I'm rebuilding a Samba file server and my knowledge is rusty.
Note this is a simple fileserver, no AD.
What I want to achieve is that each user has their own user/pass but that all files stored on the server get allocated to one global user.
As I recall, I need both a Linux user and a Samba user for each person. However, I still have access to the files on the old server (but cannot boot it) and looking at /etc/passwd on there I do not see the individual users listed. I know that I definitely used to access the share as "mark". Therefore I'm both confused how it used to work, but also the correct way to set it up now.
It's Ubuntu Server 18.04, Samba 4.7.6.
Right now I have my shares configured in /var/lib/samba/usershares and can access them all via a single user (my primary server login which I added to Samba as well). They're currently read-only because the files are all root.root owned, that's something else I'll need to change.
(If I can do it, I'd like to have some users read-only and some read-write once I'm finished but that's not a priority.)
On 26/09/18 14:37, Mark Rogers wrote:
I'm rebuilding a Samba file server and my knowledge is rusty.
Note this is a simple fileserver, no AD.
What I want to achieve is that each user has their own user/pass but that all files stored on the server get allocated to one global user.
As I recall, I need both a Linux user and a Samba user for each person. However, I still have access to the files on the old server (but cannot boot it) and looking at /etc/passwd on there I do not see the individual users listed. I know that I definitely used to access the share as "mark". Therefore I'm both confused how it used to work, but also the correct way to set it up now.
It's Ubuntu Server 18.04, Samba 4.7.6.
Right now I have my shares configured in /var/lib/samba/usershares and can access them all via a single user (my primary server login which I added to Samba as well). They're currently read-only because the files are all root.root owned, that's something else I'll need to change.
(If I can do it, I'd like to have some users read-only and some read-write once I'm finished but that's not a priority.)
Hi Mark,
You need to use groups in order to control access levels, and set the use of those groups in smb.conf.
As for individual users, AFAIK, you need a "normal" Linux user account (and appropriate group membership - see above) and then to add that to Samba using the smbpasswd command. It's essential that the names and passwords are the same.
Samba can add access granularity in the context of Linux file permissions, but it can't over-ride them. In other words, you can have a file share with write access to a particular group/user and restrict that to read-only, but not the other way round.
Cheers, Laurie.
On Wed, 26 Sep 2018 at 15:36, Laurie Brown laurie@brownowl.com wrote:
As for individual users, AFAIK, you need a "normal" Linux user account (and appropriate group membership - see above) and then to add that to Samba using the smbpasswd command. It's essential that the names and passwords are the same.
That's what I thought, but I didn't have them set up on the old server. Odd.
The Linux users don't actually need passwords though; I've been setting them up with: sudo adduser --no-create-home --disabled-password --disabled-login mark sudo smbpasswd -a mark .. and that works fine (obviously Samba needs a password.)
Thanks for the help. I always get in a mess with Samba because it seems very "flexible" in its configuration but I think I now have something workable.
-
Laurie Brown -
Mark Rogers