At this point, you should have a working TCP/IP connection to your network. You should be able to ping other computers on your internal network and, if you have configured an appropriate gateway, you should also be able to ping computers on the Internet itself. As we know, the whole point in bringing a computer onto a network is to access information. While some people might bring a computer up on a network just for the fun of it, most people wish to be able to share files and printers. They wish to be able to access documents on the Internet or play an online game. Having TCP/IP installed and functional on your new Slackware system is a means to that end, but with just TCP/IP installed, functionality will be very rudimentary. To share files, we will have to transfer them back and forth using either FTP or SCP. We cannot browse files on our new Slackware computer from the Network Neighborhood or My Network Places icons on Windows computers. We'd like to be able to access files on other Unix machines seamlessly.
Ideally, we'd like to be able to use a network file system to allow us transparent access to our files on other computers. The programs that we use to interact with information stored on our computers really do not need to know on what computer a given file is stored; they just need to know that it exists and how to get to it. It is then the responsibility of the operating system to manage access to that file through the available file systems and network file systems. The two most commonly used network file systems are SMB (as implemented by Samba) and NFS.
SMB (for Server Message Block) is a descendant of the older NetBIOS protocol that was initially used by IBM in their LAN Manager product. Microsoft has always been fairly interested in NetBIOS and it's successors (NetBEUI, SMB and CIFS). The Samba project has existed since 1991, when it was originally written to link an IBM PC running NetBIOS with a Unix server. These days, SMB is the preferred method for sharing file and print services over a network for virtually the entire civilized world because Windows supports it.
Samba's configuration file is /etc/samba/smb.conf; one of the most well commented and documented configuration files you will find anywhere. Sample shares have been setup for you to view and modify for your needs. If you need even tighter control the man page for smb.conf is indispensable. Since Samba is documented so well in the places I've mentioned above, we will not rewrite the documentation here. We will, however, quickly cover the basics.
smb.conf is broken down into multiple sections: one section per share, and a global section for setting options that are to be used everywhere. Some options are only valid in the global section; some are only valid outside the global section. Remember that the global section can be over-ridden by any other section. Refer to the man pages for more information.
You will most likely wish to edit your smb.conf file to reflect the network settings in your LAN. I would suggest modifying the items listed below:
[global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2 workgroup = MYGROUP |
Change the workgroup name to reflect the workgroup or domain name that you are using locally.
# server string is the equivalent of the NT Description field server string = Samba Server |
This will be the name of your Slackware computer displayed in the Network Neighborhood (or My Network Places) folder.
# Security mode. Most people will want user level security. See # security_level.txt for details. NOTE: To get the behaviour of # Samba-1.9.18, you'll need to use "security = share". security = user |
You'll almost certainly wish to implement user level security on your Slackware system.
# You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba # documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes |
If encrypt passwords is not enabled, you will not be able to use Samba with NT4.0, Win2k, WinXP, and Win2003. Earlier Windows operating systems did not require encryption to share files.
SMB is an authenticated protocol, meaning you must supply a correct username and password in order to use this service. We tell the samba server what usernames and passwords are valid with the smbpasswd command. smbpasswd takes a couple of common switches to tell it to either add traditional users, or add machine users (SMB requires that you add the computers' NETBIOS names as machine users, restricting what computers one can authenticate from).
Adding a user to the /etc/samba/private/smbpasswd file. # smbpasswd -a user Adding a machine name to the /etc/samba/private/smbpasswd file. # smbpasswd -a -m machine |
It's important to note that a given username or machine name must already exist in the /etc/passwd file. You can accomplish this simply with the adduser command. Note that when using the adduser command to add a machine name one must append a dollar sign (“$”) to the machine name. This should not however, be done with smbpasswd. smbpasswd appends the dollar sign on its own. Failing to mangle the machine name this way with adduser will result in an error when adding the machine name to samba.
# adduser machine$ |
NFS (or Network File System) was originally written by Sun for their Solaris implementation of Unix. While it is significantly easier to get up and running when compared to SMB, it is also significantly less secure. The primary insecurity in NFS is that it is easy to spoof user and group id's from one machine to another. NFS is an unauthenticated protocol. Future versions of the NFS protocol are being devised that enhance security, but these are not common at the time of this writing.
NFS configuration is governed by the /etc/exports file. When you load the default /etc/exports file into an editor, you'll see a blank file with a two line comment on top. We'll need to add a line to the exports file for each directory that we wish to export, with a listing of client workstations that will be allowed to access that file. For instance, if we wished to export directory /home/foo to workstation Bar, we would simply add the line:
/home/foo Bar(rw) |
to our /etc/exports. Below, you'll find the example from the man page for the exports file:
# sample /etc/exports file / master(rw) trusty(rw,no_root_squash) /projects proj*.local.domain(rw) /usr *.local.domain(ro) @trusted(rw) /home/joe pc001(rw,all_squash,anonuid=150,anongid=100) /pub (ro,insecure,all_squash) |
As you can see, there are various options available, but most should be fairly clear from this example.
NFS works under the assumption that a given user on one machine in a network has the same user ID on all machines across the network. When an attempt is made to read or write from a NFS client to an NFS server, a UID is passed as part of the read/write request. This UID is treated the same as if the read/write request originated on the local machine. As you can see, if one could arbitrarily specify a given UID when accessing resources on a remote system, Bad Things (tm) could and would happen. As a partial hedge against this, each directory is mounted with the root_squash option. This maps the UID for any user claiming to be root to a different UID, thus preventing root access to the files or folders in the exported directory. root_squash seems to be enabled by default as a security measure, but the authors recommend specifying it anyway in your /etc/exports file.
You can also export a directory directly from the command line on the server by using the exportfs command as follows:
# exportfs -o rw,no_root_squash Bar:/home/foo |
This line exports the /home/foo directory to the computer “Bar” and grants Bar read/write access. Additionally, the NFS server will not invoke root_squash, which means any user on Bar with a UID of “0” (root's UID) will have the same privileges as root on the server. The syntax does look strange (usually when a directory is specified in computer:/directory/file syntax, you are referring to a file in a directory on a given computer).
You'll find more information on the man page for the exports file.