100% Uninhibited LAN file sharing & collaboration?

As I've mentioned elsewhere here - I am helping a retirement aged friend to modernize his tiny office & it now has 4 PCs all running U/M 18.04.3 .

I've been having an awful time making file sharing work for him, his young assistant and his office lady.

Samba itself is a bit of a nightmare & gave me fits until I discovered how to make Nautilus do the initial heavy lifting & all 3 of them now have 'Public' dirs as well as the sort of rudimentary faux server that is where they store & retrieve documents as they need them.

Just tonight is the very 1st I've heard of caja-share in a thread here from 2015 - woof !!

What is desired is the ability to use & move documents - mostly PDFs & DOCX files, freely & without ANY concerns for permissions AT ALL via their tiny LAN.

After reading a skazillion guides & trying everything under the sun that I could find, I cleaned off all that I tried that did not work.

The Nautilus method did finally work - but there STILL are strangely creeping permission changes that tie Libre Writer into tangled knots when they occur - as well as oddities just trying to attach files to emails that cause app crashes for no apparent reasons.

If it could be as simple as shown in that thread from 2015 it would be very appreciated indeed !!

Thanks in advance for any helpful replies here !!

You could change the default file permissions to 0666 with uname's set for each user. But that, especially with free access across the LAN has serious security issues. One compromised account on one machine compromises every single file on every machine. Linux is designed from the ground up to prevent exactly what you ask for from happening. Modernization needs to include understanding that a 1990s concept of security is not enough. I monitor my (standalone) firewall. I see port scans go by every few seconds. I think of nearly every one as an attempted intrusion, because there is no legitimate reason to scan every port on an IP address, ever, except intrusion, or intrusion prevention checking. And I'm on a dynamic IP, not static. You will be doing your friend a favor if you don't do what he asks--sooner or later.

A solution to file sharing that I use is a single central machine running a file server on nfs v.4. That disk partition is mounted noexec and nosuid (and probably some other restrictions as well). All users have an account of type nologin on that machine. All users belong to the "users" group on that machine. All other machines have that partition mounted locally via nfs on /home/share. You also have to be sure that all numerical userIDs and groupIDs are identical on all machines for this to work.

The end result is that anyone can read/write to the same /home/share partition. The files there will show their userID, but be in the "users" group. Default file permissions are 0664, so anyone can also read/edit other's files. Directories are owned by root:root or another group "higher" than users so that some directories can be privately shared only for owners, bookkeeper, etc.

All work that is not personal is done directly into the nfs share, across the network. We see no noticeable latency on read or write above when a file is read/written locally. And our server is still spinning rust, and the network only 100 Mbps

We've used this system for years. Loss of connection to the nfs is rare, and takes only a remote ssh and mount command to restore. (or a local reboot, but that's overkill) It is necessary when power is lost that the server boot up first. A formal backup procedure is required, but that should be the case anyway.

Just my 2 cents.

PS: don't let the backup comment slide. I use a triple mirror disk array on the share, for performance and redundancy. It is snapshotted every night, and duplicated offsite every week. Another advantage of a file server setup is the same disk array also receives nightly rsync copies of every home directory on the network. When I do once a week offsite backups, I only have one machine and one drive array to backup--so that is much easier, and guaranteed complete. I do provide each user with a subdirectory in their home called NoBackup, which the backup script ignores. They can put large easily replaced, disk-eating media files there. Or you could make the script ignore certain file extensions.

1 Like

Thank You for such an amazing reply to my query Charles-nix !!!

Addressing your points now=>
His entire small LAN is behind a dedicated firewall which has done a great job 'till now, and given that it is all on cable internet without a static IP may be a very good thing as well.

I do not (yet ??) know how to set default file permissions to 0666 for all, nor how to add unames for each user - but frankly if that would produce uninhibited access with just a couple of steps it may be what gives him back what he so dearly misses.
(Does 'uname' translate to 'usernames' as in just adding users, or ??)
((And in searching default file permissions I see many articles, so I will learn more about this now, thanks.))

The app crashes being caused by wandering file permissions ARE a serious nuisance - upon this I agree with him.

As to NFS, when investigating file sharing options I read a whole bunch of write-ups about it - and didn't dare to try making it happen as it was not only quite complicated (to my eyes...), but also in examining 10 different user's methods (for example) they had common steps woven in between very different steps - which worried me greatly.

No restrictions are needed in this small place as the man himself has his private files sequestered to his liking & the other 2 users are not any problem with regards to those files.

All the PCs have UPSes - and off-site backups have been made & kept for years already - and there are no large media (or other) such files since it is all about documents at his place.

Should there be a very clear, step-by-step guide to NFS sharing which my small brain can make use of, I may try it, but given that my time on-site is very limited and that Samba is already (mostly ??) working there - such a change may cause more troubles than trying to remedy the ills of the existing configuration...and how would I know this beforehand ??

Thanks Again !!