Hi
The thread on mixed networks prompted these misc notes of setting up a
Samba server and then introducing Linux clients to the smb network.
The way I prefer to define shares in smb.conf is as follows:
[Apps]
comment = Applications
path = /mnt/hdb1/samba/share1/Apps
valid users = +users
read only = No
create mask = 0770
directory mask = 0770
force directory mode = 02000
[Data]
comment = Development Data
path = /mnt/hdb1/samba/share1/Data
valid users = +devel
read only = No
create mask = 0770
directory mask = 0770
force directory mode = 02000
etc.
All shares follow the same pattern, with the exception of the [homes]
share, where each user has privacy on their files:
[homes]
comment = Home Directory
path = /mnt/hdb1/samba/share1/Users/%S
valid users = +users
read only = No
create mask = 0700
directory mask = 0700
force directory mode = 0
browseable = No
Groups can then be set up with the necessary members for each share (not
using ACL's here).
Directories being shared have permissions drwxrws--- (ie setgid bit on)
so that ownership gets propagated down. Home shares simply have
permissions drwx------
Linux machines can access the shares with mount.cifs:
$ mkdir Apps
$ /sbin/mount.cifs //server/Apps Apps
In setting things up I found various strange bugs in mount.cifs,
revolving around inherited ownership permissions. Most of my experience
is with V3.0.24 (in Debian Etch) - mount.cifs in Debian Lenny appears to
be better. In particular, the force directory mode = 02000 in the share
sections above should not strictly be necessary, but some versions of
mount.cifs do not pick up the setgid bit. Even stranger, passing in a
password with -o password = ... (not recommended anyway) appears to
destroy the passing over of ownership permissions altogether (i.e. it
seems to activate uid= and gid= options, even though not specified).
This can be avoided by using the PASSWD environment variable in a script.
I have another slightly cryptic comment in my notes:
msdfs root = no in [global] section. This prevents some problems with
mount.cifs from Linux workstations. But Vista workstations then require
msdfs root = yes under the [netlogon] section, otherwise shares do not
map at logon. This setup is with Samba 3.0.24, and may be different with
later versions, where the default is msdfs = no.
- I think the "some problems" were again not mapping ownership permissions.
With this in place, it's possible for both Windows and Linux machines to
access shares on a server in a mixed environment. A lot of the 3.0.24
mount.cifs wrinkles may have been dealt with in later versions; in any
case they were not insurmountable.
Cheers
Tim
--
Next meeting: Dorchester, Tuesday 2009-11-03 20:00
Dorset LUG: http://dorset.lug.org.uk/
Chat: http://www.mibbit.com/?server=irc.blitzed.org&channel=%23dorset
List info: https://mailman.lug.org.uk/mailman/listinfo/dorset
