|
|
81.
|
|
|
There are several options available to increase the security for each individual shared directory. Using the <emphasis>[share]</emphasis> example, this section will cover some common options.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:489(para)
|
|
|
82.
|
|
|
Groups
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:495(title)
|
|
|
83.
|
|
|
Groups define a collection of computers or users which have a common level of access to particular network resources and offer a level of granularity in controlling access to such resources. For example, if a group <emphasis role="italic">qa</emphasis> is defined and contains the users <emphasis role="italic">freda</emphasis>, <emphasis role="italic">danika</emphasis>, and <emphasis role="italic">rob</emphasis> and a second group <emphasis role="italic">support</emphasis> is defined and consists of users <emphasis role="italic">danika</emphasis>, <emphasis role="italic">jeremy</emphasis>, and <emphasis role="italic">vincent</emphasis> then certain network resources configured to allow access by the <emphasis role="italic">qa</emphasis> group will subsequently enable access by freda, danika, and rob, but not jeremy or vincent. Since the user <emphasis role="italic">danika</emphasis> belongs to both the <emphasis role="italic">qa</emphasis> and <emphasis role="italic">support</emphasis> groups, she will be able to access resources configured for access by both groups, whereas all other users will have only access to resources explicitly allowing the group they are part of.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:497(para)
|
|
|
84.
|
|
|
By default Samba looks for the local system groups defined in <filename>/etc/group</filename> to determine which users belong to which groups. For more information on adding and removing users from groups see <xref linkend="adding-deleting-users"/>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:511(para)
|
|
|
85.
|
|
|
When defining groups in the Samba configuration file, <filename>/etc/samba/smb.conf</filename>, the recognized syntax is to preface the group name with an "@" symbol. For example, if you wished to define a group named <emphasis role="italic">sysadmin</emphasis> in a certain section of the <filename>/etc/samba/smb.conf</filename>, you would do so by entering the group name as <emphasis role="bold">@sysadmin</emphasis>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:517(para)
|
|
|
86.
|
|
|
File Permissions
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:526(title)
|
|
|
87.
|
|
|
File Permissions define the explicit rights a computer or user has to a particular directory, file, or set of files. Such permissions may be defined by editing the <filename>/etc/samba/smb.conf</filename> file and specifying the explicit permissions of a defined file share.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:528(para)
|
|
|
88.
|
|
|
For example, if you have defined a Samba share called <emphasis>share</emphasis> and wish to give <emphasis role="italic">read-only</emphasis> permissions to the group of users known as <emphasis role="italic">qa</emphasis>, but wanted to allow writing to the share by the group called <emphasis role="italic">sysadmin</emphasis> and the user named <emphasis role="italic">vincent</emphasis>, then you could edit the <filename>/etc/samba/smb.conf</filename> file, and add the following entries under the <emphasis>[share]</emphasis> entry:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:534(para)
|
|
|
89.
|
|
|
read list = @qa
write list = @sysadmin, vincent
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
represents a space character.
Enter a space in the equivalent position in the translation.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:543(programlisting)
|
|
|
90.
|
|
|
Another possible Samba permission is to declare <emphasis>administrative</emphasis> permissions to a particular shared resource. Users having administrative permissions may read, write, or modify any information contained in the resource the user has been given explicit administrative permissions to.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:548(para)
|
