Samba capabilities & functionality

windows active-directory samba network-share samba4

In my workplace, we switched from Windows shared folder for network use to Ubuntu server for our 4 disc hardware raid. We do not use Active Directory (I don't even know what it is) but we do use user permissions to access the raid and mount it as a network drive. You can install webmin and use that to help manage the server.

There are a couple tricks: setting up the user permissions and umask in smb.conf and then getting the shared folder's permissions and "sticky bits" set correctly.

Edit with some details of how I set up my file server:
1.5 years after answering this question, I installed new server OS (now is Debian 7.3) and went through setting up samba, again using webmin. One thing that didn't work as expected was user passwords linking to unix passwords. This QA fixed that with suggesting manually issuing smbpasswd -a <username>. Although the old ubuntu HDD was failing, I copied /etc/ to the /raid so I can look back at what worked before.

We've got the below permissions set up. The "smb" user and password are known by anyone needing access to the network share, which is then mapped to a drive letter consistently on windows computers. If I log in from my chrisk user on windows which coincidentally uses same password as on the filesrv, then I can access my personal folder on the raid as well as all of the /raid files. There are no "personal" groups, everyone is in users group.

12:53 chrisk@filesrv /raid$ ls -alh
drwxrwsr-x.  47 smb     users 4.0K Dec 29 18:43 .
drwxr-xr-x   23 root    root  4.0K Dec 27 02:36 ..
drwxrwsr-x.   7 smb     users 4.0K Aug 15  2009 catalog_tech
drwx--S--T.  42 chrisk  users  12K Dec 29 20:52 chrisk
drwxrwsr-x.   5 smb     users 4.0K Oct 12 12:36 customers
drwxrwsr-x.   6 smb     users 4.0K Dec 20 12:48 dealers
drwxrwsr-x    3 smb     users 4.0K Nov  5 17:51 Distributors
drwxrwsr-x.  22 smb     users 4.0K Dec 29 16:58 docs
drwx--S--T.  42 liz     users  12K Dec 29 20:52 liz
drwx------   17 smb     users 4.0K Sep  8  2011 smb

I read up and to get these permissions, I believe that I did a # chmod -R 7775 * on /raid and then # chmod -R 7775 <user> for each username.

This works really well for when windows share users log in and create files and lets the drive behave as one would expect on their own computer. Things get a little iffy when I am writing code, though, because I switch from Windows OS to my Linut Mint computer and I sshfs mount /raid and I'll create files that Windows people can't mess with because they will keep my permissions. On this brave new Debian raid world, I'll have to see if this is still the case.

Security is the inverse of convenience this configuration is very convenient and thus unsecure in many aspects of file security or employee vandalism. It works great for "mom & pop" situations. When we have new employees (twice in 7 years), we all have a meeting and go over what the staff thinks about it all. It is only one step better than having a Windows box with an everyone share.

Next steps of improved security I am considering: There could be users and staff groups implemented for nuanced levels of security and then make an "everyone login" that isn't smb for folks to access and share everyday files. SMB could probably have yet another everyone user which doesn't have write/delete privileges, too.

Related

Configuration Deployment to Linux Systems [closed]
Setting up Debian 7 static IP address range
How to disable Stackdriver Monitoring for a project
Highlight label if checkbox is checked
How to disable / enable dialog negative positive buttons?
Generate random numbers following a normal distribution in C/C++
Extension methods cannot be dynamically dispatched
Spring Boot Rest Controller how to return different HTTP status codes?
Node.js console.log vs console.info
How can I catch all the exceptions that will be thrown through reading and writing a file?
Are there any smart cases of runtime code modification?
nginx the "ssl" directive is deprecated, use the "listen ... ssl"