Linux--Samba-pam Module application-system password synchronization; User and Client access control; disk quotas; Recycle Bin

Pam Module Application

Samba server 3.X and Pam modules are very well-integrated, through the powerful functions of the PAM module can effectively enrich the functions of Samba server.

6.4.1 System Password Synchronization

The benefit of a Samba server using user authentication that is completely independent of the system is that it can improve security, but it also poses some problems, such as modifying a user's password to modify the password of the user's login system and also to modify the password of the logged on Samba server. However, the function provided by the PAM module can effectively realize the automatic synchronization of the password of the system user and Samba server.

Automatically synchronize the Samba server user password when using passwd to modify the user's system password. Edit the/etc/pam.d/system-auth file, add all the password portions of the file (shown in 6-34), and add the following.

Passwordrequisite pam_cracklib.so retry=3 passwordrequisite pam_unix.so shadow MD5 Use_authtok Try_first_pass passwordrequired pam_smbpass.so Use_authtok Use_first_pass

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/49/99/wKiom1QWZqPw4rwtAAGpwh8_ZZ0445.png "title=" Sam34-1. PNG "alt=" Wkiom1qwzqpw4rwtaagpwh8_zz0445.png "/>

After the above configuration is complete, the Samba server will automatically complete the synchronization when the user modifies the system user password using passwd, but if the new user on the system must first use SMBPASSWD-A to add the user to the Samba server before using passwd to set the user's system password , or you will not be able to set the user system password.

User and Client access control

In the/etc/samba/smb.conf file, the hosts allow, hosts deny access to the client control, you can use the valid users to control access to the user, However, if you want to control a particular user on a specific client, you must use the PAM module.

The following example allows Tonyzhang to access clients located in 192.168.0.0/24, denying Tomyang access to clients located in 192.168.1.0/24.

(1) in the/etc/samba/smb.conf file [Global] tab, add the following content.

Obey Pam Restrictions=yes

(2) Edit the configuration file/etc/pad.d/samba, add the following statement before the first accout.

Account Required Pam_access.so Accessfile=/etc/samba/myacl

(3) Create a file named Myacl under/etc/samba and add the following to the document.

+:tonyzhang:192.168.0. -:tomyang:192.168.1.

Default disk quota configuration

The limit on the use of shared directory space on the Samba server is primarily through the system-provided disk quotas, but the disk quota functionality provided in Linux must be set for users or groups, so that if the user volume is larger, it is not easy to set up The Samba server solves this problem by specifying a user or group quota as the default quota for all users. In the following example, the amount of data that each user can write to the test shared directory is based on the Tonyzhang user's quota for that partition (if you want to use a group's quota as the default quota, change the UID in the example below to GID).

(1) Set disk quotas for Tonyzhang users.

(2) Add the following content to the test shared directory defined in the/etc/samba/smb.conf file.

[smbtest]      comment = this is smb test       path = /test      writable = yes       vfs object = default_quota           default_quota:uid = 501     #用户tonyzhang的UID为501.            default_quota:uid nolimit =  no  Configuring the Recycle Bin for Samba servers requires the use of virtual file system (VFS) modules, and samba can use a variety of VFS modules, which are housed in the/USR/LIB/SAMBA/VFS directory. This chapter focuses on the implementation through the Recycle.so module. When you configure the Recycle Bin for a Samba server, you need to configure it for each shared resource. In the following example, a Recycle Bin is configured for the shared resource test of the samba server. [smbtest]      comment = this is smb test       path = /test      writable = yes       vfs object = recycle          recycle:repository = .deleted/%u            recycle:keeptree = Yes           recycle:versions = Yes           recycle:maxsixe = 0           recycle:exclude = *.tmp|*.mp3            recycle:noversions = *.doc   in the above configuration, each parameter has the following meanings. (1) Vfs object = recycle: Load recycle.so module, recycle name cannot be other. (2) recycle:repository = . recycle/%u: The relative path of the Recycle Bin, this option specifies what directory the deleted file will be stored in, and it is related to the actual path of the shared resource. In the example above, "test" uses the/home/test path, so any deleted content is moved to the.  recycle directory in this directory. The%u variable is the user name of the current browse shared user, so the files deleted by each user are stored in a directory named after his or her user name. This parameter can only use relative paths. The directory you are configuring must have write permissions for other users. When there are files that need to be placed in this directory, the Samba server writes the relevant case to the log and deletes the required files if there is a problem. (3) Recycle:keeptree = yes: in the fileWhen you move into the Recycle Bin, you establish the relative directory structure. (4) Recycle:versions = yes: If there is a file with the same name in the directory where the Recycle Bin exists, differentiate it in the form of copy  #x  of  file name. (5) Recycle:maxsixe = 0: The maximum usage space of the Recycle Bin, in bytes. 0 indicates no limit for maximum usage space. (6) Recycle:exclude = *.tmp|*.mp3: The file type that is not put into the Recycle Bin. (7) Recycle:noversions = *.doc: Overwrite the file type of the original file if there is a file with the same name in the directory where the Recycle Bin exists.

Reference: http://book.51cto.com/art/201108/282449.htm

This article is from the "--" blog, please be sure to keep this source http://57388.blog.51cto.com/47388/1552806

Linux--Samba-pam Module application-system password synchronization; User and Client access control; disk quotas; Recycle Bin