Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

File System Permissions

Posted on 2010-11-29
8
Medium Priority
?
549 Views
Last Modified: 2013-12-27
I am looking to perform a review of file system permissions on a Solaris Server for the first time. I have done this a fair bit on Windows 2003 Server by reviewing the necessary file shares and directory (NTFS) permissions, but never so on Solaris (bare this in mind on your responses please).

The Solaris Server is a domain server as part of an AD domain which is predominantly made up of 99% windows servers and workstations, with a mere 3 solaris servers for specific applications. What is the most practical way to essentially say:

\\solarisdatabaseserver\backup - who has access /access control list
\\solarisdatabaseserver\database - who has access /access control list

Does Solaris also have the concept of “shares”, i.e. \\host\e$, and also any admin types shares, that are typically only accessible by local administrators?

I also sometimes like to run a directory listing for a server to see where key files are. On Windows I used to do something like

C:>DIR \\solarisdatabaseserver\share$ /s > listing.txt

So basically I could do with:

How to list all shares on the solaris server
How to list all people and users who can access these files on the server
How to get a directory listing per share on the server

And also if all IT admins only have windows machines, what are they likely to use to gain remote access to the server from their windows machine, say for example if someone asks for a log file so they have to logon and get it. What types of client and protocols are used in such examples?

Would prefer some EE input as opposed to just links.

Thanks
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
Tomunique earned 1000 total points
ID: 34238584
wow... too much for 1 post... to answer this properly and completely, it's a small book.

to answer the easier parts of your question:
you need to log into the server (you can't do all your checking remotely)

besides protocols like http, or other applications that may be listening on ports..
putty (or some other ssh client) / telnet/ ftp / sftp/ are the primary access methods.
(check (via nfs -an|grep LISTEN) to see which ports the server is listening on.
While it's not 100% (ie you can move telnet to another port other than 23), it will be a decent start.
knowing what the server is monitoring, helps eliminate roads you need to research.

NFS and SMB are twp methods of exporting directories as "shares".  (SMB is most likely where you're getting your windows access from).
NFS: /etc/exports is where the server will list what directories are available.
I believe there's a file like /etc/smbexports  but, I'm not SMB literate.,

questions you'll need answered, if you don't know they yourself..
Do you have a user directory database besides /etc/passwd?  (LDAP?) (can of worms)
do you permit "annonymous" access from remote boxes? (nobody account)
check things like ssh keys for root or other admin accounts

Tom
0
 
LVL 13

Assisted Solution

by:Rowley
Rowley earned 1000 total points
ID: 34246422
Assuming command line access to the host:
To view active shares and access:   dfshares
To view all potential shares and access:    cat /etc/dfs/dfstab

Check for the existence of SMB on the host: ps -ef | grep smb
If running, check the config file. If not apparent as arguments to the smb process, try: pargs -l [pid]

To list all files/dirs and their corresponding permissions, from the root of the dir you want to traverse:
find . -ls

To list directories within a share and their acl, cd to the root of the dir you want to traverse and run:
find . -type d -ls

To remotely retrieve files from hosts, I commonly use scp, or if in a pinch ftp. I use WinSCP when connecting from Windows hosts.
0
 
LVL 3

Author Comment

by:pma111
ID: 34246536
Thanks so much. I guess what I am also wondering is in a windows network if a share is open to say the "everyone" group on a windows server, internal people can just mount it in explorer and dont have to enter a password or anything, if they are on the ACL they can just mount it as if it was a local drive and view all the data. ...

I just wonder if in Solaris if theres a similar ACL to the "everyone" group or "domain users" then would people be able to use to tools and protocols to access the data WITHOUT needing to enter a password to retreive data from a windows machine? Or in a nutshell if you are going to acces a solaris box from windows you are always going to have to enter a password to get at data
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 13

Expert Comment

by:Rowley
ID: 34246620
The SaMBa application uses the smb protocol to make local files available to windows clients - not Solaris. There is no native support for smb (aka windows) clients in any current production release of solaris.

That said, SaMBa can be configured to behave in any number of ways including the way in which you have mentioned. It is well documented and is a mature, feature rich and stable product.
0
 
LVL 3

Author Comment

by:pma111
ID: 34246669
Does SAMBA come by default in newer versions of Solaris? Or is it more of an addon?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 34246891
I retract - /usr/sfw/sbin contains the binaries for smb. svcs samba will show you the status and svcprop samba will show you the service params on Solaris 10. Admittedly, its been a while since I used it...(solaris 8)

:S
0
 
LVL 13

Expert Comment

by:Rowley
ID: 34246896
...and thats /usr/sfw/bin, not sbin.
0
 
LVL 3

Author Comment

by:pma111
ID: 34256477
Thanks I've got a solaris box to practice all this on so I will get to work - I assume the best way to learn this is hands on experience. and putting your comments into practice
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question