LinuxSA Mailing list archives

  From: Adrian Butterworth <adrian@econ-outlook.com.au>
  To  : LinuxSA , ka3uww@iname.com
  Date: Sun, 26 Sep 1999 15:37:46 +0930

Re: Samba/FTP Question

Hi Frank

On Sat, 25 Sep 1999, Frank W. Holden Jr. wrote:
> Here is the deal guys and gals, I want to be able to play my mp3's via
> SAMBA on my LAN, BUT (here it comes) I do NOT want people that
> anonymous FTP in to my box to SEE any files or download those files,
> BUT (the biggie one) I do want the users that FTP in to their own
> accounts to be able to FTP the mp3 files. Sounds like a lot of butt
> here huh??? >[;^)
> 
> Lets see if I can say it like this:
> 1. On the LAN using Samba, YES to play mp3 files 
> 2. FTP from inet w/ account, YES dl mp3's
> 3. FTP from LAN, YES dl mp3's
> 4. FTP anonymous, NO see no mp3's
> 
<snip>

There are several approaches possible but given you want to control
access from several services I'd use the underlying file system
security. 

1. select a existing group like "users" (cat /etc/group for a list) or
   create a new one - say "mp3".

2. add all existing "real" users to this group or the subset you want
   to be able to access the mp3s.
   (don't include ftp, nobody... or any UIDs below 100)

3. change the mp3 direcory and its contents group
   # chgrp -R users /home/samba/mp3
   (substitute the group you've chosen, and the mp3 directory) then
   remove all privileges for "other" users with
   # chmod -R o-rwx /home/samba/mp3 

4. Also unless your happy for all users to be able to delete/change
   your mp3's its a good idea to remove group write access
   # chmod -R g-w /home/samba/mp3

To make maintenance easier.
1. make the mp3 directory setGID this will ensure any new files placed
   in it inherit the directories group irrespective of who puts them
   there.
   # chmod g+s /home/samba/mp3
   If there are any existing subdirectories do the same for them. The
   following will do this automatically if you have a lot!
   # find /home/samba/mp3 -type d -exec chmod g+s {} \; 
   (you need the " \;" - man find for explanation of the syntax)

2. If you add lots of users you may want to tweak or wrap your preferred
   user add utility to automatically add new users to the group you
   are using, if it doesn't already

E&OE
Regards

Adrian Butterworth

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject