Sharing a Directory through Samba

To share a directory through Samba, create a share section in smb.conf that describes the directory and the conditions under which you are willing to share it. To share the /home/sales directory used in the NFS examples and a new directory named /usr/local/pcdocs, you might add the two share sections shown in Listing 9.10 to the sample smb.conf file.

Listing 9.10: Samba File Shares

[pcdocs]

comment = PC Documentation path = /usr/local/pcdocs browsable = yes writable = no public = yes

[sales]

comment = Sales Department Shared Directory path = /home/sales browsable = no writable = yes create mode = 0750

hosts allow = .sales.foobirds.org

Each share section is labeled with a meaningful name. This name is displayed as a folder in the Network Neighborhood window on client PCs. Each section contains some commands you have already seen and a few new commands. The first new command is path, which defines the path of the directory being offered by this share.

The pcdocs share also contains the command public. public allows anyone to access the share, even if they don't have a valid username or password. These public users are granted "guest account" access to the share. On a Linux system, this usually means they run as user nobody and group nobody, and are limited to world permissions.

Setting File and Directory Permissions

The sales share is being offered as a writable share. The create mode command controls the permissions used when a client writes a file to the /home/sales directory. In the sample in Listing 9.10, it is specified that files will be created with read/write/execute for the owner, read/execute for the group, and no permissions for the world (750). A related command, directory mode, defines the permission used when a client creates a directory within a share. For example:

directory mode = 0744

This sets the permissions for new directories to read/write/execute for the owner, read/execute for the group, and read/execute for the world (744). This is a reasonable setting that allows cd and ls to work as expected because directories must have the world execute bit set in order for the change directory (cd) command to work properly.

Limiting Access to a Share

The sales share section also contains a hosts allow command, which defines the clients that are allowed to access this share. Even if a user has the correct username and password, they are allowed to access this share only from the specified hosts. By default, all hosts are granted access, and specific access is controlled by the username and password.

The hosts identified in the hosts allow command in Listing 9.10 are identical to those listed in the NFS example. This illustrates that Samba can also control access with domain wildcards.

There are several different ways to define individual hosts or groups of hosts in the hosts allow command. As the name of the command implies, it uses the same syntax as the hosts.allow file discussed in Chapter 12, "Security." Some examples of how it can be used in the smb.conf file are as follows:

hosts allow = 172.16.5.0/255.255.255.0 Allows every host on network 172.16.5.0 access to the share.

hosts allow = 172.16. EXCEPT 172.16.99.0/255.255.255.0 Allows every host on network 172.16.0.0 to have access to the share, except for those hosts on subnet 172.16.99.0. 172.16 might be the enterprise network, and 172.16.99 might be an untrusted subnet where publicly accessible computers are located.

In addition to the hosts allow command, there is a hosts deny command that defines computers that are explicitly denied access to the share. Its syntax is similar to that of the hosts allow command.

Combining these two new share sections with the section that came with the Red Hat configuration creates a server that does everything you want. It provides access to user home directories. It provides access to public directories used to offer online documentation or other publicly shared resources. And it offers private directories that are accessible only to members of the selected group. This provides everything that NFS did in a manner that is much simpler for Microsoft Windows clients to use.

Of course, you're not limited to serving only Windows clients. Linux systems can also be Samba clients.

Was this article helpful?

0 0

Post a comment