Objectives
- Provide network shares to specific clients.
- Provide network shares suitable for group collaboration.
Online Help
- man smb.conf
- yum provides smbclient
Sample smb.conf
[smbshare]
comment = public share
writeable = no
path = /smbshare
read list = user01, user02
write list = +smbgrp # members here always have the write permission no matter what "writeable" is set to yes or no.
Key Points:
smb server has its own user database which is separated from the OS's user database.
smbd maps the samba users to OS users with the same name by default.
It's the best practice to make sure samba user and OS user share the same name and password. But it's not mandated.
For file permissions, smbd first check it's config file smb.conf. If the samba user doesn't have the right permission, smbd will refuse it directly. If the samba user has the permission, smbd will pass the request to the filesystem underhood where samba user is mapped to OS user and the normal Unix file permission check happens.
It's just like Windows Server's File Server having "share permission" and "NTFS permission".
- The mount session must provide a user account ( mount -o username=xxx), which is different from NFS.
- Because of the above rule, the session keeps using the same user account no matter what the client user is.
- On the client-side, all users share the same mount session by default. But we can let different users use different session by (mount -o multiuser,sec=ntlmssp).
- In multiuser mode, every client-side user needs to add a credential for their smb session by "cifscredentials add -u xxx smbserver"
No comments:
Post a Comment