Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: secure and simple file server

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 29 Mar 2013 10:57:12 +0100
On 2013-03-27 Peter Odigie wrote:

I have been asked to set up a file server on a windows OS not using
any active directory stuff. Just a simple file sharing stuff in which:

Person A will be the only one to put a file into Folder A but will
also be able to get files from Folder B & C. And the same will hold
for person B and person C - a folder can only be edited by a
particular person/group but all can access and get files from it.

My question is how will one implement this securely, making sure
person B cannot edit files in folder A for example.


File system permissions:
------------------------
Grant read access on the parent folder to "Authenticated Users" or
"Everyone", and have the subfolders inherit that ACL. Grant full control
on each immediate child folder to just the user who is supposed to be
able to write to it.

Share permissions:
------------------
Share the parent folder and grant full control to "Authenticated Users"
or "Everyone". Actual access is controled by file system permissions
anyway, so this setting only has marginal impact on security.

The above can be achieved with both Windows or Samba. On Windows I'd
suggest to also enable access-based enumeration, so that a user will
only see files/folders he can actually access.

Note that without an AD you'll need to create all users on the file
server.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: