You are not logged in.
Hello community,
I have been using Linux on the desktop for many years now, but unfortunately my knowledge about servers is very limited, almost non-existent. Therefore my question is most probably equally well fitting here and into the newbie corner.
I'm trying to set up a little home server which should be in charge of following tasks:
- CUPS print server in the local network
- access to shared files through NFS in the local network
- backup (again over NFS)
- an Owncloud server
- maybe a mail server in the long run (NSA, paranoia, etc.  )
)
For now I have set up the print server, the NFS server and was working on the Owncloud installation, when Owncloud gave me some errors with users and permissions. So I was led to the idea of rethinking the users and permissions on server. So far there is only the root user who may do everything. This seems like a quite unsafe configuration. I'd like to make it safer. First, the printer, the backup and the locally shared files should be accessible from the local network only. SSH access should also be accessible locally only. The Owncloud file folder should be accessible from the internet, but of course only for the Owncloud users registered to the Owncloud server.
What is the best way to set up users and permissions for such a set up?
Thanks for any hints,
PhotonX
Desktop: http://www.sysprofile.de/id15562, Arch Linux | Notebook: Thinkpad L13 Yoga Gen2, Manjaro
The very worst thing you can do with free software is to download it, see that it doesn't work for some reason, leave it, and tell your friends that it doesn't work. - Tuomas Lukka
Offline
Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
I think cups set automatically a system user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group.
For nfs every user should have their home, samba is also a good option if you have windows computer in your network and it integrates better with graphical file managers like nautilus in the clients side, but it is a hassle to configure.
You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
I think you should read the wiki:
https://wiki.archlinux.org/index.php/users_and_groups
and the other respective topics in the wiki.
Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
Last edited by hydrosIII (2014-11-06 06:26:45)
Offline
Check out http://woodel.com/. Much useful information with extensive explanations of almost all aspects of small home/business servers. For Cups, however, Arch wiki has more information. Don't forget cups.config requires modifications to allow access from other computers.
Offline