX web application ... Why same version working fine on one machine has a permanent bug when I ... Win2000Pro on my second machine on LAN where it complains about settings, ... and Win2000 Advanced Server on the remote machine where it returns one bug. ... Web.Config file on my LAN machine because IE complains that some parameters ... (microsoft.public.dotnet.framework.aspnet) Re: OT : Discovering WAN IP address for Dynamic DNS updates and SkyBroadband ... OTTOMH I think the only way to do that would be to have your client machine log in to a remote machine which then records the IP ... You might be able to do it from a traceroute as well, but you'd still need to get that info out of your LAN so you can access it remotely ... Tyger Burning Bright ... Black with extra black bits ... (uk.rec.motorcycles) Re: [SLE] how to securely mount a remote filesystem via internet ... Heupink, Mourik Jan C. writes: ... > I want to be able to nightly synchronise files that are on our lan with a ... > remote machine that is on the other side of europe. ... (SuSE) Re: I lost all the code ... or call other forms or reports. ... in a secure location on the LAN with restricted access to it's location. ... (microsoft.public.access.formscoding)