Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows to Linux Migration - File Server Security?

Posted by ryuzaki0 on from the user-level-shares dept.

Circuit Breaker asks: "I'm in the slow process of migrating my office from Windows to Linux. The servers have been Linux machines for quite a while now: Samba serves as PDC/BDC (not using Active Directory yet), and the Samba config is mirrored with rsync; all works well. No, it's time for the workstations, and all is NOT well. User lists are synchronized with NIS, which sort-of works, and will probably work better once we implement LDAP; but it seems that mounting of server directories can only effectively be done with NFS, which is a problem with security because some people really need local root. I've tried using NFS, CIFS and SSHFS, through pam_mount, automount, and independently, but it's not close to the usability of the Windows setup. It's either mounted per user, which requires a lot of work, or by root, in which case local root users bypass any remote permissions. How do you set up mounting directories that is easy to use like Windows -- everything automounted, but security settings are still respected for each user, even when local roots are involved?"

9 of 103 comments (clear)

  1. If it works now by mboverload · · Score: 4, Insightful

    If it works, why are you migrating? If it aint broke, don't fix it.

  2. Re:A good security by picklepuss · · Score: 4, Insightful
    By educating and training the users, there should be a minimum amount of confusion.

    IMHO, this is just asking for trouble. And having daily backups only ensures that you'll spend most of your day restoring backups when things start to get really messed up. Getting a signature doesn't do you squat, unless there is a real policy of enforcement. But once mangaement realizes they're going to have to discipline everyone because your security policy is lame, who do you think is going to get it in the end.

  3. Re:Because someone got bitten by the Linux bug by paugq · · Score: 2, Insightful

    Unix guru and was not able to install Oracle in one week??? Gee, looks like someone has lied here.

    I'm not saying Oracle is easy to install, but you can do it for sure in a couple of hours (less if you are using a supported Linux and follow the installation instructions).

    And using Windows XP as the operating system for a database server? Are you kidding?

  4. Seriously by fimbulvetr · · Score: 2, Insightful


    What's wrong with using NIS/+/ldap with automounting nfs homedirs? Root, from arbitrary machines, should have no reason to access mounted homedirs, and the users can still do local root.

    How is that hard?

    Don't want to automount? Add a line to /etc/fstab.

    The whole super custom complex setups, the kind you're digging yourself a into hole for, are the #1 cause for:

    1. Hard to troubleshoot problems/issues.
    2. Poorly performing infrastructure.
    3. Security vulnerabilities.
    4. Networks that are hard to make redundant.

    KISS

  5. Re:Because someone got bitten by the Linux bug by Sycraft-fu · · Score: 4, Insightful

    You are free to believe what you like, it has no effect on the truth of what happened. Oracle refused to install on normal Linux. I don't know what the problem was, and apparantly neither did our Solaris guy. That's why he called Oracle, to ask them to help make it install, only they wouldn't because it's an unsupported OS. Now I should clarify that the a good part of the week wasn't fighting with Oracle, but with making RAID work, however he tried and failed to install Oracle several times before giving up and calling for support.

    And it sounds like you are another one bitten with the LInux bug, or rather the "anything but MS" bug. Why not Oracle on XP? I would draw your attention to the fact that it's an offically supported OS, as in Oracle themselves have declared "This OS is suitable to use with our database, and we will support installations on it." 10g2 is offically supported on Windows 2000 (Pro and Server), XP (32 and 64-bit) and 2003 Server (32 and 64-bit). While I haven't played with 10, when we did all this with 9, it installed on XP on the first try with no problems.

    So what's your reasoning that XP can't be used? Is there something really backing it up or is it just general "You can't use Windows" mentality?

    I'm not saying I'd recommend using Oracle on XP in most cases, however this is the same, knee-jerk "Linux bug" mentality I'm talking about. A Windows solution works, there's no problems with it, however you get this atitude like it should be Linux just because.

    Change needs to have a reason, at least in the corperate world. That reason can be something as simple as "we are tired of paying for MS licenses" but you need a legit reason. "I hate MS" isnt' a legit reason. Further, the benefits of the switch must outwiegh the costs. If you can switch to Linux with no additonal support costs, then the cost argument is a good one. If switching to Linux is going to require 500 man hours to implement and an additonal 200 per year to support over Windows, it may well be that the money spent on support is more than the savings from licensing.

  6. Re:Because someone got bitten by the Linux bug by the+eric+conspiracy · · Score: 3, Insightful

    Oracle refused to install on normal Linux. I don't know what the problem was, and apparantly neither did our Solaris guy.

    I am sorry, but I am calling bullshit on this. Yes, Oracle can be difficult to install on a Linux installation that is not "supported" because it makes a lot of assumptions about the services that will be available to it. BUT any competant admin can find out what the requirements are without a lot of difficulty. And in many cases there are guides that can be used to install Oracle on non-supported systems.

    One such guide is the following:

    http://www.tldp.org/HOWTO/html_single/Oracle-9i-Fe dora-3-Install-HOWTO/

    So what's your reasoning that XP can't be used?

    As far as Oracle running on Windows XP, the main reason that I wouldn't do that is that Windows XP doesn't provide the services that a server OS would. For example, such an installation would be limited to no more than 10 concurrent users, amoung other things.

  7. Re:Because someone got bitten by the Linux bug by whoever57 · · Score: 3, Insightful
    See we were trying regular SuSe and Redhat. Part of the whole Linux thing is it's free right? Oracle will have nothing to do with that at all. Supported Linuxes were RHEL, SuSe EL, and UnitedLinux. So we hit a roadbloack. I asked for permission to try Windows XP since that was a supported OS, the system had come with a license and why not. Oracle ended up installing on that fine on the first try and working properly. Then the project was canceled, but that's another story.
    So, what you are saying is that you were trying to install a closed source application for weeks without asking exactly what the supported platforms were? I'm sorry, but that is just asking for failure. It's like wondering why it won't install on Windows 3.1 because "it's Windows, right?"
    --
    The real "Libtards" are the Libertarians!
  8. Re:NFS options by Mintrubber · · Score: 3, Insightful

    As root, the user can change to any other uid with "su" on the client. This way, he has access to all other user's files. "root_squash" is only relevant if the files in the exported directory belong to the root user. As the question was about home directories, "root_squash" does not help here.

  9. Re:Because someone got bitten by the Linux bug by Anonymous Coward · · Score: 1, Insightful

    Or didn't read the &#^#@$ Install documentation.

    This was some wanker who had installed Linux a couple of times on his PC in Mom's basement and now he's a "Linux Expert".