Samba configuration method (SECURITY = user) without the need to enter the user name and password interactively)

Network attached storage (NAS) must support one or two file sharing access protocols, NFS (Network File System) and CIFS (Common Internet File sysem. NAS configuration methods are relatively simple, and there is a lot of information in this regard. The configuration parameters of NFS and CIFS are described in the appendix below. Here, we mainly solve the problem of CIFS configuration.

 

CIFS requirements
: Security = user, that is, the user needs to log on for authentication to access shared resources. However, anonymous users are required to access the service directly, but the permissions are different from those of authenticated users, and may be read-only. How should I configure this mode?

 

In security = share mode, all users can access Shared resources without logon authentication. Most of the configuration methods used for query are implemented in combination with the Access Control Method of the file system. The configuration methods in Security = user mode are rarely mentioned. After many experiments, I have successfully implemented this configuration method. Configure smb. conf as follows:

[Global]
Server String = Samba server version % v
Passdb backend = tdbsam
Cups Options = raw
Security = user // Authentication Mode: User
Map to guest = bad user // This is critical to achieving anonymity and relying on it without the need to enter the user name and password.

Guest account = guest // ing anonymous users to guest users

 

[Myshare]
Comment = my share
Path =/home/Public // shared path
Browseable = Yes // you can view the shared name in the network neighbor.
Read Only = No // read/write
Guest OK = Yes // anonymous access is allowed. You need to set this parameter. Otherwise, anonymous access is unavailable.

Valid users = Samba liuag guest // Valid users and groups
Invalid users = liuben // invalid user and group
Read list = Samba // read-only users and groups (if read only = No, read-only users need to set it here)
Write list = liuag // read/write users and groups (if read only = Yes, read/write users need to be set here)
Allow hosts = 192.168.100.236 // The list of allowed hosts. Wildcards are supported.
Deny hosts = 192.168.100.0/24 // the list of prohibited hosts. Wildcards are supported.

 

With this configuration, anonymous users can directly access Shared resources without entering the user name and password. As configured above, anonymous users are read-only. If anonymous users are required to read and write data, add the guest users to the write list. In addition, the experiment also draws the following conclusions: If the Guest user adds both read list and write list, the guest user can read and write; if the Guest user adds both valid users and invalid users, therefore, guest is valid. If a host is added to both allow hosts and deny hosts, access is allowed on the host. The permission control of the file system directory affects the shared access permission. Samba and the system must be considered in the actual configuration.

 

Appendix
:

[Common CIFS sharing settings
]

[Myshare]
Comment = grind's file
Path =/home/grind
Allow hosts = host (subnet)
Deny hosts = host (subnet)
Writable = Yes | No
User = user (@ Group)
Valid users = user (@ Group)
Invalid users = user (@ Group)
Read list = user (@ Group)
Write list = user (@ Group)
Admin list = user (@ Group)
Public = Yes | No
Hide dot files = Yes | No
Create mode = 0755
Directory mode = 0755
Sync always = Yes | No
Short preserve case = Yes | No
Preserve case = Yes | No
Case Sensitive = Yes | No
Mangle case = Yes | No
Default case = upper | Lower
Force user = grind
Wide links = Yes | No
Max connections = 100
Delete readonly = Yes | No

Specifically, myshare in [] specifies the sharing name, which is generally the name of the folder that can be seen in the network neighbor.

Comment refers to the remarks on share change.
Path specifies the shared path, which can be used with the samba variable. For example, you can specify Path =/data/% m. If the NetBIOS Name of a machine is grind, it enters the/data/grind directory when accessing the share of myshare, for machines whose NetBIOS name is glass, enter the/data/Glass directory.
Allow hosts and deny hosts are the same as the previous global settings.
Writeable specifies whether the directory is writable by default. You can also use readonly = No to set writeable.
Users can set all users who may use the shared resource or use @ group to represent all members of the group. Different projects are separated by spaces or commas.
Valid users specifies the users and groups that can use the shared resource.
Invalid users specifies the users and groups that cannot use the shared resource.
Read List specifies users and groups that can only read the shared resource.
Write List specifies the users and groups that can read and write the shared resource.
Admin List specifies the users and groups that can manage the shared resources (including read/write and permission granting.
Public indicates whether the shared resource can be accessed by the visitor's account. This switch is also called guest OK. Therefore, guest OK = yes in some configuration files is actually the same as public = yes.
Hide dot files indicates whether to hide files starting with "." Like UNIX.
Create mode indicates the attributes of the newly created file, which is generally 0755.
Directory mode indicates the attribute of the newly created Directory, which is generally 0755.
Sync always indicates whether to perform synchronization after writing the shared resource.
Short preserve case indicates that the file name is case-insensitive.
Preserve case indicates case sensitivity.
Case Sensitive indicates whether it is case sensitive. Generally, no is selected. Otherwise, an error may occur.
Mangle case indicates the mixed case.
Default case indicates whether all the default file names are in uppercase or lowercase.
Force user forces the owner of the file to be created. If I have a directory that allows the guest to be written, the guest can be deleted. If I use force user = grind to force the object to be created, the owner is grind, and the create mask = 0755, in this way, the guest cannot be deleted.
Wide links indicates whether to allow connections with shared external symbols. For example, a connection in a shared resource directs to a file or directory in a non-shared resource. Setting wide links = No makes the connection unavailable.
Max connections = n sets the number of simultaneous connections to n.
Delete readonly indicates whether to delete a file already defined as read-only in a shared resource.

 

[Common configuration parameters for NFS sharing
]

The shared NFS directory is listed in/etc/exports. This file controls directory sharing. The writing rule is: (one row for each sharing rule)

Shared directory host (parameter)

Example:/mnt/CDROM * .abc.com (RO, sync) master.abc.com (RW, sync)

The above rule means to share the/mnt/CDROM directory to the * .abc.com domain in read-only synchronization mode and share it with the master.abc.com host in read/write synchronization mode. Sync or async must be specified for any shared directory, that is, whether the shared NFS Directory responds to the command before the file is written to the disk.

Below are some common NFS sharing parameters:
RO: read-only access
RW: read/write access
Sync: Write and share all data upon request
Async: NFS can request data before writing data.
Secure: NFS is sent through the secure TCP/IP ports below 1024
Insecure: NFS is sent over port 1024.
Wdelay: if multiple users want to write data to the NFS Directory, group write (default)
No_wdelay: if multiple users want to write data to the NFS Directory, write the data immediately. This setting is not required when async is used.
Hide: do not share its subdirectories in the NFS shared directory.
No_hide: a subdirectory that shares the NFS Directory
Subtree_check: If sub-directories such as/usr/bin are shared, force NFS to check the permissions of the parent directory (default)
No_subtree_check: the parent directory permission is not checked.
All_squash: The UID and gid of the shared file are mapped to the anonymous user anonymous, which is suitable for public directories.
No_all_squash: reserve the UID and gid of the shared file (default)
Root_squash: all requests of the root user are mapped to the same permissions as those of the anonymous user (default)
No_root_squas: the root user has full management access permissions to the root directory.
Anonuid = xxx: Specify the UID of an anonymous user in the NFS server/etc/passwd file
Anongid = xxx: Specify the GID of anonymous users in the NFS server/etc/passwd file