Re: Help me replace some Windows installations

From: P.T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: 09/13/04 

Date: Mon, 13 Sep 2004 03:51:57 GMT

ZnU <znu@acedsl.com> wrote:
> In article <3v3f12-j7p.ln1@triangulo.it.uc3m.es>,
> ptb@oboe.it.uc3m.es (P.T. Breuer) wrote:
>
> > ZnU <znu@acedsl.com> wrote:
> > > I thought SMB permissions were based on who mounted the share? How could
> >
> > Correct - i.e. access is per user, not per machine (as in NFS).
> >
> > > I then mount the share with a system-wide process but still arrange for
> >
> > You tell the "system-wide process" which user and password to use. Or
> > you tell the other end to accept anyone. Etc.
>
> But that process only runs once at startup, and I'd need to use

Then you'd better make up your mind early!

> different login information for each user.

Then you'd better have room for a lot of entries in yoru fstab!

> > Then go ahead and do the same. Hic. You can use a specific user
> > application to gain access instead of mounting it.
>
> I'm not sure what you mean here.

I mean that you are free to use an application interface to samba,
instead of mounting a file-system emulation via "the system". Common
instances of such application interfaces are generally known as "file
browsers".

> You mean I could have a user process

Yes.

> execute at login to mount the user's home directory with the proper

No.

> permissions? Something like that would be ideal.

But silly, as well as unnecessary. Why would you want a user to do it
instead of root doing it for the user?

> > > Do I have to use NFS to make this all work? I'd rather not have to deal
> >
> > NFS is NFS, not SMB. You are talking about SMB.
>
> Right, but I'm asking if I have to use NFS rather than SMB to solve the
> permissions issues.

No you are not. That makes as much sense as asking if you have to use
electricity instead of water to solve your lack of rain issues. NFS is
NFS. It is not SMB. If you have issues with SMB, it is an SMB problem,
not an NFS problem! How can you confuse the two when you apparently
know they are different?

> > > with all of the security implications there.
> >
> > Like what? (Yes, I know how to use NFS to advantage).
>
> I'm not terribly familiar with NFS. But if I just mount the whole /Users
> hierarchy from the OS X server on the Linux machines via NFS, don't I
> have to trust the client machines to enforce permissions on it?

Eh? What are these "permissions"? If you gave access to your client
machines you gave them access as a machine, and it is up to the client
machines to decide what to do with the access rights you gave them.
They cannot access more than you gave them "permission" to access.

Are you asking if a user on your machine has a directory that is o-r,
whether that will be honoured on the client? That's up to the client
("none of your business"). You gave read permission to the client, and
its users (or if it has any, or if it has any concept of user) are
really not business of yours. If you don't want the client to decide
how to allocate out access to the access you gave it, then don't give it
it. The client may remap users any way it likes.

Bottom line - you gave permission to the machine.

You may modify this using kerberos.

> OpenDirectory is basically OpenLDAP with an Apple schema that provides
> everything OS X needs. I *think* this schema is a superset of RFC 2307
> (which is what I'd want for Linux clients, right?), but it's hard to

I have no idea. If you have an ldap server, then linux can use it for
authentication. It's a question of putting a few entries in the pam.d
files, and arranging that nsswitch.conf is rigged to refer libc getpwent
through ldap for the passwords.

> find documentation for this sort of thing. I was hoping someone here had

All the docs are on the ldap site for linux (and presumably in the
howto).

> done this and could tell me.
>
> I've managed to Google up lots of information about using a Linux server
> with OS X clients, but I've found practically nothing about doing things
> the other way around.

???

Peter

Relevant Pages

  • RE: Setting up NFS shares
    ... A client can be either a host or a client group. ... the appropriate permissions. ... Share Windows Folders by Using Server for NFS ... Click the NFS Sharing tab, and then click Share this folder. ...
    (microsoft.public.windows.file_system)
  • Re: Printing Issue
    ... I've told my client to reset all permissions on their printers and to try ... > your problematic machines. ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: What linux lacks most - a decent remote fs
    ... openings right and it depends on uid's matching at the client and server ... What I mostly see is every imaginable problem on different machines ... to "support" NFS, but which together are highly unreliable (especially ... the ones too old to support tcp connections). ...
    (Fedora)
  • Re: Re: NFS problem
    ... Could it be that NFS ... Linux/Unix machines, Samba is typically only used when exporting Linux/Unix disk ... "ifconfig -a" on both the server and client machine, ... both ping and ssh work fine. ...
    (Fedora)
  • Re: What linux lacks most - a decent remote fs
    ... openings right and it depends on uid's matching at the client and server for file ownership and permissions, but those things either work right or not at all. ... to "support" NFS, but which together are highly unreliable (especially ... You don't happen to be writing a given file from 2 different machines do you? ...
    (Fedora)