I needed to share several directories with write permissions to some people and read permissions to others, so I had to
create all the necessary infrastructure for samba to work.
You have to create unix users and groups to later map them to samba users and groups.
In order to make this work with w95,w98, wxp, and w2k, I needed to use exactly the same usernames the people have
in their machines.
So, if, to say, Bob signs in his machine with the user bobd, i need to create bobd in my samba server, as a unix account,
and then map it to a smb user. The password is not going to be the same as his windows password, this would require
joining the windows NT/NT4 domain.
Said that, we proceed to create the groups and users like this
# groupadd infra
# useradd -m -d /home/rdircio -g infra rdircio
# passwd rdircio
Then, to add the users in samba
# smbpasswd -a rdircio
To map the unix groups we need to do
# net groupmap add ntgroup=”infra” unixgroup=infra type=d
After this, created the shared directories,inside /shared ending up like this
drwxrwxr-x 2 root infra 48 2006-01-03 12:20 cambios/
drwxr-xr-x 2 luis infra 48 2006-01-03 12:51 diagramas/
drwxrwxr-x 2 root infra 48 2006-01-03 12:17 inventario/
drwxrwxr-x 6 root inversion 240 2006-01-03 12:30 inversion/
drwxrwxr-x 10 root infra 280 2006-01-03 12:27 ismas/
drwxrwxr-x 5 root infra 152 2006-01-04 07:35 mantenimiento/
drwxrwxr-x 2 ppispma1 root 48 2006-01-03 09:47 publico/
you can see the permissions attached to specific users and groups, so read/write permission is achieved.
the smb.conf corresponding to this is:
[global]
workgroup = INFRA
server string = INFRA UNIX
security = SHARE
[mp3]
comment = musica
283/433
path = /mp3
read only = No
guest ok = Yes
[inversion ]
writeable = yes
read list = @infra
write list = @inversion
path = /shared/inversion
comment = Proyectos de Inversion
valid users = @infra
public = yes
[ inventario ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/inventario
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ mantto ]
read list = @infra
writeable = yes
path = /shared/mantenimiento
write list = @infra
comment = Informacion de Infraestructura
valid users = @infra
public = yes
create mode = 775
directory mode = 775
[ info general ]
writeable = yes
read list = @infra
admin users = ppispma1
write list = ppispma1
path = /shared/publico
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ cambios ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/cambios
comment = Informacion de Infraestructura
valid users = @infra
public = yes
284/433
[ ismas ]
writeable = yes
read list = @infra
write list = @infra
path = /shared/ismas
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[ homes ]
writeable = yes
read list = @infra
write list = @infra
path = /home
comment = Informacion de Infraestructura
valid users = @infra
public = yes
[my home]
comment=%u home dir
path=/home/%u
writeable = yes
read list = @infra
write list = @infra
comment = homes
valid users = @infra
public = yes
The first share is totally public, anyone can enter, but the others require password.
We can avoid using different passwords for samba and unix users using pam_smbpass, we’ll discuss how to
do this later
285/433