Re: SSH sftp and Windows
From: Mario Jesmanowicz (mario@marioj.com)Date: 09/19/02
- Next message: Mike: "Re: Early intrusion signs"
- Previous message: J. Reilink: "Early intrusion signs"
- In reply to: : "Re: SSH sftp and Windows"
- Next in thread: Jan Grobecker: "Re: SSH sftp and Windows"
- Reply: Jan Grobecker: "Re: SSH sftp and Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mario Jesmanowicz" <mario@marioj.com> Date: Thu, 19 Sep 2002 13:37:46 GMT
this is the message I get when I do it as a regular user
"libsmb based programs must *NOT* be setuid root.
12266: Connection to 192.168.1.15 failed"
I even created folder mnt and then windows in there in home directory of
this user and still nothing. This user is a administrator, meaning the admin
of the AD directory and the password on Linux is the same as on AD and the
only way I can mount it is if I first do su and then it asks me for the
password anyway. How do I bypass this too ?
Also how do I make sure that message that pop up on the console every 30
seconds about the conntections do not occur, or at least go to the log and
not the console
SMB connection failed
"Jan Grobecker" <dead_letter@deadspam.com> wrote in message
news:amasqk$4a5hh$1@ID-95600.news.dfncis.de...
> Hi Mario!
>
> On Wed, 18 Sep 2002 22:33:24 +0200 "Mario Jesmanowicz" <mario@marioj.com>
> wrote:
>
> > I want to be able to copy files from my Active Directory Network through
> > sftp over the Internet
> >
> > [...]
> >
> > and if people want to copy files over the Internet from our AD I want
> > the to use sftp to get into Linux and then mount some drives from windws
> > servers like smbmount //192.168.1.15/c$ /temp_folder_on_linux .... The
>
> You cannot enter any shell commands like mount when logged in via sftp,
> it's only possible to get, put, del etc. files and perhaps ls some
> directories normally. You need to be logged in via ssh from windoze to get
> a real shell for example by using putty which is a ssh substitute
> (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
>
> > problem is how do I allow smbmount to work for regular users and not for
> > the root access only.
>
> smbmount should already work for normal users (I just tried). You should
> make sure that the shares are mounted in the user's home directory for
> example under ~/mnt, so nobody else has access to it. The user needs of
> course to have write access to that directory to successfully mount the
> share. For umounting the share you have to make smbumount suid root.
>
> from "man smbumount":
>
> DESCRIPTION
> With this program, normal users can unmount smb-filesys tems,
> provided that it is suid root. smbumount has been written to
> give normal Linux users more control over their resources. It is
> safe to install this program suid root, because only the user
> who has mounted a filesystem is allowed to unmount it again. For
> root it is not necessary to use smbumount. The normal umount
> program works per fectly well, but it would certainly be
> problematic to make umount setuid root.
>
> You can make smbumount suid root by typing "chmod u+s /usr/bin/smbumount"
> as root. You should notice the s-bit for user root afterwards which looks
> like that on my system:
>
> -rwsr-xr-x 1 root root 407804 Aug 13 2001 /usr/bin/smbumount
>
> > Actually I want them to log in with something like SFTP client or winscp
> > GUI client
>
> Again: sftp and winscp (assuming it works like scp) are no shell
> replacements. They can be used to copy files interactively (sftp) or
> directly (scp). By means of public key authentication or .shosts (not
> recommended!) they can work without the need of passwords just like ssh.
>
> > and then .bashrc would mount the stuff they need for them without asking
> > for the password since the username and password on Linux and Windows
> > would be the same. Is this hard? (is this possible)
>
> I know it works the other way around when adding a linux samba user by
> means of smbadduser and setting the linux samba password by means of
> smbpasswd to the one of the windoze account and if necessary editing the
> /etc/samba/smbusers to map windoze accounts to linux accounts if they
> differ in name.
>
> As for a way to circumvent the need for passwords when smbmounting shares:
> I only know the possibility to give the password as an option or setting
> it in PASSWD beforehands, which I wouldn't recommend though. You also
> would have to change .bash_profile or .bashrc every time the windoze
> passwd changes then.
>
> > Any help? Also is this a secure way to get files ?
>
> It is safe from the internet up to your linux server. The SMB protocol in
> contrast isn't secured at all (maybe digest passwords at least?), but when
> you trust your local network it may be okay for you.
>
> After all this all seems to be a bit long winded to me. I think there are
> better ways to do this. Have you thought of setting up a VPN using IPSEC
> (FreeS/WAN), PPTP (Peer-to-Peer-Tunneling-Protocol) or something the like?
> You could then directly and secured connect to your AD servers over the
> internet using only SMB as protocol. But you should then post upcoming
> problems to a windoze newsgroups.
>
> HTH
> Jan
>
> --
> Jan Grobecker, Lehrte (Germany)
> mailto:jan(dot)grobecker(at)epost(dot)de - to (spam) protect the innocent
;-)
> If *really* necessary to mail replace "(dot)" with "." and "(at)" with
"@".
>
> "We are Tuborg. Abstinence is futile. You will be alcoholated."
- Next message: Mike: "Re: Early intrusion signs"
- Previous message: J. Reilink: "Early intrusion signs"
- In reply to: : "Re: SSH sftp and Windows"
- Next in thread: Jan Grobecker: "Re: SSH sftp and Windows"
- Reply: Jan Grobecker: "Re: SSH sftp and Windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
