B.3 Home Directories and Samba

NOTE:The information discussed in this section generally applies to all data directories and files. This discussion centers on home directories because they are a common data storage location in many network installations.

There are three basic locations for user home directories:

Table B-3 summarizes the Samba accessibility to home directories for each volume type:

Table B-3 Home Directory Accessibility by Volume Type

Volume Type

Creation Method

Access Control

Initial Accessibility

Notes and Caveats

Traditional Linux

Log in as the user to a PAM-enabled service (Samba is not PAM-enabled. Therefore, logging in to Samba doesn’t create home directories, as explained in Section A.6, Home Directory Creation Is Not Automatic.)

POSIX file attributes

  • Visible - all home directories can be seen by an authenticated user.
  • Browseable - the content of all home directories is browseable.
  • Modifiable - owners can modify the content of their own home directories. Group and Other users can’t modify the content of directories they don’t own.

To make the contents of home (and other) directories private (non-browseable) change the file attributes (chmod or Konqueror) so that only the owner has rights.

For instructions, see Providing a Private Work Directory in the Novell OES SP2 Planning and Implementation Guide.

Alternatively, you can modify the smb.conf file as explained in Section 3.2.1, Providing Private Home Directory Access. Following these instructions hides the home directories in Samba because users see only their home directory contents and not the home directory itself.

NCP on Traditional Linux

iManager at user-creation time

POSIX file attributes

  • Visible - all home directories can be seen by an authenticated user.
  • Browseable - initially no users can see directory contents. This is because the users are not the directory owners from a POSIX perspective. See the additional explanation in the next column.
  • Modifiable - initially the user can’t modify directory contents because the user is not the directory owner from a POSIX perspective. See the additional explanation in the next column.

To make these home directories browseable and modifiable for the directory owner, you must use chown or Konqueror and change the POSIX owner from the eDirectory Admin user to the actual user.

For instructions, see NCP Volumes on Traditional Linux File Systems.

After changing POSIX directory ownership, other users are still not able to browse or modify directory contents because iManager assigns no POSIX Group or Other file attributes when it creates the directory.

 

Log in as the user to a PAM-enabled service (Samba is not PAM-enabled. Therefore, logging in to Samba doesn’t create home directories, as explained in Section A.6, Home Directory Creation Is Not Automatic.

POSIX file attributes

  • Visible - all home directories can be seen by an authenticated user.
  • Browseable - the content of all home directories is browseable.
  • Modifiable - owners can modify the content of their own home directories. Group and Other users can’t modify the content of directories they don’t own.

To make the contents of these home directories private (non-browseable) change the file attributes (chmod or Konqueror) so that only the owner has rights.

For more information, see Providing a Private Work Directory in the Novell OES SP2 Planning and Implementation Guide

NSS

iManager at user-creation time

NCP trustee assignments in combination with NSS directory and file attributes

  • Visible - only the user’s home directory
  • Browseable - only the user’s home directory
  • Modifiable - only the user’s home directory

NSS displays its directory and file attributes as POSIX permissions for compatibility with services that require them, such as Samba. However, the underlying access for Samba users is controlled by NSS.

For more information, see Understanding File System Access Control for NSS and NetWare Traditional File Systems in the File Systems Management Guide for OES.