Users need to be able to access the Samba server in My Network Places and Windows Explorer just as they would a Windows server. This means that the server needs to be assigned to a workgroup and it needs to publish Windows shares (access points) that are visible to users.
By default, the Samba server is assigned to the workgroup and publishes certain preconfigured shares. However, these defaults are insufficient for many Samba installations. For example, the share as it is defined by default provides access by authenticated users to all the home directories on a traditional Linux volume.
You can customize your workgroup and share configurations by modifying the /etc/samba/smb.conf file as explained in the following sections:
Use the information in Table 3-1 and a text editor, such as Kate or VI, to provide access for your network users to only their individual Home directories.
For additional information about the smb.conf file, see The smb.conf Configuration File.
Table 3-1 Customizing the /etc/samba/smb.conf file for Home Directory Access Only
|
Section |
Entry Name |
Description |
Recommended Action |
|---|---|---|---|
|
[global] |
workgroup = |
Specifies the Windows workgroup that the Samba server either joins (if it exists) or effectively creates (if the name is new). The Samba installation sets the value of this parameter to workgroup, which is the default setting for all Windows 2000 and Windows XP workstations. As a result the “workgroup” workgroup can contain hundreds of workstations and servers, rendering it unusable. |
|
|
[homes] |
|
This sets up a share named homes. The primary purpose of this standard Samba share is to expose only the home directories of your Samba users. The parameters in this section provide private access to home directories, which is the expectation of most network administrators. |
|
|
path = |
This parameter is not needed if user Home directories are contained in /home on the server because the path for this share defaults to /home/%S—the Home directory of the logged in user. If you want to provide home directories on an NSS/NCP volume, be sure to review the information in Section B.3, Home Directories and Samba. |
|
|
[all other share names] |
|
These set up various other shares that are not needed for private home directory access. In fact, the [users] share actually makes all the home directories visible to every Samba user. |
|
You can create shares with unique names, such as volumes that users are familiar with, and provide access to them.
For example, if your Samba users keep their work files in an NSS volume named PROJECTS, you could create a share to the /media/nss/PROJECTS directory as follows:
Open the /etc/samba/smb.conf file in an editor.
Create a [projects] share in the smb.conf file by inserting the following lines:
[projects]
comment = Project folders
path = /media/nss/PROJECTS
browseable = Yes
read only = No
inherit acls = Yes
Save the file and restart Samba as directed in Section 3.2.4, Restarting Samba to Implement the Changes.
Create folders for each project.
For example, you could create folders named wheel and lever.
Assign trustees to the projects using the ncpcon > rights command.
For example, if you want user1 to have full rights to wheel but only read and filescan rights to lever, and you want user2 to have full rights to lever but only read and filescan to wheel, you could assign the rights using the following commands:
ncpcon
rights add projects:wheel user1.full.edir.context all
rights add projects:wheel user2.full.edir.context rf
rights add projects:lever user2.full.edir.context all
rights add projects:lever user1.full.edir.context rf
Because Samba access to NSS volumes is controlled by NCP trustee rights, user1 and user2 can now work in their respective project folders, and they can see but not change the contents of the project folder belonging to their coworker.
Adjusting POSIX permissions is not required.
NOTE:The rights command in the ncpcon utility is for working with any NCP volume, including volumes defined on traditional Linux file systems.
For information about the ncpcon rights command, run ncpcon and enter help rights.
The rights command available at the shell prompt is for working with NSS volumes only.
For information on using the rights utility at the shell prompt, enter rights.
You can create shares for groups to use.
For example, if you have a group of Samba users who want to collaborate regarding usability ideas, you could create a usability folder and grant access to it as follows:
Create a folder named usability in /usr.
Create a [usability] share in the smb.conf file by inserting the following lines:
[usability]
comment = Usability Ideas
path = /usr/usability
browseable = Yes
read only = No
inherit acls = Yes
Save the file and restart Samba as directed in Section 3.2.4, Restarting Samba to Implement the Changes.
Create a LUM-enabled group and assign the Samba users to it. For example, create a group called usetest.
Change the group owner of the /usr/usability folder to usetest and grant the usetest group read, write and execute rights by entering the following at a shell prompt:
chown -R :usetest /usr/usability
chmod -R 775 /usr/usability
For more information on creating group work directories, see Providing
a Group Work Area
in the Novell
OES SP2 Planning and Implementation Guide.
The users would then be able to collaborate with each other in the /usr/usability folder.
You must restart Samba for the changes you have made in the configuration file to take effect. Complete the following steps:
Save the smb.conf file.
Enter the following command:
/etc/init.d/smb restart
After preparing the Samba environment for your network users, you need to inform them about their access options. Continue with Section 4.0, Samba User Tasks.