Friday, January 7, 2011

Public file share

The objective is some basic network attached storage (NAS), or public file share, where any attached computer can create, read, update, and delete any file without authentication. I would not consider this secure, as anyone who can attach to the network can do whatever they want to the file space, however secure is not the objective at this time. Also if a user is accessing the same shared file space locally on the server it should behave the same as if it was being accessed over the network.

The environment is Ubuntu Desktop 10.10 (Maverick Meerkat) freshly installed and updates done.

Given that, the following are the minimal steps and configuration required to achieve the objective.

Make a public file space based on "HowTo: Create shared directory for local users (with bindfs)", this works much better than access control lists can.

install bindfs
sudo apt-get install bindfs

configure the public space to be set up on startup.
description "Remount public with different permissions"

start on stopped mountall

pre-start exec install --owner=nobody --group=nogroup --mode=0777 \
--directory /export/public

exec bindfs -f --owner=nobody --group=nogroup --perms=a=rwD \
--create-for-user=nobody --create-for-group=nogroup \
--create-with-perms=a=rwD --chown-ignore --chgrp-ignore --chmod-ignore \
/export/public /export/public

and make the public space active
sudo initctl start bind-public

Now to make the space available over the network using Samba.

Install samba
sudo apt-get install samba

And here is a minimal Samba configuration to do the job.
       map to guest = Bad User

       path = /export/public
       guest ok = yes
       read only = no

It is not necessary to restart samba for the changes to take effect.

At this point the objective is achieved for remote connections, and any local methods for accessing the directory.

For restricted access, configure Samba to require a log-on, or only allow particular users to access the public share.

No comments:

Post a Comment