On Wed, 2 Jun 2004, January Weiner wrote:
I'm desperately trying to set up a secure file sharing server. It should support both user authentification and data encryption. It will run in a non-secure LAN and provide about 15 users with their home directories.
My first idea was to use NFS over SSH. However, for this you need to specify the ports rpc / nfs /nfslock use. It seems that in SuSE there is no way of specifying the nfslock port, is this correct? What am I doing wrong? How to do NFS over SSH in SuSE?
Samba would also be a possibility, however there are a couple of problems with that one:
1) problem with high UID's, we have UIDs >> 65535 and the mounted samba shares do not get proper permissions
Haven't been a problem for a couple of years, as far as I can gather, definitely shouldn't be for Samba 3. Changed rather shortly after kernel 2.4 appeared supporting UiDs > 65535. Haven't tested this myself, just did a quick google just now. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=59407
2) is it true that Samba does not support special files (like sockets), thus rendering this file system unusable for the purpose of mounting home directories to use e.g. with KDE (which needs to create sockets)?
Not true. 'Unix extension = yes' in smb.conf solves this, the problem with KDE is that it has odd (':' in particular) characters in filenames, this is solved by also setting 'mangled names = no'. Gnome, on the other hand, uses a file locking strategy which is broken with sambamount. Setting an environment variable GCONF_LOCAL_LOCKS=1 for the user moves the file locking to /tmp and makes Gnome useable, though the solution isn't optimal.
Am I wrong? What other possibilities are there?
Someone suggested VPN, which can force the user to authenticate to get an IP address - at which point IP security all of a sudden deserves to contain the word "security" in it. Bjørn -- Bjørn Tore Sund Phone: (+47) 555-84894 Stupidity is like a System administrator Fax: (+47) 555-89672 fractal; universal and Math. Department Mobile: (+47) 918 68075 infinitely repetitive. University of Bergen VIP: 81724 Support: system@mi.uib.no Contact: teknisk@mi.uib.no Direct: bjornts@mi.uib.no