Skip to main content

Samba explained

I'm done setting up samba server as instructed by my boss 2 weeks ago. The mystery of SAMBA have been revealed :). I never done this before. I mean I've never done setting up one for 'production' server. I learnt a lot from internet by googling and asking on a Linux forum to get hints. I wanna share a few tips here for us.

My setup
The first thing to configure is smb.conf. I use Slackware 10.2. This file is located in /etc/samba. For your distro, you should check in /etc or /etc/samba. This file is divided into 2 categories:

  1. global setting [global]
  2. share definitions (this is where you define your sharing directories)
Let's discuss them in turn

global setting[global]

workgroup - specify workgroup of your machine
server string - specify server string ie Samba server
security - specify your security here ie share or user. share is suitable for home use. user is more secure. You have to specify username and password when you want to connect to this samba server.
hosts allow - ie 192.168.0.0/24 or 10.0.0.0/16 , specify LAN clients allowed to connect. You may want to add localhost too ie 127.0.0.1
wins server - specify WINS server to be used by this samba server for faster NetBIOS name resolution ie 192.168.0.11

There are more directives to be set but I concentrate for simple setup only.

Share Definitions
Here you can specify what directory you want to make sharing. Look at this example:

[homes]
comment = Home Directories
browseable = No
writable = Yes

[public]
comment = For Public Consumption
path = /home/samba/public
public = Yes
writable = Yes
printable = No
writelist = @staff
browseable = Yes

[Finance]
comment = Finance's Stuff
path = /home/samba/finance
valid users = @finance
public = no
writable = no
printable = no
browseable = yes
write list = @finance
create mask = 0660
directory mask = 0770
force group = @finance

------
for [Homes], it is the home directory of the user if they logged in. browseable = No states that the directory is not browseable by other users or hidden. writable = yes states that the user is given read and write permissions.

for [public], the path for this folder is /home/samba/public. You have to make sure that this directory exist and make sure the permission is set as below:

drwxrwxr-x  root staff  /home/samba/public

this ensure that the staff group has write permission as stated by writelist = @staff. The other directives are self-explanatory.

For [finance], the path is /home/samba/finance and valid users = @finance states that only users in finance group can enter/access this directory and write list = @finance ensures that only users in finance group have read and write permissions. The "create mask" and "directory mask" ensure new and modified files and directories retain their correct permissions, and the "force group" causes all file read/writes to be the group finance regardless of what the user's primary group is, ensuring that all members can read/write/modify files. permissions. You should set the directory as :

drwxrwx---  root finance  /home/samba/finance

These are the tips that I got when I was setting up the samba server. I hope it can be useful to anyone who wanna setup a simple samba server in a LAN more secure by setting up the sharing directories correctly.

You can extend the above setup as you grasp the key concept above. The permissions of Linux directories should satisfy what you state in smb.conf or the other way around :). Otherwise it will make no sense.

Lastly, to restart the samba server , issue this command :

/etc/rc.d/rc.samba restart

or (if you use Fedora, Redhat or Mandriva)

service smbd restart

Have nice day!

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Moving your mysql database to another hard disk

Recently, my server's only hard disk was almost full. I bought a new hard disk with bigger size and I decided to just add it as a second hard disk. Since I need to move it to the 2nd hard disk, I need to find a proper way to move the db with minimum downtime. So I googled around and found a solution.
First, I needed to format the 2nd hard disk and I chose xfs as the filesystem. I created 2 partitions using Linux's fdisk for this task. First partition is 10 GB and 2nd one is around 900 GB. That's approximately added up to 1 TB. Then I mounted the 2nd partition in current partition eg /media/hd2 as follows:
mount -t xfs /dev/sdb5 /media/hd2
where /dev/sdb5 is the partition and /media/hd2 is the mounting dir.
Stop mysql db before doing anything:
service mysql stop
Afterthat, I copied the entire db to newly mounted hard disk:
cp -rv /var/lib/mysql /media/hd2
It will take a while if you have huge databases.
Then, change the ownership of the dir to user and group of mysql:
chown -R mysql:…

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…