I started to write this post for more than a 2 years ago and because i was to busy to finish it. But now here is it, better late than never.
The Goal
The goal is simple. There is a need of having a central storage of shared and private documents for small (rarely changing) user group. We have windows and Linux PC that have to access this centralized file storage. A user-friendly access as well minimum of maintenance are also goals here. Furthermore base level of security is a goal here as well.
However the peresented configuration as I think is quite suituable for private use, small working groups and even kinds of small businesses.
The Solution
It think it's not a bad idea to have two different data spaces: private and shared. An this separation leads to simple rules of usage:
- Every user can read own documents and documents of other users in the shared place.
- write and delete is only permitted in user's private directory.
Let's get concrete and that is the point where Samba goes in to play. Configuration presented below where tested on Debian 5 (Lenny) and shortly on Debian 7 (Wheezy) and works from now on more than two years without any problems.
1. Install samba
apt-get install samba
2. Backup initial configuration
cp /etc/samba/smb.conf /etc/samba/smb.conf_original
3. Create shared spaces
# Create new root.
mkdir /srv/samba
# Create mount point for documents
mkdir /srv/samba/shared
# Create mount point for personal
mkdir /srv/samba/private
# Create general gorup of samba users
addgroup smbusers
# giv 'em some rights.
chown root:smbusers /srv/samba/shared/
chown root:smbusers /srv/samba/private/
# define umask
chmod 2770 /srv/samba/shared/
chmod 770 /srv/samba/private/
4. Change configuration file
Now edit /etc/samba/smb.conf file. Just replace the content with the following:
[global]
server string = Samba server %v
unix password sync = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[shared]
comment = Freigabe documents
path = /srv/samba/shared
read only = No
create mask = 0770
directory mask = 0770
[private]
comment = Freigabe privat
path = /srv/samba/private
read only = No
Test made configurations with:
testparm
5. Add users
Le'ts add two users with their private places and access to the shared place. So here are Alexander and Rebecca.
useradd -g smbusers -G users alexander
useradd -g smbusers -G users rebecca
mkdir /srv/samba/private/alexander
mkdir /srv/samba/private/rebecca
chmod 750 -R /srv/samba/private/
chown alexander:smbusers /srv/samba/private/alexander/
chown rebecca:smbusers/srv/samba/private/rebecca/
Now don't forget to set password for Samba users with:
smbpasswd -a alexander
smbpasswd -a rebecca
Note the following directives in your smb.conf will cause automatically change of UNIX user password on smb password changes, So don't say i didn't warned you ;)
unix password sync = Yes
pam password change = Yes
Have fun!