You are not logged in.

#1 2009-12-10 00:02:56

miguimon
Member
From: Sydney
Registered: 2008-02-28
Posts: 37
Website

Samba server help please

Hi,

I am trying to set up a samba server to host files for about 30 computers (running XP,Vista). I've tried every single possibility but I can't configured properly. I need to share 4 folders which are: Admin, Production, Technicians, Public. Only authorized users can access, writable, browseable. Only 7 users have access but not all of them are allow to use every resource.

I've created a directory called /home/samba/ containing the 4 folders. But I have no idea about what file permissions should I give. Also, is it a requirement to have same windows user/pass on the server? So far, I added local users to the linux server and then smbpasswd -a user. What about the smbusers file?

smb.conf

[global]
    log file = /var/log/samba/log.%m
    guest account = nobody
    load printers = no
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    socket options = TCP_NODELAY
    create mask = 0644
    username map = /etc/samba/smbusers
    map to guest = bad user
    encrypt passwords = yes
    passdb backend = tdbsam
    passwd program = /usr/bin/passwd %u
    dns proxy = no
    server string = FILE SERVER
    invalid users = root
    workgroup = LOCAL
    os level = 20
    directory mask = 0755
    printcap name = /etc/printcap
    security = user
    syslog = 0
    usershare allow guests = yes
    max log size = 1000

;   name resolve order = lmhosts host wins bcast

;   interfaces = 127.0.0.0/8 eth0

;   bind interfaces only = true

;    syslog only = no
;    obey pam restrictions = yes
;    pam password change = yes
;   printing = bsd
;   printcap name = /etc/printcap
;   printing = cups
;   printcap name = cups

#         SO_RCVBUF=8192 SO_SNDBUF=8192
;    guest ok = no

[homes]
    comment = %U Private Files
    browseable = no
    read only = no
    create mask = 0775
    directory mask = 0775
;   valid users = %S

[Admin]
    comment = Administration Department Files
    path = /home/samba/Admin
    writable = yes
;    admin users = mat
;    username = john
;    browseable = yes
    valid users = @users
    force group = users
    create mask = 0771

[Production]
    comment = Production Department Files
    path = /home/samba/Production
    writable = yes
;    admin users = mat
;    username = john
;    browseable = yes
    valid users = @production
    force group = production
    create mask = 0771

[Technicians]
    comment = Technicians Department Files
    path = /home/samba/Technicians
    writable = yes
;    admin users = mat
;    username = john
;    browseable = yes
    valid users = @tech
    force group = tech
    create mask = 0771

[Public]
    comment = Public Share
    path = /home/samba/Public
    writeable = yes
    guest ok = yes
    guest only = yes
    browseable = yes

Any suggestion or help would be really appreciated.

Offline

#2 2009-12-10 00:25:17

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Samba server help please

1. Yes, it is very advisable that you use the same ID in windows and in Samba.
2. Permissions in Samba can be determined using:

force directory mode = 775
force group = office
create mask =  660

Notice that I'm declaring that files are to be created in the directory with rw for the owner and the group but none to others. In this example I also declare that whenever you create a file the owner will be your_user_id and office

You can also use the conventional linux/unix commands to set permissions on the directories, for example:
you can create an office directory and use chmod 755 your_user:office  to make that that directory is only owned by members of office then by defining that the only valid users are the members of office (@office) you ensure that no other uses can write to it but they can read files form it.

Hope this helps.

R.

edit: you can also use ACL (pacman -S acl) if you want truly granular control of the file system.

Last edited by ralvez (2009-12-10 00:26:57)

Offline

#3 2009-12-10 03:48:21

miguimon
Member
From: Sydney
Registered: 2008-02-28
Posts: 37
Website

Re: Samba server help please

Thanks ralvez.. the thing is I need to create subdirectories and I don't know how to manage it.

- Admin (access only to @office members)
------> Private (only access to users john and mat)
------> Copy (only access to users peter and paul)
------> Files
------> Backup

It can be a painful process to create shares for all subdirectories and map then to all windows computers. Any idea??

Thanks!

Offline

#4 2009-12-11 01:39:31

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Samba server help please

I'm not sure what the problem is to be honest.
Samba gives you control by share, so you can effectively declare (as in the example I sent before) access to a share by group or by user. In conjunction with that you can use unix file/directory permissions (or if you want to have it easy ACL) for even more granular control.

So your can make

[office]
   comment = Common Shared Area for office users
   path = /public
   public = yes
   available = yes
   writable = yes
   printable = no
   force directory mode = 755
   write list = @office

following the same model you create
[private] but using the directive:
write list = john mat

so as to restrict access only to those uses.

in the real directory in the server you can do:  /office and do chown root:office office as to assert that the directory belongs to the user root and the group office

Get the idea?

Just because you have a bunch of directories it does not mean it has to be difficult to set up. Most of the permission will be handled by Samba and if you feel you need to add to that use the unix file permission.

If you want to use granular control over embedded sub directories as in :
public --
           |-- bob   (set: chown bob:users and chmod 700 bob)
           |-- sue   (set: chown sue:users and chmod 700 sue)
           |-- mary
           |-- etc ...

with different ownerships you can use unix settings to control ownership as shown above. That way you have all the sub directories only owned by their respective users.
To do things like that though it is easier to use the [homes] directive of Samba but ... if you must have those directories under public then this is the way to do it.

Hope this helps.

Read a bit about ACL (in the Arch wiki you will find information) and it may also become a handy tool.

R.

Offline

#5 2009-12-15 23:20:03

miguimon
Member
From: Sydney
Registered: 2008-02-28
Posts: 37
Website

Re: Samba server help please

Thanks for your help ralvez. It works quite good with all windows clients but I've found it's very very slow to access the SMB server with linux clients (using gnome / nautilus).

Any idea?

Offline

#6 2009-12-16 02:48:32

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Samba server help please

Hum... hmm
I see no reason for it to be slow with Linux. The server (the samba server I mean) is located in the machine you use to access the shares and should deliver the same speed no matter what.
Did you try accessing the shares using KDE? May be is a Gnome thing ... I do not know. Sorry man.

R.

Offline

Board footer

Powered by FluxBB