On 04/05/2018 15:46, Chris Weiss wrote:> technically it does not need a passwd, and you don't need to do > password sync. i should work just fine.Thanks. If the matching Unix account has no password, how come it doesn't trigger an error when Samba accesses the underlying Unix filesystem? Doesn't Linux prompt Samba for a uid + password?> it would be better to use group permission on the files and use your > normal user to edit. www-data should only have write permissions to > your logging and upload areas anyway. the web server should never be > able to overwrite your site code. it would be even better to use SSH, > still with group permissions and your normal user. most editors can > edit over ssh "live" these days, with the right plugin.Thanks, but I prefer to use Samba and a word process to edit files from Windows. It's more user-friendly than an SSH terminal window.
On Fri, May 4, 2018 at 9:07 AM Gilles via samba <samba at lists.samba.org> wrote:> On 04/05/2018 15:46, Chris Weiss wrote: > > technically it does not need a passwd, and you don't need to do > > password sync. i should work just fine. > Thanks. > > If the matching Unix account has no password, how come it doesn't > trigger an error when Samba accesses the underlying Unix filesystem? > Doesn't Linux prompt Samba for a uid + password?no, samba runs as root, root can do whatever it needs. this is also why you shouldn't have samba on a web server. there are many tools to get ssh/sftp paths as a local windows file. I really suggest you go that route if this internet facing. you can do whatever you want, but you do need to know that what you're trying to do here is a Bad Thing. you're setting yourself with an insecure system, and that never ends well. and also Word makes terribly bloated pages. why not use a CMS or a wiki? right tool for the job.
On 04/05/2018 16:47, Chris Weiss wrote:> On Fri, May 4, 2018 at 9:07 AM Gilles via samba <samba at lists.samba.org > <mailto:samba at lists.samba.org>> wrote: > > On 04/05/2018 15:46, Chris Weiss wrote: > > technically it does not need a passwd, and you don't need to do > > password sync. i should work just fine. > Thanks. > > If the matching Unix account has no password, how come it doesn't > trigger an error when Samba accesses the underlying Unix filesystem? > Doesn't Linux prompt Samba for a uid + password? > > > no, samba runs as root, root can do whatever it needs. this is also > why you shouldn't have samba on a web server.That figures. Although I obviously have a NAT firewall to restrict incoming access to TCP80, since Nginx is indeed Internet-accessible, I'll investigate using ssh/sftp as an alternative to Samba. Thanks much.
Am 04.05.2018 um 16:47 schrieb Chris Weiss via samba:> no, samba runs as root, root can do whatever it needs. this is also why > you shouldn't have samba on a web server.but not the worker process> there are many tools to get ssh/sftp paths as a local windows file. I > really suggest you go that route if this internet facing.have fun in a mixed network Linux/Mac/Windows> you can do whatever you want, but you do need to know that what you're > trying to do here is a Bad Thing. you're setting yourself with an insecure > system, and that never ends well. and also Word makes terribly bloated > pages. why not use a CMS or a wiki? right tool for the joband you edit the files and templates how? how do you put the CMS on a new webspace to start with? nobody right in his mind has samba listening outside a VPN/LAN on a webserver, but protect samba itself from webserver processes is quite easy as there is also no need for access ftp from the machine itself REJECT tcp -- lo * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,137,138,139,445 ctstate NEW reject-with icmp-admin-prohibited
On Fri, 04 May 2018 14:47:02 +0000 Chris Weiss via samba <samba at lists.samba.org> wrote:> On Fri, May 4, 2018 at 9:07 AM Gilles via samba > <samba at lists.samba.org> wrote: > > > On 04/05/2018 15:46, Chris Weiss wrote: > > > technically it does not need a passwd, and you don't need to do > > > password sync. i should work just fine. > > Thanks. > > > > If the matching Unix account has no password, how come it doesn't > > trigger an error when Samba accesses the underlying Unix filesystem? > > Doesn't Linux prompt Samba for a uid + password? > > > no, samba runs as root, root can do whatever it needs. this is also > why you shouldn't have samba on a web server.Well, Samba does run as root, but when a user connects, a new process is forked using the users credentials. You can run a web server on a machine running Samba, there is no connection.> > there are many tools to get ssh/sftp paths as a local windows file. I > really suggest you go that route if this internet facing. > > you can do whatever you want, but you do need to know that what you're > trying to do here is a Bad Thing. you're setting yourself with an > insecure system, and that never ends well. and also Word makes > terribly bloated pages. why not use a CMS or a wiki? right tool for > the job.Totally agree with the above, plus you shouldn't use windows tools to edit conf files on Unix, the two systems use different line endings. Rowland
Possibly Parallel Threads
- Is a password required for the Linux account?
- Is a password required for the Linux account?
- sieve_extprograms - double linebreaks at filtering
- download.file does not process gz files correctly (truncates them?)
- Urgent help to Samba 2.0.7 with Microsoft Windows XP and 98