Quote:
Originally Posted by Trimp
1. Do Samba users have to be Linux users? I would assume so because of permissions on folders in Linux, but I am not positive.
|
Usually, yes
Quote:
Originally Posted by Trimp
2. I log in as root and create 4 directories in /home to act as shares. Music, Movies, Text, Random. The problem is none of the users on the Windows computers can write to the folder unless I do the following; Chmod it to 777(the Windows users fall under the "other" category, the last 7), or chown it over to the group "users", which is the group I put everyone who can access the file server. The problem with this is I can't allow them to read, write and execute unless I allow everyone to by using 777, or make the group users the owner of the file.
How would I go about allowing Root to be the owner of the file, but give the group users read, write and execute permission using the command line? Also, how would I do this with multiple groups?
|
It is best to have all those directories owned by a certain group, and make sure all users who want to access these directories are member of thre groups. Ordinary
users is OK, but you could also create groups like
music_users,
text_users, etc. Make the owner:group of those directories root:music_users, root:text_users etc. You have to make users member of all those groups.
Note however that file permissions must be at least -rwxrw
x--- for users belonging to those groups to be able to modify files.
Quote:
Originally Posted by Trimp
Changing my smb.conf to allow specific users to write/read/execute does absolutely nothing unless the permission to the folder in Linux is set correctly. In other words, Linux over-writes any permissions I give in Samba to that specific share folder. No matter what I do.
|
That is correct. Consider Samba a layer which lies over the Linux file system. Windows users can communicate with Samba. However, Samba still has to access the files on the Linux level with the Linux user credentials of that user.
Quote:
Originally Posted by Trimp
3. My last question is. What are the best practices for groups and users in Linux? Is lumping users who should have similar permissions into their own specific group proper? Or is having each person in their own specific group better? I am not sure if multiple users can be in multiple groups or not, and how I would do that via the CLI if they can.
|
adduser <username> <groupname>
Best is to have all shares accessible by groups and make users member of those groups. When a new user is added or a user leaves you only have to add/remove users from groups, but your security model stays in place.
You'll run in other problems, like a user who is member of users and text_users and music_users. Primary group is
users. What happens if this user creates a file in /home/music? The ownership will be
<username>:users, while you want all files there
root:music_users. For that problem, set the GID bit on the directory.
chmod g+s directoryname
Directory permissions now become
drwxrwsr-x. If a user now creates a file here it will copy the owner:group from the directory.
If you see
drwxrwSr-x instead of
drwxrwsr-x add X rights to the group:
chmod g+X directoryname
In addition, you must tell Samba to set the force_permission to 770. Check the smb.conf to get the name of the parameter correct. I am not 100% sure now.
Last but not least, I am not a GUI person myself, but I found
Webmin easy to manage some Samba features. Install
Webmin, and access it with your web browser.
jlinkels
