Re: small linux file server

• Previous message: James Garvin: "Re: What Was Your Experience When You First Started Using Linux?"
• In reply to: Dave: "small linux file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 18 Feb 2005 19:22:35 +0000 (UTC)

Dave <davehowey@hotmail.co.uk> wrote:
: Hi,

: We have a spare PC and would like to set it up as a simple file server.
: It would only be used by a few people, so shouldn't be too heavily
: thrashed for files etc. I would like to install linux and need some tips
: on setting up a very basic file server:
: 1) which distro? (I've used mandrake, red hat a little) just something
: simple and non-flabby
: 2) how do I actually set the server up, on a predominantly windows-based
: network? any good websites with tips etc?

I suggest Debian woody. Very old and stable. You don't need a "modern"
distribution. Don't install X. As others suggested, you need samba for
file serving to windoze boxes. Also install the s/w for an NFS server.

www.debian.org has details on how to get it. The install is graphical
and quite straightforward. You will want a linux person to set it up -
pay a (trustworthy - no trojan horses:-)) student. Won't take long.

Others are crazy about security (with good reason). Given your
practical alternative, likely sharing files to the world over windoze,
which is a security disaster, a simple linux setup should suffice:

* Do not install any other services - especially do NOT install any
e-mail capabilities at all. Nor news, nor anything not needed just to
serve up your files. Disabling installed services is not enough - don't
even have the s/w on the box at all. Then it *can't* run.

* Do install iptables capabilities and use it to restrict all
incoming/outgoing packets to the IP addresses for your clients. No open
internet access allowed.

* Nail down the available incoming ports and disable those not needed
(eg port 25 (?) for SMTP, ie email). You'll have to consult more
capable persons that I on how to do this. Your /etc/services should be
minimal.

* ssh only for remote terminal or ftp access - no telnet etc allowed.
(ie install sshd but NOT telnetd).

In the install I believe you can pick/choose which packages to install.
If you don't absolutely need a service, don't install it.

And if we are paranoid: On install, keep the system partition
separated from variable data partitions. Once your system is set up as
you like it, you might mount the system partition read-only on boot.
This won't stop a determined hacker (who as root could just re-mount it
rw), but could offer some protection against software robots changing
bits. If you are feeling brave, clone your read-only system to a CDROM
and boot off that. While this won't procet your data, any system
problem can be fixed by rebooting off the CDROM. Downside is you'll
need to burn another CDROM if you change any system config; still, it
has its conveniences - really easy system recovery for one. You don't
need much software at all - it will likely fit onto one CD easily.

I find it hard to believe that even on a university campus this kind of
setup would be attractive to anyone, system-wise, as it can't really do
anything except serve up files. Of course your data is another thing
altogther, but once it's out there on the network anyway, not much you
can do about that. You might want to look into encryption if any of it
is sensitive.

Above advice worth the fee received :-) While other posters are going on
about security, practically speaking a minimal Linux box even
non-firewalled but with restricted capabilities along the above lines is
already so much more secure than anything else it's connecting too - and
so much less capable of being used for anything malicious - that IMO
it's "good enough".

Don Pettengill

• Previous message: James Garvin: "Re: What Was Your Experience When You First Started Using Linux?"
• In reply to: Dave: "small linux file server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]