On Wed, Jan 14, 2009 at 12:32:42PM -0500, blee2@tampabay.rr.com wrote:
> Thus Paul M Foster hast written on Tue, Jan 13, 2009 at 06:45:03PM -0500,
> and, according to prophecy, it shall come to pass that:
>
> <chop<chop><chop><chop><chop><chop>
>
> I was thinking about how you could get it to work with Samba, but needed to
> make yourself the owner...So I checked your mount settings
I reconfigured fstab to mount the directories under Samba. It mounted
okay, and *most* but not all of the home directory files backed up. But
the non-home-directory files being backed up (/etc, /usr, etc.) failed
to back up spectacularly. That's given that I set the user ID to 1000
(me) and group ID to 1000 in fstab. I'll be testing it using 0 and 0
instead. Not optimistic. Another problem with Samba is that it can't
handle extended attributes (set UID/GID on execution, etc.).
>
> >>> pokey:/lan /lan/backup nfs
> sec=none,soft,intr,timeo=12,wsize=8192,rsize=8192 0 0
>
> and remembered that I'd read
>
> sec=mode Set the security flavor for this mount to "mode".
> The default setting is sec=sys, which uses local
> unix uids and gids to authenticate NFS operations
> (AUTH_SYS). Other currently supported settings are:
> sec=krb5, which uses Kerberos V5 instead of local unix
> uids and gids to authenticate users; sec=krb5i, which
> uses Kerberos V5 for user authentication and performs
> integrity checking of NFS operations using secure
> checksums to prevent data tampering; and sec=krb5p,
> which uses Kerberos V5 for user authentication and
> integrity checking, and encrypts NFS traffic to prevent
> traffic sniffing (this is the most secure setting).
> Note that there is a performance penalty when using
> integrity or privacy.
>
> Try changing the "sec" mount option to "local", then unmount and mount the
> filesystem on the client.
No "local" option for security under NFS. "none" and "sys" might be
valid options. Under Samba, I don't see *any* sec= options, according to
man 8 mount and man 8 smbmount.
Additional data: "none" and "sys" don't affect behavior either way as
sec= options under NFS (by actual experiment).
>
> Out of curiosity, can you read any non-world-readable files or get a
> directory listing over the NFS mount?
Yes. In fact, I can do so as root on files not owned by root. It just
won't let me create or delete them.
Paul
-- Paul M. Foster ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:20:57 EDT