[CentOS] Network FS w/o user setup

Sat Jun 21 22:38:05 UTC 2008
Ted Miller <tedjeanmiller at sbcglobal.net>

Johnny Hughes wrote:
> Ted Miller wrote:
>> Johnny Hughes wrote:
>>> Ted Miller wrote:
>>>> Is there a file system + configuration that will let me share a 
>>>> directory, and anyone who has access to something in that directory 
>>>> on the server will also have access (and lack of access) to the same 
>>>> files from the client? Clients will be Centos5, Win2K, WinXP.  
>>>> Server is Centos5.
>>>>
>>>> To put it another way, all users have accounts on the server.  I 
>>>> don't want to have to set up ANY user information on the server, 
>>>> other than what I set up to control local access.  I just want to 
>>>> say "Share /vmware" and have it available, to the same users who can 
>>>> access it locally.
>>>>
>>>> With Samba I have to maintain duplicate user lists, password lists, 
>>>> and share access lists.  I have not been able to find a clear 
>>>> instructions on how NFS4 handles this, but what I found didn't seem 
>>>> any better than Samba.
>>>>
>>>> I don't mind implementing ACLs on the server if it will do what I 
>>>> need, but I can't find anything that says it will save me any work 
>>>> either.
>>>
>>> Well, since you want to set up shares ... and since you want to share 
>>> between Windows and Linux machines, and to share for windows you will 
>>> need to use samba.
>>>
>>> Since you can also set up linux to use a samba client, that would 
>>> probably be the best method to "share these files" ... if you expect 
>>> to just oepn them via a file manager on all platforms.
>>
>> Is there a way to set up samba so that it "just uses" ACL information 
>> for permissions, instead of having to spell everything out for each 
>> share and each user?
> 
> Well ... you would need to Join the "Samba Server" to your "Windows 
> Domain".  If that domain is ADS (Active Directory Services) then it is a 
> different procedure than if it is a WinNT type Windows Domain.

This is getting well outside the range of complexity that I am looking for. 
  If I add more detail, maybe something more suitable to my situation will 
suggest itself to members of the list.

1. This is a very small network, only one primary file server (office2). A 
second file server (RAIDer1) has only one shared directory, so is not 
really an issue.

2. Users log in primarily from Linux boxes, but have to run virtual Windows 
machines for some software, and also log in from Windows laptops.

3. office2 is set up with logins and home directories for all users, and 
directories are permissioned such that users can run programs on office2 
(if needed) and directory permissions work right.

4. Some users don't have physical machines, but only have virtual 
machine(s) running on office2, which also need "network" access to office2 
files.

Because all the users and permissions already exist on office2, I would 
like those existing permissions to be reflected when the file system is 
shared, just the same as when it is accessed locally.  To restate: my 
desire is that users, logins, and permissions be identical whether a user 
is logged into office2 or whether that user is using a network file share 
from another virtual or physical machine, running Linux or Windows.  I 
would think there would be a "market" for a network file system where 
sharing a directory tree involved no more than assigning a network share 
name to it.  If (and only if) you had access to the file locally, you now 
have access to it on the network.  Very simple to administer, very simple 
to understand--one set of permissions (kept locally) works everywhere.

 From everything I have heard, a windows domain controller would be more 
work than it is worth for this size of project, as I am looking for 
something machine-scale, not enterprise scale.

I hope this more clearly expresses my desires, even if only so that 
everyone can tell me to keep dreaming, because what I want doesn't 
exist--or in the open source tradition, quit dreaming and start coding. 
(Unfortunately I am still working on my first C++ lesson book.)

Sorry I neglected this (and all other) threads for a week or more, as I had 
to learn how to do video editing to rescue an otherwise disastrously 
unusable video project for my employer.

Ted Miller