I think that there are two ways you could do this. One is to share the /sambashare directory, and use the permissions of the users subdirectories to control whether a user can write files in that directory.
I created a /home/samba directory on my old dell laptop. I created a second user, gues as well. Then I created a subdirectory for each user. I just noticed that the permissions weren't exactly what I wanted to experiment with, but I still works the way I wanted it to. ( I wanted to use group control using the "users" group, but I forgot to clear the permissions for others.)
Code:
total 24
drwx------ 4 gues 503 4096 Jul 5 11:01 gues
drwx------ 35 jschiwal jschiwal 4096 Jul 5 17:54 jschiwal
drwxrwxr-t 4 root staff 4096 Jul 5 10:50 samba
[jschiwal@delllap ~]$ ls /home/samba/ -l
total 16
drwxr-xr-x 2 gues users 4096 Jul 5 17:39 gues
drwxr-xr-x 2 jschiwal users 4096 Jul 5 17:45 jschiwal
The samba directory is created with the sticky bit set. This was a preset share that samba swat can setup, so I used it. The reason for the sticky bit, is that file deletion and renaming are operations on the directory itself, so making a file read only, doesn't protect it from renaming or deletion. The sticky bit on the containing directory adds that protection.
You want to use it for any world or group writable directory.
I created the users' subdirectories and gave the owner full access but the group member read only access. I used the "users" group which is a standard Linux group used for the purpose of granting some permissions to all users.
---
The other way of doing this is to create [Profile] or [Home] like shares. I already had the former setup, and use security=user. If I open the workgroup and then the computer in the browser, I will see a share by my user name.
This was setup automatically using samba swat.
The thing is that the other users don't show up. The directory offered is /home/%U. The "%U" is a variable for the username. See the smb.conf manpage. It doesn't exactly say the Unix or Windows User. But assigned user. If you used a "Force User" config entry or allowed a guest, it might change to that instead.
Here are the non-default values in /etc/smb.conf (copy & pasted from the testparm output).
Code:
[Samba]
comment = Container share
path = /home/samba
write list = %U
I hope they aren't too far off.
User jschiwal is able to read user gues's documents and vice versa. One user is not able to create, write, or delete a file in another users directory. Each user is able to create files in their own directory.
Essentually, this is the same as the special [Homes] share. If you used /home/ instead of /sambashare/ you could do the same thing that way.
--
Another thing you might toy around with is a share similar to a [Profile]. You could offer each user their directory. The path would be defined, in your case as /sambashare/%U.
This would have the advantage, that each user could quickly enter there own directly without having to navigate through a long list of user directries in the sambashare directory. It would still be there, so the user could if he wanted to. The latter would be a subdirectory of the [Sambashare] service. The former is its own service.
Here is what "testparm" shows for these shares:
Code:
[Samba]
comment = Container share
path = /home/samba
write list = %U
[Public_%U]
comment = users public share
path = /home/samba/%U
write list = %U
Given more time, I'd tweek things. The write list entry for [Samba] might be wrong. It only caught my eye after running testparm which removed all comments and defaults. A group might be a better choice, but that is untested.
However, it works as you described wanting [Sambashare] to work on your server.
---
You could also create a share for each user instead of using the %U variable, or the /sambashare/ share. Then browsing into the workgroup/domain -> computer would bring up all of the users. Even though this could be scripted to allow samba to do it on the fly when you create a new user, I think this will lead to a big mess.
