Configuring Samba - ACT 5 - user data security
There is a shared network folder located on our samba server that requires user authentication for access; samba username and password. These credentials are setup on the samba server. Whoever submits the correct authorization has access to the data in that drive. However, we don't want anyone who has access to this drive deleting or changing data stored in this drive unless they are given permission to do so. Data created by an authorize user can only be deleted by that user.
I created two samba users that have been given access to a samba shared folder named "netshare". Both users can create and delete data, but only delete data that they own. To apply these restrictions, the permissions on the "netshare" folder had to be modified. Whenever the samba server receives a command to delete a resource within that folder, it checks to confirm the user executing the deletion owns the file it wants to delete. This investigation feature is called "the sticky bit".
The "sticky bit" insures deletion of files are done by the owner of the file. On Linux, the sticky bit is set on a file/folder using the "t" permission from the "chmod" command.
#sudo chmod +t /netshare
Once this is set, only, owners of these files can delete them. On this "netshare" folder, you can see the "t" applied as one of the permissions.
To further explain, if a user creates a file of folder in this shared folder, only they have the power to remove or modify it. Even though the "netshare" is owned by "root", other users have permission to write to this folder. When they do, only they or "root" can remove their data. In a public environment, folders and files are protected from random deletion.
What if we wanted to restrict others from reading the contents of files and folders created by other users? Again, we modify the file's access permissions. We tell the operating system to deny read access to X-user's files if X-user is not the one trying to access it. I was looking for a samba method of doing this, but I found a method on windows that actually grants samba users the power to decide who can access their files.
Once the samba user creates a file and wants to deny access to it from everyone else, they simply right-click the file, click "properties", click the "security" tab, Select "advanced" and a window for permission modifications appears. A video showing this method will better demonstrate this procedure.
We just applied two security measures to protect our data in a public environment. This is just the icing on the cake because there is more. We will have to learned these different methods in layers. Go ahead and apply these measures and keep your data to yourself :-)
Once the samba user creates a file and wants to deny access to it from everyone else, they simply right-click the file, click "properties", click the "security" tab, Select "advanced" and a window for permission modifications appears. A video showing this method will better demonstrate this procedure.
We just applied two security measures to protect our data in a public environment. This is just the icing on the cake because there is more. We will have to learned these different methods in layers. Go ahead and apply these measures and keep your data to yourself :-)
Comments
Post a Comment