Samba share to www directory - stupid idea?

I've set up a Linux (openSUSE) machine in my home as a file server,
and Apache, visible on the internet with port forwarding through my
router. I also have a Samba server running on this machine.

Let's say I have a directory /srv/www/mysite that acts as the root
folder for my website www.mysite.net

If I also set up a Samba share for that directory with full read-write
access for a user on a WinXP client elsewhere on my network, am I
creating a security exposure for myself?

I want to be able to update files on the website by treating it as a
mapped drive on the WinXP client, since I do most of my website
development on that client.

Is this okay, or a bad idea?

Thanks,
Randy

Randy Brick MacKenna wrote:
> I've set up a Linux (openSUSE) machine in my home as a file server,
> and Apache, visible on the internet with port forwarding through my
> router. I also have a Samba server running on this machine.
>
> Let's say I have a directory /srv/www/mysite that acts as the root
> folder for my website www.mysite.net
>
> If I also set up a Samba share for that directory with full read-write
> access for a user on a WinXP client elsewhere on my network, am I
> creating a security exposure for myself?
>
> I want to be able to update files on the website by treating it as a
> mapped drive on the WinXP client, since I do most of my website
> development on that client.
>
> Is this okay, or a bad idea?
>
> Thanks,
> Randy
>

It's a perfectly good idea, as long as you get the security right.
First off, you have to make sure that no one from outside can get into
the samba share - but I presume you've got that covered already from the
firewall protecting your network. Secondly, it's perhaps a good idea to
use samba to force the group and owner on the files so they are
consistent with what your web server wants to see, rather than the user
name and group that the windows client uses.

On Oct 13, 6:51 am, David Brown
<david.br...@hesbynett.removethisbit.no> wrote:
> Randy Brick MacKenna wrote:
> > I've set up a Linux (openSUSE) machine in my home as a file server,
> > and Apache, visible on the internet with port forwarding through my
> > router. I also have a Samba server running on this machine.
>
> > Let's say I have a directory /srv/www/mysite that acts as the root
> > folder for my websitewww.mysite.net
>
> > If I also set up a Samba share for that directory with full read-write
> > access for a user on a WinXP client elsewhere on my network, am I
> > creating a security exposure for myself?
>
> > I want to be able to update files on the website by treating it as a
> > mapped drive on the WinXP client, since I do most of my website
> > development on that client.
>
> > Is this okay, or a bad idea?
>
> > Thanks,
> > Randy
>
> It's a perfectly good idea, as long as you get the security right.
> First off, you have to make sure that no one from outside can get into
> the samba share - but I presume you've got that covered already from the
> firewall protecting your network. Secondly, it's perhaps a good idea to
> use samba to force the group and owner on the files so they are
> consistent with what your web server wants to see, rather than the user
> name and group that the windows client uses.

Thanks...yes I have the Samba part correct, and the ids/passwords are
right. Being a Linux/Unix newbie, I was more worried that setting a
'share' permission on the website folder would somehow open up a new
set of permissions to someone coming in via HTTP, such that they may
be able to delete a file (for example).

Thanks,
Randy

Randy Brick MacKenna wrote:
> On Oct 13, 6:51 am, David Brown
> <david.br...@hesbynett.removethisbit.no> wrote:
>> Randy Brick MacKenna wrote:
>>> I've set up a Linux (openSUSE) machine in my home as a file server,
>>> and Apache, visible on the internet with port forwarding through my
>>> router. I also have a Samba server running on this machine.
>>> Let's say I have a directory /srv/www/mysite that acts as the root
>>> folder for my websitewww.mysite.net
>>> If I also set up a Samba share for that directory with full read-write
>>> access for a user on a WinXP client elsewhere on my network, am I
>>> creating a security exposure for myself?
>>> I want to be able to update files on the website by treating it as a
>>> mapped drive on the WinXP client, since I do most of my website
>>> development on that client.
>>> Is this okay, or a bad idea?
>>> Thanks,
>>> Randy
>> It's a perfectly good idea, as long as you get the security right.
>> First off, you have to make sure that no one from outside can get into
>> the samba share - but I presume you've got that covered already from the
>> firewall protecting your network. Secondly, it's perhaps a good idea to
>> use samba to force the group and owner on the files so they are
>> consistent with what your web server wants to see, rather than the user
>> name and group that the windows client uses.
>
> Thanks...yes I have the Samba part correct, and the ids/passwords are
> right. Being a Linux/Unix newbie, I was more worried that setting a
> 'share' permission on the website folder would somehow open up a new
> set of permissions to someone coming in via HTTP, such that they may
> be able to delete a file (for example).
>

No, there is no such problem - Samba shares don't affect the shared
directories at all (except in that people with access to the shares have
access to the website files, obviously). But it's good to think about
these things.

mvh.,

David