Samba makes UNIX and Windows easy to share (2)

Default master configuration file

By default, the correct configuration of the main configuration file of Samba is the top priority of Samba security. Correctly configuring the default main configuration file of Samba will provide a powerful security system for the system and lay a solid foundation for the secure operation of Samba. To correctly configure the configuration file, we must have a deep understanding of the configuration file and understand its meaning before we can "prescribe the right remedy" to prevent the problem.

1. The default main configuration file of Samba and its description

Run the following command as the root user to view the default Samba Configuration:

// Ignore the configuration statement lines that are commented (beginning with # And;) and view its default configuration

[Root @ ora9 root] # grep-V "#"/etc/samba/smb. conf | grep-V ";"

// Set global Parameters

[Global]

// Set the workgroup name

Workgroup = mygroup

// Set the Samba server name

Server String = Samba Server

// Set the printer configuration file path

Printcap name =/etc/printcap

// Allow printer sharing

Load printers = Yes

// Set the printer type

Printing = cups

// Set the log file path

Log File =/var/log/samba/% m. Log

// Do not limit the length of log files

Max log size = 0

// Set the user security level

Security = user

// Set User Password Encryption

Encrypt passwords = Yes

// Set the path of the password file

SMB passwd file =/etc/samba/smbpasswd

// Configure synchronization between Samba user accounts and UNIX system accounts

Unix Password Sync = Yes

// Set the Local Password Program

Passwd program =/usr/bin/passwd % u

// Control the sessions between smbd and/usr/bin/password to change the user password.

Passwd chat = * New * password * % N \ n * retype * New * password * % N \ n * passwd: * All * authentication * tokens * Updated * successfully *

// Use Pam when the user asks to change the password, instead of the Local Password Program/usr/bin/passwd specified by passwd Program

Pam password change = Yes

// The user authentication is subject to Pam management restrictions.

Obey Pam restrictions = Yes

// Set the socket option for the session between the server and the customer

Socket Options = tcp_nodelay so_rcvbuf = 8192 SO _ sndbuf = 8192

// Do not perform DNS queries for customers

DNS proxy = No

// Set the Home Directory of each user

[homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775

// Set all printer sharing

[printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes

// Set personal sharing

[homepage]
   path = /usr/local/apache/htdocs
   valid users = oracle
   public = no
   writable = yes
   printable = no
   create mask = 0765