www interface to samba
Keith Mastin
kmastin-PzQIwG9Jn9VAFePFGvp55w at public.gmane.org
Tue Nov 18 00:28:44 UTC 2003
> That's currently my backup solution, I tested it and it works under
> scponly shell since I don't want the user to have shell access. I
> thought there might be a better solution than winscp3, nobody uses
> winscp3 before, and I don't want to spend time supporting winscp3.
>
> But if I can't find a better solution, I guess this is the solution I'm
> going to implement.
I don't think I would use samba in this instance. Samba from within the
internal office networks yes, but I wouldn't offer those machines up to
the h4x0r gods unless I had a good reason to. And yeah, I've found that
WinSCP has it's downsides too, so you're looking for a better solution.
I have a setup that allows remote file access through ftp, using a few
different programs. Samba runs on the internal network, with all shared
files stored only on the samba server. Check samba3, it has some
improvements over the 2x series. The samba shares are accessed over the
Internet via vsftpd.
Authentication is 100% pam with mod_auth_pam. Users can login into the
share by clicking a network share icon on the desktop at work or using the
ftp address or clicking a link on the webpage from home. They can also
change their password from the website, and are requested to frequently.
I'm running openssl-enabled apache-1.3.28.
Not exactly as slick as samba, but it has advantages:
-only the one computer is actually accessed from the web
-vsftpd makes sure that the share is chrooted
-abuse of shares by loading p0rn or other crap is easily kiboshed
-username and password pairs for web access need not be the same as the
smbpasswd info, and are accessed via openssl in any event
-I can add certain users and allow or disallow file uploads or downloads
by group or user
-by messing with the default file permissions I can personally inspect
uploaded files before they're available for downloading
Another solution I use is PostNuke. There are modules for filesharing
among about a kazzillion other modules that can give your site a lot of
virtual office capabilities. It's also worth looking into.
HTH
>>>Yes, since the users connect to the samba server through windows
>>>machines at the office. The web interface to the samba would allow the
>>>users to upload/download files using browser from anywhere.
>>
>> Can anyone else see a security nightmare in the makings here? Here's a
>> susggestion: Load WinSCP3 on the windoh$ machines and configure sshd on
>> the server side and let the users connect remotely to the file server
>> with that. Fast, simple and done.
--
Keith
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list