Wednesday, January 16, 2013

Easy Samba in my linux NAS

I would like to be able to read and write files via Samba or locally/ssh on the server without problems. Nothing is more frustrating than modifying a file via Samba and being unable to read it via ssh.
To achieve this I need working recursive permissions.
In the end, members of the group users will be able to read and write files under the samba share.
Let's do it!

1. Set a suitable smb.conf

[global]
workgroup = BUFON
server string = %h (Samba on Ubuntu Server)
guest ok = yes
security = user
local master = yes
os level = 255
preferred master = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
[template]
-valid=no
path = /mnt
write list = @usersforce 
group = users
create mask = 0775
force create mode = 0775
security mask = 0770
directory mask = 0775
force directory mode = 0775
vfs objects = recycle
recycle:repository = Recycle Bin
recycle:versions = Yes
recycle:keeptree = No
[tank]
path = /tank
write list = @users
force group = users
create mask = 0775
force create mode = 0775
security mask = 0770
directory mask = 0775
force directory mode = 0775
vfs objects = recycle
recycle:repository = Recycle Bin
recycle:versions = Yes
recycle:keeptree = No
[tank$]
copy=template
-valid=yes
path=/tank

2. Set permissions


From Linux Security HOWTO - 5. Files and File system Security comes this very useful bit of information:
SGID Attribute: (For directories)
If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
So we need to do a chmod +s on the folders under the samba share.
Run this script if you create a new samba share or if you mess up your permissions and want to start fresh again:

#!/bin/sh
#Usage: fix-permissions.sh /data/myfolder
FOLDER=$1
echo "Fixing permissions in $FOLDER"
echo "... chmod on folders"
find $FOLDER -type d -exec chmod g+rwxs {} \;
echo "... chmod on files"
find $FOLDER -exec chmod g+rwx {} \;
echo "... chown on folders"
find $FOLDER -type d -exec chown root.users {} \;
echo "... chown on files"
find $FOLDER -exec chown root.users {} \;

3. Add users to "users" group


sudo adduser jordi users
Do the same with other users that need access to the files on the samba share; e.g. www-data, debian-transmission, hts, mldonkey.

That's all.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)