You are not logged in.
Hi,
I am trying to set up a samba server to host files for about 30 computers (running XP,Vista). I've tried every single possibility but I can't configured properly. I need to share 4 folders which are: Admin, Production, Technicians, Public. Only authorized users can access, writable, browseable. Only 7 users have access but not all of them are allow to use every resource.
I've created a directory called /home/samba/ containing the 4 folders. But I have no idea about what file permissions should I give. Also, is it a requirement to have same windows user/pass on the server? So far, I added local users to the linux server and then smbpasswd -a user. What about the smbusers file?
smb.conf
[global]
log file = /var/log/samba/log.%m
guest account = nobody
load printers = no
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
socket options = TCP_NODELAY
create mask = 0644
username map = /etc/samba/smbusers
map to guest = bad user
encrypt passwords = yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
dns proxy = no
server string = FILE SERVER
invalid users = root
workgroup = LOCAL
os level = 20
directory mask = 0755
printcap name = /etc/printcap
security = user
syslog = 0
usershare allow guests = yes
max log size = 1000
; name resolve order = lmhosts host wins bcast
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = true
; syslog only = no
; obey pam restrictions = yes
; pam password change = yes
; printing = bsd
; printcap name = /etc/printcap
; printing = cups
; printcap name = cups
# SO_RCVBUF=8192 SO_SNDBUF=8192
; guest ok = no
[homes]
comment = %U Private Files
browseable = no
read only = no
create mask = 0775
directory mask = 0775
; valid users = %S
[Admin]
comment = Administration Department Files
path = /home/samba/Admin
writable = yes
; admin users = mat
; username = john
; browseable = yes
valid users = @users
force group = users
create mask = 0771
[Production]
comment = Production Department Files
path = /home/samba/Production
writable = yes
; admin users = mat
; username = john
; browseable = yes
valid users = @production
force group = production
create mask = 0771
[Technicians]
comment = Technicians Department Files
path = /home/samba/Technicians
writable = yes
; admin users = mat
; username = john
; browseable = yes
valid users = @tech
force group = tech
create mask = 0771
[Public]
comment = Public Share
path = /home/samba/Public
writeable = yes
guest ok = yes
guest only = yes
browseable = yes
Any suggestion or help would be really appreciated.
Offline
1. Yes, it is very advisable that you use the same ID in windows and in Samba.
2. Permissions in Samba can be determined using:
force directory mode = 775
force group = office
create mask = 660
Notice that I'm declaring that files are to be created in the directory with rw for the owner and the group but none to others. In this example I also declare that whenever you create a file the owner will be your_user_id and office
You can also use the conventional linux/unix commands to set permissions on the directories, for example:
you can create an office directory and use chmod 755 your_user:office to make that that directory is only owned by members of office then by defining that the only valid users are the members of office (@office) you ensure that no other uses can write to it but they can read files form it.
Hope this helps.
R.
edit: you can also use ACL (pacman -S acl) if you want truly granular control of the file system.
Last edited by ralvez (2009-12-10 00:26:57)
Offline
Thanks ralvez.. the thing is I need to create subdirectories and I don't know how to manage it.
- Admin (access only to @office members)
------> Private (only access to users john and mat)
------> Copy (only access to users peter and paul)
------> Files
------> Backup
It can be a painful process to create shares for all subdirectories and map then to all windows computers. Any idea??
Thanks!
Offline
I'm not sure what the problem is to be honest.
Samba gives you control by share, so you can effectively declare (as in the example I sent before) access to a share by group or by user. In conjunction with that you can use unix file/directory permissions (or if you want to have it easy ACL) for even more granular control.
So your can make
[office]
comment = Common Shared Area for office users
path = /public
public = yes
available = yes
writable = yes
printable = no
force directory mode = 755
write list = @office
following the same model you create
[private] but using the directive:
write list = john mat
so as to restrict access only to those uses.
in the real directory in the server you can do: /office and do chown root:office office as to assert that the directory belongs to the user root and the group office
Get the idea?
Just because you have a bunch of directories it does not mean it has to be difficult to set up. Most of the permission will be handled by Samba and if you feel you need to add to that use the unix file permission.
If you want to use granular control over embedded sub directories as in :
public --
|-- bob (set: chown bob:users and chmod 700 bob)
|-- sue (set: chown sue:users and chmod 700 sue)
|-- mary
|-- etc ...
with different ownerships you can use unix settings to control ownership as shown above. That way you have all the sub directories only owned by their respective users.
To do things like that though it is easier to use the [homes] directive of Samba but ... if you must have those directories under public then this is the way to do it.
Hope this helps.
Read a bit about ACL (in the Arch wiki you will find information) and it may also become a handy tool.
R.
Offline
Thanks for your help ralvez. It works quite good with all windows clients but I've found it's very very slow to access the SMB server with linux clients (using gnome / nautilus).
Any idea?
Offline
Hum...
I see no reason for it to be slow with Linux. The server (the samba server I mean) is located in the machine you use to access the shares and should deliver the same speed no matter what.
Did you try accessing the shares using KDE? May be is a Gnome thing ... I do not know. Sorry man.
R.
Offline