Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Red Hat 5.2-7.3 & Bootable Slackware 8.1 CD
Posts: 27
Rep:
Opinions on the best way to do this?
I have set up Samba to run on the Linux file server but would like everyone to have individual logins instead of group access.
The network is really two seperate networks on the same backbone one already has a NT 4 server that is a PDC for the Gov. administration.
The rest of the network is a Slack Linux box using Squid, DHCP, Apache and firewalls etc and the other box being the file server, backup etc.
Should I:
1). Setup users to be authenticated on the NT machine, hard because it is contracted out to another party (Gov. requirement) and I have not got Admin permissions on it etc.
2). Change the subnets so the machines can't see each other and set the file sever box up as a PDC, would that even work?
(Somewhat unpractical because a couple of users need access to both the NT machine and the Linux file server).
If I had my way all machines would be *nix and it would be easier but changing the gov contracts is not easy!
Any Other sugestions ???
Last edited by cyberdiamond; 11-01-2002 at 11:44 PM.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
Maybe I'm being naive here, but why not use SAMBA's winbind for the
users that need access to both networks, and use the normal *NIX logins
for those that only have access to the *NIX part of the network?
Distribution: Red Hat 5.2-7.3 & Bootable Slackware 8.1 CD
Posts: 27
Original Poster
Rep:
There is around 1000 users and 200 computers!
But the users use any computer so I dont want to have to put everyone's user account onto each one.
At the moment they are broken down into several groups but the problem I am having is people deleting other people in the same groups work.
Thats why I thought I needed a PDC to do this easily, hence the original problem?
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
Linux is designed for large numbers of users! Use LDAP (or NIS, but
LDAP is better) as a directory service running on one server, have all
the other computers running as clients. Run the windows machines as
clients to the linux server, but with a subset of allowed users. This is
essentially what I help administer at work, though with just a few
windows boxes, and a few OS X boxes added in to spice things up.
Currently we use NIS (and NIS+) because our network guru hasn't
migrated the Solaris server over to LDAP. NIS used to be YP, which
is where ypbind, etc. come from.
Your server will house all of the user information, and your clients will
connect to the server to authenticate the user. For NIS(+), the file
/etc/nsswitch.conf tells the client how to do authentication. On our
systems, it tells the client to look in the nisplus database first, then
search less likely places for username/password combinations. . .
Netgroups allows you to restrict certain access to certain groups, which
means you can limit connections from the windows machines to certain
users.
At work, we have MANY groups that allow us to limit access to disk
space, and we have the umask of users set so their files are generally
protected from everyone but themselves. This is all possible for the
windows machines if you house the working disks on a SAMBA server.
Distribution: Red Hat 5.2-7.3 & Bootable Slackware 8.1 CD
Posts: 27
Original Poster
Rep:
I might have to do some reading up on LDAP by the looks of it it sounds like what I need.
Quote:
At work, we have MANY groups that allow us to limit access to disk
space, and we have the umask of users set so their files are generally
protected from everyone but themselves. This is all possible for the
windows machines if you house the working disks on a SAMBA server.
I also need to limit disk usage to each user but figured that would be easy once the rest is set up. (I figured limit each users home folder would be easy for that) As I have a public drive so people can share things
can umask work on a user and a group level at the same time?
ie can group_A have access to group_B files and not the other way around and and at the same time not eachothers work in group_A?
Last edited by cyberdiamond; 11-03-2002 at 04:52 AM.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
Basically, I would make the members of group_A also members of
group_B, with umasks set so that by default others can't mess with
their files. umask is a user specific thing, but you can set the sticky
bit in a directory that forces files under that directory to maintain
certain permissions.
Quotas allow you to limit disk usage per user, per disk. You can limit
a user's disk usage in their home, and have a group disk with a different
limit. *NIX is all about securing one's files from access by another user,
so pretty much whatever you want in this realm is possible, you just
have to find the right manuals to read. . . =-}
Distribution: Red Hat 5.2-7.3 & Bootable Slackware 8.1 CD
Posts: 27
Original Poster
Rep:
I hadn't thought to have them in more than 1 group, that makes sense.
The sticky bit also sounds like it will do the job on other disks.
Now for a lot of reading to get it all set it up right now that I have the basic framework.
Thanks,
Steve
Last edited by cyberdiamond; 11-03-2002 at 05:40 AM.
Distribution: Red Hat 5.2-7.3 & Bootable Slackware 8.1 CD
Posts: 27
Original Poster
Rep:
Alright I tried to find infomation on using LDAP to do this and haven't had any luck.
All I seemed to find was a lot of info in setting up phonebooks and address books and internet databases.
Can anyone point me to a good reference on this, even better if it delt with what I am trying to do with it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.