Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been reading the only book of Using Samba over at Oreilly.com to try and get a grasp on Samba.
I have a server at my house and has all my music on it. I want my roomate to be able to access the music via Samba without having to put in a password. The way I have it setup now he is able to do that but he is also able to write to the files and I don't want him to be able to delete anything.
What I need is the ability to optionally authenticate using a username and password. If you are authenticated with this username and password then you will have read/write access otherwise you will only have read access.
To be honest I've gotten a little confused reading this book online. I'm fairly sure I should be using 'security = user'. What I'm not sure is that if I use that security level my roomate will HAVE TO enter a username and password everytime. Is this right?
Any input would be appreciated. Thanks in advance.
What I've got setup is username mapping. It allows users logging into their local Windows workstation with the right login name to view files on your server without having to ever enter in a username or password. You create a linux and Samba username, and then create a file such as smbusers. In your smb.conf file, you add an entry in your global service to show Samba where that mapping file is:
username map = /etc/samba/smbusers
This file is not complicated. Let me show you an example:
#### smbusers ####
# Use: Unix_ID = Windows_ID
#
# Examples:
# lane = "Lisa Lane"
# jimbo = Jim Bones
#
# Note: If the windows username is more than one word, you MUST USE
# double-quotes around the name!! In the example above, Unix user jimbo
# will be mapped to Windows users "Jim" and "Bones" because no quotes were
# supplied.
mfriend = "My Friend"
#EOF
You will then need to create a Unix and Samba user mfriend and a password for him. Additionally, you will need to add that Samba user name to the "valid users" entry in the share that your music files are in. That way, Samba will assume that windows user "My Friend", who logs into the server, is essentially Unix user mfriend, and will have access to anything on your system that your Unix permissions gives him permission to.
In this manner, you can add Unix user mfriend to a group, let's call it "music", and do a chown root.music on the music files, then a chmod to give group music r+x permissions, but not write, so he won't be able to alter the files in any way on the server.
However, with this setup, ANY Windows user with the login name "My Friend" would have access to your files. As low as the probability that someone with the same Windows login name would stumble across your server may be, it'd be a good idea to specify an additional global config option in your smb.conf file: hosts allow = <ip addresses of allowed hosts, comma delimited list>
Without username mapping, he could log into the server using his Samba username and password, and will need to do this after each login to his Windows workstation. Windows should save his credentials until he logs off or shuts down his computer.
Btw, I would use the "Learn By Example" and "Official HOWTO" to Samba, provided at Samba.org. They're quite comprehensive and I've learend quite a bit in just a couple weeks.
That way, Samba will assume that windows user "My Friend", who logs into the server, is essentially Unix user mfriend, and will have access to anything on your system that your Unix permissions gives him permission to.
Sorry, that should actually read that the Windows user "My Friend" would have access to anything on your Samba share, not anything on your system.
Username mapping is also cool because then, you never have to supply the user with their Unix password, which will keep your friend from accessing your server via ssh or telnet and messing around with stuff that he shouldn't be.
And you're quite welcome. Let me know if there's anything else I can do to help.
Username mapping is also cool because then, you never have to supply the user with their Unix password, which will keep your friend from accessing your server via ssh or telnet and messing around with stuff that he shouldn't be.
Do note that samba uses its own password file, so allowing SMB access with no unix access is quite possible. Username mapping is only neccessary when their unix username and windows username differ.
Do note that samba uses its own password file, so allowing SMB access with no unix access is quite possible. Username mapping is only neccessary when their unix username and windows username differ.
Ah, yes, there is still MUCH I do not know. I can only comment based on the working setup I now have. I have Unix names set up so that the user can SSH into the server and run smbclient to access the Samba shares that way. Is it possible for a user to change their own Samba password, or is root (by default) the only user with those kinds of permissions?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.