Thus quoth Jos Kirps|EducDesign on Feb 3, 2003... > I would like to set up a Linux based file server accessible for Linux, > Windows and Mac clients. The administration shall be done remotely > (web based GUI on a client machine) using Perl scripts. The Perl > scripts must be able to: > > - add and remove directories on the server (that's not the problem) > - add and remove users (username & password -> problem) > - set access rights for the created directories (-> also a problem)
Have a look at webmin (http://www.webmin.com) - it's all perl and free too. It will handle much of the administrative tasks via a web based interface. You can administer Samba and NFS through it; depending on your Mac clients (i.e. if they aren't all OSX or you don't have SMB/CIFS extensions for them) you'll also need netatalk installed. There's a third party module for Webmin to configure/administer netatalk as well. > My questions: > > - To add users that shall be able to access the fileserver, do I have > to create 'real' unix user accounts, or can I use something like the > '.htaccess' users as used by Apache (users in .htaccess files can only > access web directories via Apache, they don't have any other rights on > the server). I would prefer such a solution to limit what people with > a fileserver account can do on the server. It depends on the manner in which the shares are exported, but generally, yes, you'll need unix accounts. However, you can effectively disable access to the server to these users except through the file sharing mechanism. > - How can I tell my Linux box that only certain users shall have > access to a certain directory? Can I do this using something similar > to '.htaccess' / '.htpasswd' ? Or what services do I have to use? Samba allows per share ACLs - in setting up each share you'd assign privileges based on which user can perform what action. I'm less familiar with NFS but using standard unix permission should provide you with at least rudimentary access controls. Netatalk can similarly be configured to allow particular users certain rights (if I recall correctly). > - Do the scripts need root privileges to do all this, or is this > feasable running as Apache CGI script? Well, webmin runs it's own basic webserver, but in order to modify most of the necessary configurations, password files, etc. then yes, the scripts will either need to run as root or setuid root. Either is a somewhat scary prospect - run webmin on a nonstandard port using SSL and avoid allowing webmin to be accessed from outside the LAN if at all possible. Hope this provides some preliminary pointers. Regards, Erik
