I started to write this post for more than a 2 years ago and because i was to busy to finish it. But now here is it, better late than never.
The goal is simple. There is a need of having a central storage of shared and private documents for small (rarely changing) user group. We have windows and Linux PC that have to access this centralized file storage. A user-friendly access as well minimum of maintenance are also goals here. Furthermore base level of security is a goal here as well.
However the peresented configuration as I think is quite suituable for private use, small working groups and even kinds of small businesses.
It think it's not a bad idea to have two different data spaces: private and shared. An this separation leads to simple rules of usage:
- Every user can read own documents and documents of other users in the shared place.
- write and delete is only permitted in user's private directory.
Let's get concrete and that is the point where Samba goes in to play. Configuration presented below where tested on Debian 5 (Lenny) and shortly on Debian 7 (Wheezy) and works from now on more than two years without any problems.
1. Install samba
apt-get install samba
2. Backup initial configuration
cp /etc/samba/smb.conf /etc/samba/smb.conf_original
3. Create shared spaces
# Create new root. mkdir /srv/samba # Create mount point for documents mkdir /srv/samba/shared # Create mount point for personal mkdir /srv/samba/private # Create general gorup of samba users addgroup smbusers # giv 'em some rights. chown root:smbusers /srv/samba/shared/ chown root:smbusers /srv/samba/private/ # define umask chmod 2770 /srv/samba/shared/ chmod 770 /srv/samba/private/
4. Change configuration file
Now edit /etc/samba/smb.conf file. Just replace the content with the following:
[global] server string = Samba server %v unix password sync = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [shared] comment = Freigabe documents path = /srv/samba/shared read only = No create mask = 0770 directory mask = 0770 [private] comment = Freigabe privat path = /srv/samba/private read only = No
Test made configurations with:
5. Add users
Le'ts add two users with their private places and access to the shared place. So here are Alexander and Rebecca.
useradd -g smbusers -G users alexander useradd -g smbusers -G users rebecca mkdir /srv/samba/private/alexander mkdir /srv/samba/private/rebecca chmod 750 -R /srv/samba/private/ chown alexander:smbusers /srv/samba/private/alexander/ chown rebecca:smbusers/srv/samba/private/rebecca/
Now don't forget to set password for Samba users with:
smbpasswd -a alexander smbpasswd -a rebecca
Note the following directives in your smb.conf will cause automatically change of UNIX user password on smb password changes, So don't say i didn't warned you ;)
unix password sync = Yes pam password change = Yes