You are not logged in.
- Topics: Active | Unanswered
#1 2014-04-24 09:45:25
- archtom
- Member
- Registered: 2011-05-04
- Posts: 58
http user security concerns (webserver, symlink owncloud, samba4)
Hey,
I had a lot to do to get nginx, owncloud, samba4, etc. working, but it finally does 
Now I´d like to symlink some data to an owncloud account without copying it. This is working, but it is needing some permission changes. Here is the setup:
samba files
/data/sambashare/path/to/folder
permission 770 for folders, 660 for files
ownership root:smbusergroup
webserver files
/data/webserver/
permission 755 for folders, 755 for files, owncloud data folder 770
ownership http:http
The files shall be linked in to the owncloudaccount like this:
ln -s /data/sambashare/path/to/folder/ /data/webserver/cloud/owncloud/data/username/files/
There are two things needed for this to work and to show up the files in owncloud:
1 editing open_basdir in /etc/php/php.ini, o.k. did that
2 giving the /data/sambashare/path/to/folder/ the correct permissions (rights and owner)
Here giving the correct permissions is possible in two ways:
a chmod 766 -R /data/sambashare/path/to/folder/
I don`t want that because every user would have access. I´d like them to stay at 770/660.
b adding http user to smbusergroup
Now here is my question:
Are there any security concerns in adding the "http" user to the smbusergroup? The user would not get a samba password. Can the other files in the sambashare seen in or accessed in any way? The samba directory is not part of the root directory of the webserver.
And a sidenote: I did a lot of research to get everything working and made detailed manuals. Who is maintaining the archwiki and how can I reach him or her? I think others can save a lot of time with this
Thanks in advance
Last edited by archtom (2014-04-24 09:48:48)
Offline