samba, some users read, others write?
Hello,
Here is what I'd like to do with samba: 1.) share /mnt/fwhd/music with read-only access to everyone. Min of hassle 2.) share /mnt/fwhd/* with read-write access to only myself. Im running debian unstable. what security mode combination do I need to solve these problems? I have #1 working. But if I set security = user, goal #1 doesnt work. What I need explained is how to accomplish goal #2. How do I share a directory, so that only one person can read/write and no one else can read or write while at the same time allowing easy access to another share? Here is my config file: THANKS GUYS!!!! #start of file [global] workgroup = Pimpin server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true obey pam restrictions = yes guest account = sambaguest invalid users = root ; unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; printing = bsd ; printcap name = /etc/printcap . ; printing = cups ; printcap name = cups ; printer admin = @ntadmin preserve case = yes short preserve case = yes ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [music] comment = Music files path = /mnt/fwhd/music browsable = yes read only = yes guest ok = yes public = yes [uploads] comment = Writable directory path = /home/upload read only = no writable = yes public = yes force user = sambaguest |
Re: samba, some users read, others write?
Quote:
Here is my smb.conf that I use to accomplish your goal #2: [global] netbios name = server workgroup = GOEDEHOOP10 security = user log file = /var/log/samba.log log level = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 wins support = yes domain logons = no logon drive = f: logon home = \\server\%U os level = 99 preferred master = yes local master = yes hosts allow = 196.254.255.10 196.254.255.20 196.254.255.30 196.254.255.40 196.254.255.50 127.0.0.1 196.254.255.60 196.254.255.70 196.254.255.80 encrypt passwords = yes browseable = yes lanman auth = yes lm announce = yes [only_the_listed_users_have_access_to_this_share] path = /usr/local/company_share guest ok = yes writeable = yes create mode = 0666 directory mode = 0777 browseable = yes public = yes username = yzelle jeremy stefan jean read list = yzelle jeremy stefan jean write list = yzelle jeremy stefan jean valid users = yzelle jeremy stefan jean [JEAN_DEVEL_YIELD] #Only Jean has access to this share, nobody else path = /usr/local/apache2/htdocs/php/yield_jean guest ok = no writeable = yes create mode = 0777 directory mode = 0777 browseable = yes public = yes username = jean read list = jean write list = jean valid users = jean To create all the users referred to above, you need to create a normal Linux user using useradd username and (guessing here - this worked for me) create a password for that Linux user which EXACTLY matches the Samba password you are going to assign to that user in the next step below: passwd username After creating a new user and setting his password, create the -Samba- user entry for this user: smbpasswd -a username The user is now created. Setup his password: smbpassword username Password: Confirm Password: The user is now created in Samba and is ready for use. Restart smbd and nmbd with your new smb.conf. Go to a remote machine and if, for example, it is on XP, go to Network Neighbourhood. You should see the new share listed under the Linux machine. If you click on this share it will ask for a username and password. Type the username you created above, and the password you created using smbpasswd. Of course, to make a user able to only read from "his" share for example, change the share definition and remove the "read list=" line. This is a guess though, I've never personally nedeed to do this, but it should work. Only the user who knows "his" username on his share and his password for that share will now be able to access that share. If the remote system is NOT XP, try this in most Linuces to get access: 1. Create a mount point for the remote, password-protected share: mkdir /mnt/sambashare 2. Connect to it: sharename mountpoint smbmount "//server/stefan_devel_akl" /mnt/polarserver_akl -o these give full read / write access username="stefan",password="stefan1",uid=rylan,dmask=0775,fmask=0775 3. And disconnect smbumount /mnt/sambashare Hops this helps! Regards, |
All times are GMT -5. The time now is 09:13 PM. |