- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Creating secure Linux shares
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This week I purchased a ReadyNAS (firmware 6.9.3) for use in our university research group. We have several users on Windows, Mac and Linux. I enabled SMB and NFS. The Windows and Mac users are able to access the NAS "out of the box" - in their Network Locations (or similar) they can see the device and are then prompted for a username and password. Entering this then gives them access to their newly-created Home directory, as expected.
Following the official FAQ instructions, I first tried on Linux to mount to the NAS Home directory as follows:
sudo mount -t nfs <IP address>:/home/ /home/local/mount/point/
This worked, and I can see all the user folders inside Home, but I cannot access any of them (also as expected, since I never inputted a username or password).
I then created a Share through the Admin page in my browser, enabled it for NFS. Now my NAS hierarchy looks like:
/home /data/test
where "test" is the new NFS folder. If I mount this path, it works and I have full read-write privileges on my Linux machine. However, this seems very insecure, as it never asked for credentials and so anyone on my network could just access it. What is the "proper" way to access NAS using one of the defined users via Linux?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This works with my ReadyNAS
mount -t cifs -o username=<user>,password=<password> //<NAS-IP-Address>/<share name> /mnt
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Creating secure Linux shares
You can restrict access for NFS by I.P.
Another option would be to use SMB
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Creating secure Linux shares
Thanks for the response. I did figure out that I could restrict access via IP, but this isn't really what I want to do.
On Windows or Mac, the first time they enter user credentials, a directory is created for that user within the ReadyNAS /home/ directory. I would like to see similar behavior for Linux, but the SMB instructions in the Netgear FAQs are very outdated; they still ask to use code like:
mount -t smb ...
but smb has been deprecated for cifs for a long time, and the provided syntax for username and password doesn't work.
Are you able to show me how to use smb/cifs on a modern Linux system to get behavior similar to Windows/Mac with user-controlled access?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This works with my ReadyNAS
mount -t cifs -o username=<user>,password=<password> //<NAS-IP-Address>/<share name> /mnt
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Creating secure Linux shares
I got this to work for accessing shared folders, thanks a lot! Tried something similar before but must have had some syntax error.
Still haven't figured out how to access a given user's folder inside the Home directory, but that's less important.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Creating secure Linux shares
@aeth wrote:
Still haven't figured out how to access a given user's folder inside the Home directory, but that's less important.
The same command should work, using <user> as the sharename. Home isn't part of the path.
mount -t cifs -o username=<user>,password=<password> //<NAS-IP-Address>/<user> /mnt
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Creating secure Linux shares
This also worked perfectly! I feel like I tried this before, but clearly was doing something wrong. Thank you very much for your help, everything now working as hoped.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content