Browsing Corsican translation

76.

There are several options available to increase the security for each individual shared directory. Using the <emphasis>[share]</emphasis> example, this section will cover some common options.

77.

Groups

78.

Groups define a collection of computers or users which have a common level of access to particular network resources and offer a level of granularity in controlling access to such resources. For example, if a group <emphasis role="italic">qa</emphasis> is defined and contains the users <emphasis role="italic">freda</emphasis>, <emphasis role="italic">danika</emphasis>, and <emphasis role="italic">rob</emphasis> and a second group <emphasis role="italic">support</emphasis> is defined and consists of users <emphasis role="italic">danika</emphasis>, <emphasis role="italic">jeremy</emphasis>, and <emphasis role="italic">vincent</emphasis>, then certain network resources configured to allow access by the <emphasis role="italic">qa</emphasis> group will subsequently enable access by freda, danika, and rob, but not jeremy or vincent. Since the user <emphasis role="italic">danika</emphasis> belongs to both the <emphasis role="italic">qa</emphasis> and <emphasis role="italic">support</emphasis> groups, she will be able to access resources configured for access by both groups, whereas all other users will have only access to resources explicitly allowing the group they are part of.

79.

By default Samba looks for the local system groups defined in <filename>/etc/group</filename> to determine which users belong to which groups. For more information on adding and removing users from groups see <ulink type="help" url="help:/kubuntu/basics/"> Basics</ulink>.

80.

When defining groups in the Samba configuration file, <filename>/etc/samba/smb.conf</filename>, the recognized syntax is to preface the group name with an "@" symbol. For example, to define a group named <emphasis role="italic">sysadmin</emphasis> in a certain section of the <filename>/etc/samba/smb.conf</filename>, the group name would be entered as <emphasis role="bold">@sysadmin</emphasis>.

81.

File Permissions

82.

File Permissions define the explicit rights a computer or user has to a particular directory, file, or set of files. Such permissions may be defined by editing the <filename>/etc/samba/smb.conf</filename> file and specifying the explicit permissions of a defined file share.

83.

For example, for a defined Samba share called <emphasis>share</emphasis> and the need to give <emphasis role="italic">read-only</emphasis> permissions to the group of users known as <emphasis role="italic">qa</emphasis>, while allowing write permissions to the share by the group called <emphasis role="italic">sysadmin</emphasis> and the user named <emphasis role="italic">vincent</emphasis>, then the <filename>/etc/samba/smb.conf</filename> file could be edited to add the following entries under the <emphasis>[share]</emphasis> entry:

84.

read list = @qa
write list = @sysadmin, vincent

85.

Another possible Samba permission is to declare <emphasis>administrative</emphasis> permissions to a particular shared resource. Users having administrative permissions may read, write, or modify any information contained in the resource where the user has been given explicit administrative permissions.