6.2. Describing Objects

Previous page
Table of content
Next page

6.2. Describing Objects

After all main parameter of the Samba server have been specified, objects to which users can be allowed access can be described. This is done in the sections following the [global] section, considered in Section 6.1 .

6.2.1. Home Directories

Users normally want to work in their own directories. To do so, a user has to have a Linux account, to which his or her directory will be linked. This directory is specified as //server/ name , where server is the server name or IP address and name is the name of the user whose home directory is to be viewed .

To allow users' work with their individual directories, the [ homes ] section has to be described. Consider an example of this section: 

 [homes]    comment = Home Directories    browseable = no    writable = yes    valid users = %S    create mode = 0664    directory mode = 0775

The functions of its parameters are as follows :

  • comment A text comment, which has no effect on server operation.

  • browseable = yes no Specifies whether the share is seen in the list of available shares in a network view and in the browse list. If set to yes , user folders will be shown in the network environment.

  • writable = yes Specifies whether the home directory can be written to. When set to no, users of the service may not create or modify files in the directory.

  • create mode = 0750 Specifies permission for created files. In this case, the file owner has full rights, group members have read and execute rights, and all other users don't have any rights. Sometimes, however, the parameter's value should be lowered to 740 so that group users would have only read rights.

  • directory mode = 0775 Specifies permissions for created directories. In this case, group users have overly high privileges. I would lower them to 755 to prohibit them from creating files in the new directory. All other users have only read rights, but even this may be too much for them. I would give them no rights by setting the overall rights to 750, or -rwxr-x--- in symbolic notation.

  • valid users = user_list Specifies a space-delimited list of users allowed access to the home directories. By default, all users are allowed access, but only few users need it. I, therefore, recommend specifying explicitly those users who need to work with their home directories.

6.2.2. Network Logon

If a Linux server is configured to let a Windows user enter the system through Samba, using it as a domain, comments in the [netlogon] section must be removed. 

 ; [netlogon] ;   comment = Network Logon Service ;   path = /usr/local/samba/lib/netlogon ;   guest ok = yes ;   writable = no

The value of the writable parameter is set to no because users must not have write rights for this directory; scripts that are executed when they log onto the system are stored in this directory. Only the administrator should have the write rights for this directory.

The value of the path parameter is the complete path to the netlogon directory. The function of the guest ok parameter is the same as that of the identical parameter considered in Section 6.1 : It governs guest logon. In this case, guest logon is permitted.

Comments in the [Profiles] section also have to be removed. 

 ;  [Profiles] ;   path = /usr/local/samba/profiles ;   browseable = no ;   guest ok = yes

The directory specified in this section stores user profiles, and it should not be seen in the Windows network environment. For this reason, the value of the browseable parameter is set to no .

6.2.3. Printing

To make printers connected to the Linux server available to users, the [printers] sections has to be configured. Its contents are the following: 

 [printers]    comment = All Printers    path = /var/spool/samba    browseable = no    guest ok = no    writable = no    printable = yes

By default, the section is already open and registered users already have access to the printers. To make printers available to guest users, add the public = yes entry to the section. I do not recommend doing this, because it will give users additional means for playing jokes. For example, I know of a case, in which a worker was sending pictures to all network computers. It may look like an innocent joke, but this interfered with legitimate work and wasted paper and cartridge ink.

6.2.4. Common Access

Quite often there is a need for a directory on a server that can be used to exchange files by all network users. This directory is configured in the [tmp] section: 

 ;  [tMp] ;   comment = Temporary file space ;   path = /tmp ;   read only = no ;   public = yes

By default, the section is commented out, so the comments have to be removed to enable the directory. Note the path to the shared directory. This is the /tmp directory, in which temporary user files are stored. The read only = no and public = yes parameters tell Samba that the directory is shared and that files can be written to and read from it by all users.

Even though having this directory is quite convenient , I recommend using it in closed networks only. In networks with access to the Internet, I recommend limiting access to Samba with the help of a firewall. Because the directory is open for writing to anyone , hackers can upload files into it that can be used to obtain root privileges on the server.

6.2.5. Personal Directories

All previously-considered sections of the smb.conf file solve particular tasks and have established names . In some cases, however, the name of a section can be changed without affecting the server operation. I, however, do not recommend doing this, because the new section name may work in one Samba version but not when the server software is updated. In this case, it will be difficult to trace the error causing the faulty operation.

You can, however, create your own sections and describe rights in them. For example, you may want to create a shared directory, in which all users can view files but only users of a certain group can write to. Suppose that this directory is for storing images. This task is accomplished by creating a [shareimages] section as follows: 

 ;  [shareimages] ;   comment = Share Images ;   path  =  /home/samba/images ;   public  =  yes ;   writable = yes ;   write list = @staff ;   printable  =  no

The functions of the section's parameters are the following:

  • path = /home/samba/images Here is the path to the directory you want to create.

  • public = yes This makes the directory publicly accessible.

  • writable = yes Writing to the directory is permitted.

  • write list = @staff Writing to the directory is permitted only to the members of the staff group. All other users can only view the directory's files.

Any previously-considered parameters can be used in custom sections.


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Project Management JumpStart
Metrics and Models in Software Quality Engineering (2nd Edition)
Oracle Developer Forms Techniques
The Complete Cisco VPN Configuration Guide
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy