Question about Samba and best practices for a Linux file server.
I have Samba working. Have been getting into Linux in the last week and a half. I can set it all up, and configure everything without a GUI. However, I am having a couple issues that are annoying me.
1. Do Samba users have to be Linux users? I would assume so because of permissions on folders in Linux, but I am not positive. 2. I log in as root and create 4 directories in /home to act as shares. Music, Movies, Text, Random. The problem is none of the users on the Windows computers can write to the folder unless I do the following; Chmod it to 777(the Windows users fall under the "other" category, the last 7), or chown it over to the group "users", which is the group I put everyone who can access the file server. The problem with this is I can't allow them to read, write and execute unless I allow everyone to by using 777, or make the group users the owner of the file. How would I go about allowing Root to be the owner of the file, but give the group users read, write and execute permission using the command line? Also, how would I do this with multiple groups? Changing my smb.conf to allow specific users to write/read/execute does absolutely nothing unless the permission to the folder in Linux is set correctly. In other words, Linux over-writes any permissions I give in Samba to that specific share folder. No matter what I do. 3. My last question is. What are the best practices for groups and users in Linux? Is lumping users who should have similar permissions into their own specific group proper? Or is having each person in their own specific group better? I am not sure if multiple users can be in multiple groups or not, and how I would do that via the CLI if they can. Thanks again for any help. |
Quote:
Quote:
Note however that file permissions must be at least -rwxrwx--- for users belonging to those groups to be able to modify files. Quote:
Quote:
Best is to have all shares accessible by groups and make users member of those groups. When a new user is added or a user leaves you only have to add/remove users from groups, but your security model stays in place. You'll run in other problems, like a user who is member of users and text_users and music_users. Primary group is users. What happens if this user creates a file in /home/music? The ownership will be <username>:users, while you want all files there root:music_users. For that problem, set the GID bit on the directory. chmod g+s directoryname Directory permissions now become drwxrwsr-x. If a user now creates a file here it will copy the owner:group from the directory. If you see drwxrwSr-x instead of drwxrwsr-x add X rights to the group: chmod g+X directoryname In addition, you must tell Samba to set the force_permission to 770. Check the smb.conf to get the name of the parameter correct. I am not 100% sure now. Last but not least, I am not a GUI person myself, but I found Webmin easy to manage some Samba features. Install Webmin, and access it with your web browser. jlinkels |
All times are GMT -5. The time now is 04:07 AM. |