Re: Perl administration for Linux fileserver

From: Erik Roberts (elr@techistry.com)
Date: 02/06/03

  • Next message: Seth Arnold: "Re: openSSL Key generation"
    Date: Thu, 6 Feb 2003 12:58:44 -0500 (EST)
    From: Erik Roberts <elr@techistry.com>
    To: Jos Kirps|EducDesign <jos.kirps@educdesign.lu>
    
    

    Thus quoth Jos Kirps|EducDesign on Feb 3, 2003...

    > I would like to set up a Linux based file server accessible for Linux,
    > Windows and Mac clients. The administration shall be done remotely
    > (web based GUI on a client machine) using Perl scripts. The Perl
    > scripts must be able to:
    >
    > - add and remove directories on the server (that's not the problem)
    > - add and remove users (username & password -> problem)
    > - set access rights for the created directories (-> also a problem)

    Have a look at webmin (http://www.webmin.com) - it's all perl and free
    too. It will handle much of the administrative tasks via a web based
    interface. You can administer Samba and NFS through it; depending on your
    Mac clients (i.e. if they aren't all OSX or you don't have SMB/CIFS
    extensions for them) you'll also need netatalk installed. There's a third
    party module for Webmin to configure/administer netatalk as well.

    > My questions:
    >
    > - To add users that shall be able to access the fileserver, do I have
    > to create 'real' unix user accounts, or can I use something like the
    > '.htaccess' users as used by Apache (users in .htaccess files can only
    > access web directories via Apache, they don't have any other rights on
    > the server). I would prefer such a solution to limit what people with
    > a fileserver account can do on the server.

    It depends on the manner in which the shares are exported, but generally,
    yes, you'll need unix accounts. However, you can effectively disable
    access to the server to these users except through the file sharing
    mechanism.

    > - How can I tell my Linux box that only certain users shall have
    > access to a certain directory? Can I do this using something similar
    > to '.htaccess' / '.htpasswd' ? Or what services do I have to use?

    Samba allows per share ACLs - in setting up each share you'd assign
    privileges based on which user can perform what action. I'm less familiar
    with NFS but using standard unix permission should provide you with at
    least rudimentary access controls. Netatalk can similarly be configured
    to allow particular users certain rights (if I recall correctly).

    > - Do the scripts need root privileges to do all this, or is this
    > feasable running as Apache CGI script?

    Well, webmin runs it's own basic webserver, but in order to modify most of
    the necessary configurations, password files, etc. then yes, the scripts
    will either need to run as root or setuid root. Either is a somewhat
    scary prospect - run webmin on a nonstandard port using SSL and avoid
    allowing webmin to be accessed from outside the LAN if at all possible.

    Hope this provides some preliminary pointers.

    Regards,
    Erik



    Relevant Pages

    • remote SYSTEM compromise in WASD OpenVMS http server
      ... WASD VMS Hypertext Services is a popular http server for OpenVMS ... - getting the sources of all cgi scripts ...
      (Bugtraq)
    • Re: problem with validated site
      ... server side scripts have drawbacks that must be weighted against their benefits when compared to alternative reliable authoring strategies. ... This has a simple effect with most user agents: Everytime you navigate to a page of the site, it's entirely reloaded. ... For example, it should expand entity references and marked sections (because they're not supported by existing HTML user agents), but shouldn't close omitted tags. ...
      (comp.infosystems.www.authoring.html)
    • Re: Undefined variable
      ... but am not sure if the server will break because the variable isn't ... upgraded to Php 5.3 some of my older scripts threw lots of these errors. ... so I could use my utility and then come back later and fix it at my ...
      (comp.lang.php)
    • SUMMARY: repository for scripts for multiple machines, and multiple users
      ... subversion, cfengine, rdist, rsync, NFS ... I have been messing about with shell scripts to maintain a common base ... regular updates from a central server. ... Highly granular access control is possible with Subversion. ...
      (SunManagers)
    • Re: Undefined variable
      ... but am not sure if the server will break because the variable isn't ... errors reported on the production server? ... upgraded to Php 5.3 some of my older scripts threw lots of these errors. ...
      (comp.lang.php)