The first element of a successful Samba file server is a directory configured locally to store the shared files. If the main purpose of your server is being a file server, you should consider giving this directory its own partition or logical volume to separate it from the other files on your server.
In addition to creating the directory, you shouldn't forget about the right permissions. The security for your shared directory is configured partly on the share, but the most important part is on the local Linux file system. So, create a group, grant permissions to that group, make users members of the group, and create the group owner of the shared directory to make it all work. In Chapter 6 of this book, you can read exactly how to do this. For details about setting permissions for the shared directory, you should check that chapter; here I'll just provide some tips on how to do it in the best possible way:
• Use Access control lists (ACLs) if you want to give read access to members of one group while members of another group have read/write access.
■ Note ACLs make it possible to give permissions to more than one user or more than one group. Read Chapter 6 for more details.
• Set the SGID permission on the shared directory to make the group that is the owner of the directory the owner of everything created in that directory and its subdirectories.
• Use sticky bit to specify that users cannot accidentally delete others' files from the shared directory.
It is a good idea to configure access on the local Linux file system first, before you do anything else on your Samba server (many people tend to forget about it otherwise).
Was this article helpful?