|
33.
|
|
|
<emphasis>read only:</emphasis> determines if the share is read only or if write privileges are granted. Write privileges are allowed only when the value is <emphasis>no</emphasis>, as is seen in this example. If the value is <emphasis>yes</emphasis>, then access to the share is read only.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:179(para)
|
|
103.
|
|
|
The <application>setfacl</application> command above gives <emphasis>execute</emphasis> permissions to all files in the <filename>/srv/samba/share</filename> directory, which you may or may not want.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:627(para)
|
|
105.
|
|
|
Samba AppArmor Profile
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:641(title)
|
|
111.
|
|
|
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:672(para)
|
|
113.
|
|
|
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:682(para)
|
|
116.
|
|
|
You should now be able to read, write, and execute files in the shared directory as normal, and the <application>smbd</application> binary will have access to only the configured files and directories. Be sure to add entries for each directory you configure Samba to share. Also, any errors will be logged to <filename>/var/log/syslog</filename>.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:691(para)
|
|
118.
|
|
|
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:722(para)
|
|
121.
|
|
|
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:746(para)
|
|
124.
|
|
|
First, install Samba, and <application>libpam-smbpass</application> to sync the user accounts, by entering the following in a terminal prompt:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:762(para)
|
|
126.
|
|
|
Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. The <emphasis>security</emphasis> mode should be set to <emphasis role="italic">user</emphasis>, and the <emphasis>workgroup</emphasis> should relate to your organization:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:774(para)
|