[CentOS] better securing files on files servers

Mon Aug 20 05:07:40 UTC 2012
Gregory Machin <gdm at linuxpro.co.za>


I have a couple of questions :

I have inherited a file server that provides Samba and NFS file
shares. We use a combination on file system acls and posix permissions
. I'm looking to better secure access to the files by trimming some of
the permissions etc.

1) What services could break  if I change the umask from 022 to 007
thus by default only user and group have rw access to the files and
directories ignoring facls ?

2) I have found that using samba and NFS to share the same file system
are not so grate as when some windows file permissions are set this
cause the file permissions to be more open eg permissions for other
get set to rwx, when this is not wanted as over NFS this grants
everyone access to the files. Is there a workaround for this ?

3) are there any best practices for configuring file system acls, that
will ensure better data security , other then the obvious limiting of
write and execute permissions.

Any other recommendations around using NFS and Samba together ?