LAMPS: Is it ok to run SMB on a Web Server?

Discussion in 'Server Operation' started by lightnb, Jun 6, 2007.

  1. lightnb

    lightnb New Member

    I have two computers:
    A) a Kubuntu Desktop machine that I do all of my work on
    B) a Ubuntu Server that runs a LAMP stack and nothing else.

    The server will be publicly accessible on the internet. Since the server is on the same LAN and is literally 15 feet away from my desktop machine, it seems absurd to FTP the files across the internet to get to a computer on the other side of the room.

    I was thinking that it would make sense to share the web root of the server using SMB and then mount the share on my desktop computer, so that I could edit the files directly.

    Is it a stupid idea to do this? Ie, Does that open up security vulnerabilities?

    Are there better alternatives?

    Thank you for your advise.
  2. aqua

    aqua New Member

    Actually it is not absurd to use ftp to get your files from your server.

    I am assuming that you have a router the connects both of your computers to the net. In that case, when you want to access your files, just type in your internal ip address of the server. This is probably in the form of 192.168.1.x. Use ifconfig on your server to find out your ip address.

    I believe that some routers are also intelligent enough to figure out when a request is being made from within the network, and they treat it as local. This means that even if you access your server though a domain name, such as, and you're on your home network, the router will figure this out, and connect you with your server directly, bypassing your service provider.

    As for samba, you can configure it for authentication, and as long as you don't open up the samba port to the outside world, it can be relatively safe.

  3. lightnb

    lightnb New Member

    Thanks Aqua,

    Right now only ports 80, 81, and 443 are open tot he outside. (I don't know if samba uses a port or not). The trick to getting it to work right seems to be making your samba user a member of the group that owns the web file(s).

    As long as the last digit isn't a seven, the files are safe? Ie. "chmod xx5"
  4. falko

    falko Super Moderator ISPConfig Developer

    The values are as follows:
    4 = read
    2 = write
    1 = execute

    So 5 means "read + execute". 6 would mean "read + write", and 7 "read + write + execute".
  5. lightnb

    lightnb New Member

    I pretty much understand how permissions work on a single system basis, but I'm having difficulty understanding how they work across two machines.

    If i go to \\ (the servers IP) and login as 'smusr' with my password,

    I can read and write without a problem, since 'smbusr' a user on the server is a member of the 'web1' group, and the files are set to 575.

    This is where it get's weird: If I mount the share \\\web at /web on my local machine, using 'smbusr' and the password, it mounts, but does so as read only. Even though that user does have write access as far as the server is concerned. It seems like my desktop computer is trying to add permissions on top of a network resource that already has permissions.
  6. falko

    falko Super Moderator ISPConfig Developer

    Is smbusr the owner of the files/directories? Are the permissions set to 575 or 755?
  7. lightnb

    lightnb New Member

    the folder /var/www/web1 (in question) is owned by 'web1_joanne' in the group web1.

    'smbusr' is a member of the 'web1' group.

    It works fine when I conect using samba ie.. 'smb:\\\web' but when I mount the share to my local directory tree using fstab, i loose write permissions.

    My fstab entry is:

    // /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP 0  0
    *please note that words in capitals are replacements for their actual value.
  8. falko

    falko Super Moderator ISPConfig Developer

    You could try to add rw to the fstab entry, e.g.:

    // /web cifs user=smbusr%SMBPASS,uid=LOCALUSR,gid=LOCALUSRGRP,rw 0  0
  9. lightnb

    lightnb New Member

    Still won't allow write access... When I mount it to /web and look at the permissions tab in properties, it says the owned is '10001' group '10001'.

    Is that user/group 10001 on the server or on my local machine? My local machine doesn't have a user or system process with that number.
  10. falko

    falko Super Moderator ISPConfig Developer

    I guess that is the problem. Create the same user/group on the local system with the uid/gid 10001.
  11. robertcp

    robertcp New Member

    I have two servers on one network and my desktop is on another with the servers on their own internet with two routers going through a switcher. The desktop has two NIC cards going to the switcher. I disabled the gateway on the card I use to access the servers with as the servers are a different IP address then my desktop. I then use winscp and putty to access them from the desktop. So far I've haven't had any problems accessing the servers from the desktop or through the web.
  12. mitoskalandiel

    mitoskalandiel New Member


    i'm just wondering:

    why on earth should you bother with a server that is meant to interact with windooz machines when you have two perfectly running linux machines which could just share their files with NFS??

    just an idea :p

Share This Page