Hi there,
My experience: I've used Samba on a couple of servers at home in
which security isn't an issue, and I've used WinBind & PAM to
authenticate a Linux mailserver from a Windows domain. I'm quite
confident about installing Samba & setting up simple shares, I can
follow a howto & even do advanced trouble-shooting but I have no
experience with many of the features that Samba surely offers.
In this case I have installed a Samba server to replace an XP machine
essentially because the office wants off-site back-up, and I know
that on a Linux system I can easily script backups to http://
rsync.net and email the office's proprietor each morning to notify
him of the backup's success.
I can easily configure a simple simple share for everyone in the
office to use, but the proprietor has expressed a desire for a folder
that only he can access "using a password". How is the best way to so
this? It's easy to use a separate share with different permissions,
but I think that the customer might find it confusing or clumsy to
have a "Z:" drive that anyone can use and a separate "X:"
drive for
his private data.
Can folders within Samba shares carry different permissions? So that
within
[Files]
comment = The single network file share
path = /mnt/samba
writeable = Yes
guest ok = Yes
"/mnt/samba/foo", "/mnt/samba/bar" and
"/mnt/samba/grunt" are read-
writable by anyone, but "/mnt/samba/boss" is only readable by user
"boss"?
I have an idea that ACL might be required for this. Is that the case,
or will simple Unix file permissions suffice?
Also related: what's the best way to handle a very small number of
users on the Linux server? I can't see more than 5 or 10 users ever
using the server and they have no need to access other services on
it. So adding a Unix user to the Linux server for each Windows user
in the office would not be too onerous, but it seems slightly
inelegant. I can see the advantage of having a [homes] share for
users' private files, but again this means two mounts per user
([homes] and [everyonez_files]). I believe that Samba can do user
authentication off an SQL backend, but this seems overkill for only
half-a-dozen users. Any thoughts? Users should be able to login to
SWAT (or similar) to change their passwords.
Finally, I'm a little unclear about how the Windows GUI copes with
authentication to file shares. As I understand my experience (I'm
beginning to realise a disadvantage of using a Mac at home!) if a
Windows PC tries to connect to a network share then it will submit as
authentication the username:password of the Windows user currently
logged in. As I understand it things become clumsy if a user is
logged onto a PC as "Bob" and wants to access a file share as user
"Bobby". I know that one can mount a network drive as a different
user, but this may not be desirable as, in this office, Dave might be
using Bob's PC. It would be better for the user to be asked for a
password each time, rather than the share be mounted at boot-up with
permissions to read the boss' private files.
I'm sure this is a problem-space that has been done to death in the
past, and I'm sure that Googling will reveal some references. But I
thought I'd post here in case anyone would enjoy sharing their
thoughts on this subject, and I would be glad if anyone can recommend
some resources particularly relevant to my situation.
Stroller.
