|
25.
|
|
|
The <emphasis>security</emphasis> parameter is farther down in the [global] section, and is commented by default. Also, change <emphasis>EXAMPLE</emphasis> to better match your environment.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:127(para)
|
|
26.
|
|
|
Create a new section at the bottom of the file, or uncomment one of the examples, for the directory to be shared:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:135(para)
|
|
33.
|
|
|
<emphasis>read only:</emphasis> determines if the share is read only or if write privileges are granted. Write privileges are allowed only when the value is <emphasis>no</emphasis>, as is seen in this example. If the value is <emphasis>yes</emphasis>, then access to the share is read only.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:179(para)
|
|
63.
|
|
|
There are two security levels available to the Common Internet Filesystem (CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation allows more flexibility, providing four ways of implementing user-level security and one way to implement share-level:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:384(para)
|
|
79.
|
|
|
If you choose to map a network drive to the share you can check the <quote>Reconnect at Logon</quote> check box, which will require you to only enter the username and password once, at least until the password changes.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:479(para)
|
|
81.
|
|
|
There are several options available to increase the security for each individual shared directory. Using the <emphasis>[share]</emphasis> example, this section will cover some common options.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:489(para)
|
|
101.
|
|
|
To match the Samba configuration above the <emphasis>sysadmin</emphasis> group will be given read, write, and execute permissions to <filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group will be given read and execute permissions, and the files will be owned by the username <emphasis>melissa</emphasis>. Enter the following in a terminal:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:613(para)
|
|
105.
|
|
|
The <application>setfacl</application> command above gives <emphasis>execute</emphasis> permissions to all files in the <filename>/srv/samba/share</filename> directory, which you may or may not want.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:627(para)
|
|
106.
|
|
|
Now from a Windows client you should notice the new file permissions are implemented. See the <application>acl</application> and <application>setfacl</application> man pages for more information on POSIX ACLs.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:633(para)
|
|
108.
|
|
|
Ubuntu comes with the <application>AppArmor</application> security module, which provides mandatory access controls. The default AppArmor profile for Samba will need to be adapted to your configuration. For more details on using AppArmor see <xref linkend="apparmor"/>.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:643(para)
|