Re: [fw-wiz] Synchronizing public web server and samba

From: Paul Robertson (proberts@patriot.net)
Date: 08/29/02

• Next message: Nilesh Chaudhari: "RE: [fw-wiz] VPN concentrators"
• Previous message: John McDermott: "[fw-wiz] Synchronizing public web server and samba"
• In reply to: John McDermott: "[fw-wiz] Synchronizing public web server and samba"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Paul Robertson <proberts@patriot.net>
To: John McDermott <jjm@jkintl.com>
Date: Thu Aug 29 11:42:02 2002

On Thu, 29 Aug 2002, John McDermott wrote:

> I have what cannot be too unusual a situation, but I cannot seem to find
> the "best" solution. I have an internal network behind a firewall and
> on that network is a Samba server acting as a PDC for a group of
> workstations. In a classic DMZ outside the firewall behind the router is
> a web server. The users on the Samba server waant to have individual
> areas on the www server to post content. I can do the Apache work no
> problem.
> What I want is to make it as easy for them to publish as possible, while
> minimizing the administration and trying to have good security as this
> is a school.
> I've considered scp and ssh, but that requires duplicating the accounts
> and quotas on the web server. That's doable, but hard to automate,

It's not that difficult- rsync over SSH for the Web directory is the usual
method- I'd probably clean out symlinks, hard links, and files that start
with a dot before copying them though, or sync to a non-Web directory,
clean then move files over.

> AFAIK. If the web server were 100% for internal use, I'd just automount
> the student directories and share out each one's http-public or
> whatever. The problem is that I don't necessarily trust file sharing
> through a fw.
>
> Any ideas?

Give them each a public_html directory on the SAMBA server, and rsync
those over SSH from an account that has access on the Web server to their
content directories that Apache is configured to serve up.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

• Next message: Nilesh Chaudhari: "RE: [fw-wiz] VPN concentrators"
• Previous message: John McDermott: "[fw-wiz] Synchronizing public web server and samba"
• In reply to: John McDermott: "[fw-wiz] Synchronizing public web server and samba"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: https, ssh - remote control ... > My idea is to basically have a web server - that is contactable from ... > ssh from that portal to a remote Linux server. ... said corporate firewall), then modify the same corporate firewall to allow ... (alt.os.linux) Re: OT [Kinda] All in one adsl/cable modem/router thingies. ... Any service, maybe except ssh? ... > These integrated units commonly run as a firewall, a router, a DHCP ... Before I had a web server set up, ... could connect to it on port 80. ... (comp.os.linux.security) Re: What are these ports? ... Do you think i'd better leave this port open? ... you want to do administration from a limited set of hosts. ... in with ssh on your web server, ... (comp.security.firewalls) Re: ssh tunneling newbie question ... > I'd like to access web pages on the internal web server at work from ... I can ssh to my account at work and run mozilla ... (comp.security.ssh) https, ssh - remote control ... portal to administer remote Linux boxes. ... My idea is to basically have a web server - that is contactable from ... ssh from that portal to a remote Linux server. ... (alt.os.linux)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint