Hi, I'm finalizing the configuration of a samba installation on our main server. I'd like to give all users access to a private area for each of them. This would normally be accomplished perfectly with the [homes] section in smb.conf, giving each user access to their home directory as defined in /etc/passwd. This is were the difficulty lies. I have two classes of users on this machine: A. "Normal" users that have independant, distinct home directories. B. Single application users. These users only use one application on the server and they all share a common home directory. This is pretty much a requirement for this application to run. I really don't like this, but this is the way the application was designed. All of these users are in a common unix group, so they can be readily "identified". So, I obviously can't give all "B" users [homes] access or they will all be writing to the same directory. To make matters slightly worse, if they DO write to this directory (the shared home), they may overwrite files crucial to the operation of the common application that they all use. What I would like is to have two [homes] sections. One would be for class A users and would map to their home directories as normal. The other homes section would be for class B users and would map their path to something like: /usr/local/samba/shares/home/%u where %u is the username. I have spent most of this morning and early afternoon trying various configurations. Everything I've tried has some difficulty that keeps it from working the way I want. Briefly I've tried: 1. normal [homes] section with invalid users = @classb . Second wildcard section named [users] with valid users = @classb and the path = /usr/local/samba/shares/home/%u This works, but classb users still see a directory with their username from the [homes] section. When they enter their password, it denies them access as they are "invalid" users. Any idea how to keep a share from being displayed if the user is invalid? This also has the disadvantage of the share name being "users" instead of the username . 2. One template [user] as above and one share per user with a copy = user to get the shared attributes (path, file mode, etc). No [homes] section. This works, but has the disadvantages of making me add a new section for each user, and displaying ALL of the "user" directories to every user. 3. Two different [homes] shares. One with valid users = @classb and the other with invalid users = @classb . This didn't work. I think it just ignored the second [homes] share. I didn't expect it to work, but it was worth a try. Ideas: 1. Is there a way to make one's own [homes] style section with a different share name like [otherhomes] ? The only element that I'm missing is the ability to change the share name to that of the user and (2) above will work. I looked through the man pages but didn't find what I needed. 2. Can you limit [homes] to not show for invalid users? Conversely can you limit any share to only show for valid users? With either of these abilities I think I can do what I want. 3. Is there something I can do with the auto services directive and one of my failed attempts above? I read the man page section on auto services and I'm not clear on what it's used for. My [homes] sections all work as expected with browseable = no and no auto services line anywhere. My current solution is a modified [homes] share with path = /usr/local/samba/shares/home/%u valid users = @classb This allows the classb users proper access and everyone else sees a home directory that they can't get to. Since the class A users are the minority, this works for now, but is kind of a hack. Any suggestions? Thanks, Brian L. Gentry USaccess Inc.
On Thu, Nov 20, 1997 at 05:14:11PM -0600, John Blair wrote: [...]> Solution 1: > > Create a new directory, such as /usr/local/samba/homes. Create > directories with the correct ownerships for all of your class B users > in this directory. Next, create links inside of /usr/local/samba/home > s to the home directory of all of your class A users. These links > can be either hard or symbolic links, depending on your disk > partition layout and your own taste. Lastly, set 'path = > /usr/local/samba/homes/%u' in your [homes] section.I thought of this, but as you said it's messy. On the other hand, I'm always going to have to do something "special" for the class B users to give them a "home share" directory.> Solution 2: > > This solution assumes that the primary group of all of your class A > users is 'classA' and the primary group of all of your class B users > is 'classB'. It also assumes you have your smb.conf file stored at > /usr/local/samba/lib/smb.conf and your user's real home directories > are stored in /homes. Adjust accordingly for your actual setup. > > First create a new file called /usr/local/samba/lib/smb.conf.classA . > It should contain: > > path = /home/%u > > Create a second file called /usr/local/samba/lib/smb.conf.classB . > It should contain: > > path = /usr/local/samba/homes/%u > > Lastly, create a homes section that contains the following instead of > a path statement: > > include = /usr/local/samba/lib/smb.conf.%g > > > hope this helps. > -john.I just tried a variation on this. Namely, I only created a new smb.conf.classb file instead of both. If I understand the docs correctly, smbd should just ignore any include line that points to a file it can't find. So, this should include the proper path from smb.conf.classb for my classb users and the default path of ~user (from /etc/passwd) should be used for all other users since this is the default path for the [homes] directive. However, I couldn't get it to work. Having this include statement in the smb.conf file broke the entire operation of samba. While testing I couldn't even list the shares available on the server. When I commented out the include line, operation went back to normal. I don't get it; this should work. I don't know what I'm missing. Here is what I tried in my smb.conf file: [homes] comment = Home directories browseable = no ; valid users = @tech7 include = /usr/local/samba/lib/smb.conf.%g ; browseable = yes ; path = /usr/local/samba/shares/home/%u writeable = yes create mode = 700 Note, the common group of "class B" users is "tech7" . The comments are from earlier experiments. I then created the file: /usr/local/samba/lib/smb.conf.tech7 with the contents: path = /usr/local/samba/shares/home/%u Running testparm on smb.conf yields strange results. It complains that it can't get peername and that it can't find the file: /usr/local/samba/lib/smb.conf.%g The problem might simply be that include can't be used in a share context. I looked at the man page and it indicates that include can only be used in the globals section. Thanks very much for your help. I'll keep thinking about the problem and see what I can come up with. Brian L. Gentry USaccess Inc.
On Thu, Nov 20, 1997 at 05:14:11PM -0600, John Blair wrote: [...]> Solution 2: >[snip]> > Create a second file called /usr/local/samba/lib/smb.conf.classB . > It should contain: > > path = /usr/local/samba/homes/%u > > Lastly, create a homes section that contains the following instead of > a path statement: > > include = /usr/local/samba/lib/smb.conf.%g > > > hope this helps. > -john.Well as I wrote yesterday, I tried this and got strange results. I *was* using 1.9.16p11 . I upgraded to 1.9.17p4 today and tried it again. Success!!!!! I had to use filename.%G instead of filename.%g though. I'm not sure why the "%g" didn't work, but I'm happy with this solution. Thanks very much for your help. Brian L. Gentry USaccess Inc.
On Fri, 21 Nov 1997, Brian Gentry wrote:> Hi, > > I'm finalizing the configuration of a samba installation on our > main server. I'd like to give all users access to a private area > for each of them. This would normally be accomplished perfectly with > the [homes] section in smb.conf, giving each user access to their > home directory as defined in /etc/passwd. >try using the "include = /usr/local/samba/lib/smb.conf.%macro-substitution" system. you will be able break up your system, even by things like NetBIOS name. the application-based people could connect to the same samba server using a different NetBIOS name, and have a completely different configuration file (/usr/local/samba/lib/smb.conf.SAMBA-APPLIC1) luke <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>