Need SAMBA for bak/sync, but NOT browsable

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Need SAMBA for bak/sync, but NOT browsable

nitin chandra
Hi All,

I am able to configure samba for LAN sharing.

At the same time I also need to secure the backup directory of each user

1. Not accessible to users over File Explorer (\\server\userBAKUPdirectory)

2. I am using FileSync to update (auto-update) over LAN to backup /
update the user data.

I dont want individual users to see / access their own Backup
directory, but FileSync software keeps working to backup / update the
data without any issues.

Below is the user share settings :-

[operationsBAK]
path = /home/operations/operationsBAK
valid users = operations
read only = no
browseable = no



Thank you

Nitin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Need SAMBA for bak/sync, but NOT browsable

Karl Auer
On Tue, 2017-11-07 at 13:42 +0530, nitin chandra wrote:
> I am able to configure samba for LAN sharing.
> 1. Not accessible to users over File Explorer
> (\\server\userBAKUPdirectory)

Samba does not know how it is being accessed. If a connection turns up
with the right credentials, it will be given access. Making the share
non-browseable is not really a security thing; it won't stop anyone who
knows what the share is called.

> I dont want individual users to see / access their own Backup
> directory, but FileSync software keeps working to backup / update the
> data without any issues.

You *may* be able to do something with "create mask"; a file created
with "----------" (create mask = 0777) will theoretically not be
accessible by the user once it is closed. I've never actually tried
that with Samba though. Tell us the result if you try it :-) And read
about "force create mode", "directory mask" and "force directory mode"
as well, because a file the user cannot read can still be deleted by
that user unless the directory the file is in is suitably protected.

Depending on how FileSync works, this solution may also prevent
FileSync writing to the same files twice (you mentioned 'update').
Whether that is a good thing or not depends on how you are using
FileSync.

Another alternative is to move the backups away from the target
directory as soon as the backup is complete, and put them in a
directory that is not accessible to the user.

Or do both :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users