Книга: Fedora™ Unleashed, 2008 edition

Manually Configuring Samba with /etc/samba/smb.conf

Manually Configuring Samba with /etc/samba/smb.conf

The /etc/samba/smb.conf file is broken into sections. Each section is a description of the resource shared (share) and should be titled appropriately. The three special sections are as follows:

? [global] — Establishes the global configuration settings (defined in detail in the smb.conf man page and Samba documentation, found under the /usr/share/doc/samba/docs directory)

? [homes] — Shares users' home directories and specifies directory paths and permissions

? [printers] — Handles printing by defining shared printers and printer access

Each section in your /etc/samba/smb.conf configuration file should be named for the resource being shared. For example, if the resource /usr/local/programs is being shared, you could call the section [programs]. When Windows sees the share, it is called by whatever you name the section (programs in this example). The easiest and fastest way to set up this share is with the following example from smb.conf:

[programs]
path = /usr/local/programs
writeable = true

This bit shares the /usr/local/programs directory with any valid user who asks for it and makes that directory writable. It is the most basic share because it sets no limits on the directory.

Here are some parameters you can set in the sections:

? Requiring a user to enter a password before accessing a shared directory

? Limiting the hosts allowed to access the shared directory

? Altering permissions users are allowed to have on the directory

? Limiting the time of day during which the directory is accessible

The possibilities are almost endless. Any parameters set in the individual sections override the parameters set in the [global] section. The following section adds a few restrictions to the [programs] section:

[programs]
 path = /usr/local/programs
 writeable = true
 valid users = ahudsonahudson
 browseable = yes
 create mode = 0700

The valid users entry limits userid to just ahudson. All other users can browse the directory because of the browseable = yes entry, but only ahudson can write to the directory. Any files created by ahudson in the directory give ahudson full permissions, but no one else will have access to the files. This is exactly the same as setting permissions with the chmod command. Again, there are numerous options, so you can be as creative as you want to when developing sections.

The [global] section establishes configuration settings for all of Samba. If a given para meter is not specifically set in another section, Samba uses the default setting in the [global] section. The [global] section also sets the general security configuration for Samba. The [global] section is the only section that does not require the name in brackets.

Samba assumes that anything before the first bracketed section not labeled [global] is part of the global configuration. (Using bracketed headings in /etc/samba/smb.conf makes your configuration file more readable.) The following sections discuss common Samba settings to share directories and printers. You will then see how to test your Samba configuration.

The [homes] section shares out Fedora home directories for the users. The home directory is shared automatically when a user's Windows computer connects to the Linux server holding the home directory. The one problem with using the default configuration is that the user sees all the configuration files (such as .profile and others with a leading period in the filename) that he normally wouldn't see when logging on through Linux. One quick way to avoid this is to include a path option in the [homes] section. To use this solution, each user who requires a Samba share of his home directory needs a separate "home directory" to act as his Windows home directory.

For example, this pseudo home directory could be a directory named share in each user's home directory on your Fedora system. You can specify the path option when using SWAT by using the %u option when specifying a path for the default homes shares. The complete path setting would be as follows:

/home/%u/share

This setting specifies that the directory named share under each user's directory is the shared Samba directory. The corresponding manual smb.conf setting to provide a separate "home directory" looks like this:

[homes]
 comment = Home Directories
 path = /home/%u/share
 valid users = %S
 read only = No
 create mask = 0664
 directory mask = 0775
 browseable = No

If you have a default [homes] section, the share shows up in the user's Network Neighborhood as the user's name. When the user connects, Samba scans the existing sections in smb.conf for a specific instance of the user's home directory. If there is not one, Samba looks up the username in /etc/passwd. If the correct username and password have been given, the home directory listed in /etc/passwd is shared out at the user's home directory. Typically the [homes] section looks like this (the browseable = no entry prevents other users from being able to browse your home directory and using it is a good security practice):

[homes]
 browseable = no
 writable = yes

This example shares out the home directory and makes it writable to the user. Here's how you specify a separate Windows home directory for each user:

[homes]
 browseable = no
 writable = yes
 path = /path/to/windows/directories

The [printers] section works much like the [homes] section, but defines shared printers for use on your network. If the section exists, users have access to any printer listed in your Fedora /etc/printcap file.

Like the [homes] section, when a print request is received, all the sections are scanned for the printer. If no share is found (and with careful naming, there should not be unless you create a section for a specific printer), the /etc/printcap file is scanned for the printer name that is then used to send the print request.

For printing to work properly, printing services must be set up correctly on your Fedora computer. A typical [printers] section looks like the following:

[printers]
 comment = Fedora Printers
 browseable = no
 printable = yes
 path = /var/spool/samba

The /var/spool/samba is a spool path set just for Samba printing.

Оглавление книги