LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Question about Samba and best practices for a Linux file server. (https://www.linuxquestions.org/questions/linux-newbie-8/question-about-samba-and-best-practices-for-a-linux-file-server-779358/)

Trimp 01-02-2010 01:37 AM
Question about Samba and best practices for a Linux file server.
 
I have Samba working. Have been getting into Linux in the last week and a half. I can set it all up, and configure everything without a GUI. However, I am having a couple issues that are annoying me.

1. Do Samba users have to be Linux users? I would assume so because of permissions on folders in Linux, but I am not positive.

2. I log in as root and create 4 directories in /home to act as shares. Music, Movies, Text, Random. The problem is none of the users on the Windows computers can write to the folder unless I do the following; Chmod it to 777(the Windows users fall under the "other" category, the last 7), or chown it over to the group "users", which is the group I put everyone who can access the file server. The problem with this is I can't allow them to read, write and execute unless I allow everyone to by using 777, or make the group users the owner of the file.

How would I go about allowing Root to be the owner of the file, but give the group users read, write and execute permission using the command line? Also, how would I do this with multiple groups?

Changing my smb.conf to allow specific users to write/read/execute does absolutely nothing unless the permission to the folder in Linux is set correctly. In other words, Linux over-writes any permissions I give in Samba to that specific share folder. No matter what I do.

3. My last question is. What are the best practices for groups and users in Linux? Is lumping users who should have similar permissions into their own specific group proper? Or is having each person in their own specific group better? I am not sure if multiple users can be in multiple groups or not, and how I would do that via the CLI if they can.

Thanks again for any help.

jlinkels 01-02-2010 03:08 AM
Quote:
Originally Posted by Trimp (Post 3811390)
1. Do Samba users have to be Linux users? I would assume so because of permissions on folders in Linux, but I am not positive.
Usually, yes

Quote:
Originally Posted by Trimp (Post 3811390)
2. I log in as root and create 4 directories in /home to act as shares. Music, Movies, Text, Random. The problem is none of the users on the Windows computers can write to the folder unless I do the following; Chmod it to 777(the Windows users fall under the "other" category, the last 7), or chown it over to the group "users", which is the group I put everyone who can access the file server. The problem with this is I can't allow them to read, write and execute unless I allow everyone to by using 777, or make the group users the owner of the file.

How would I go about allowing Root to be the owner of the file, but give the group users read, write and execute permission using the command line? Also, how would I do this with multiple groups?
It is best to have all those directories owned by a certain group, and make sure all users who want to access these directories are member of thre groups. Ordinary users is OK, but you could also create groups like music_users, text_users, etc. Make the owner:group of those directories root:music_users, root:text_users etc. You have to make users member of all those groups.

Note however that file permissions must be at least -rwxrwx--- for users belonging to those groups to be able to modify files.

Quote:
Originally Posted by Trimp (Post 3811390)
Changing my smb.conf to allow specific users to write/read/execute does absolutely nothing unless the permission to the folder in Linux is set correctly. In other words, Linux over-writes any permissions I give in Samba to that specific share folder. No matter what I do.
That is correct. Consider Samba a layer which lies over the Linux file system. Windows users can communicate with Samba. However, Samba still has to access the files on the Linux level with the Linux user credentials of that user.

Quote:
Originally Posted by Trimp (Post 3811390)
3. My last question is. What are the best practices for groups and users in Linux? Is lumping users who should have similar permissions into their own specific group proper? Or is having each person in their own specific group better? I am not sure if multiple users can be in multiple groups or not, and how I would do that via the CLI if they can.
adduser <username> <groupname>
Best is to have all shares accessible by groups and make users member of those groups. When a new user is added or a user leaves you only have to add/remove users from groups, but your security model stays in place.

You'll run in other problems, like a user who is member of users and text_users and music_users. Primary group is users. What happens if this user creates a file in /home/music? The ownership will be <username>:users, while you want all files there root:music_users. For that problem, set the GID bit on the directory.
chmod g+s directoryname
Directory permissions now become drwxrwsr-x. If a user now creates a file here it will copy the owner:group from the directory.
If you see drwxrwSr-x instead of drwxrwsr-x add X rights to the group:
chmod g+X directoryname

In addition, you must tell Samba to set the force_permission to 770. Check the smb.conf to get the name of the parameter correct. I am not 100% sure now.

Last but not least, I am not a GUI person myself, but I found Webmin easy to manage some Samba features. Install Webmin, and access it with your web browser.

jlinkels


All times are GMT -5. The time now is 04:07 AM.