The Mock case:
ABC Company has 4 departments: Sales+design+develop+ops
Now you have to set up separate shared folders for each of the four departments and a share folder that can read and write to each other.
Considering the accidental deletion or malicious deletion of other employees with the department of the file, need to use the sticky attribute, sticky general role in the directory, once the role, then the directory files can only be deleted by the file founder or root.
Open up!
Step1 Creating a directory structure
Mkdir-p/abc/{design,sales,develop,ops,share{design,sales,develop,ops}}
/abc//abc/|-- Design|-- develop|-- ops|-- Sales '-- share |-- Design |-- Develop |-- ops '--Sales
STEP2 Add an Account
We create 2 users for each department and write a script user.sh
#/bin/Bash#depart=(Sales design develop OPS) for in ${depart[@]}; Do groupadd $g for in12); Do -m-s/sbin/nologin-G ${g} ${g} $i donedone
STEP3 Configuration smb.conf
#======================= Global Settings =====================================[Global] Workgroup=SAMBA Serverstring=Samba Server NetBIOS name=SAMBA# ---------------------------Logging Options-----------------------------# Logs split per machine log file= /var/log/samba/log.%m # max 50KB per log file, then rotate max log size= -# -----------------------Standalone Server Options------------------------Security=User Passdb Backend=Tdbsam Load Printers=Yes cups options=raw#============================ Share Definitions ==============================; [Homes]; Comment=Home Directory; Browseable=No; Writeable=No[sales] Comment=Sales Share Path=/abc/Sales browsable=Yes guest OK=No writable=No write list=@sales [design] Comment=Design Share Path=/abc/Design browsable=Yes guest OK=No writable=No write list=@design [Develop] comment=Develop share path=/abc/Develop browsable=Yes guest OK=No writable=No write list=@sales [ops] Comment=Ops share Path=/abc/Ops browsable=Yes guest OK=No writable=No write list=@sales [share] Comment= PublicShare Path=/abc/Share browsable=Yes guest OK=No writable= yes
Step4. Setting permissions
Chown:d Esign/abc/design
Chown:sales/abc/sales
Chown:d Evelop/abc/develop
Chown:ops/abc/ops
Chown:d Esign/abc/share/design
Chown:sales/abc/share/sales
Chown:d Evelop/abc/share/develop
Chown:ops/abc/share/ops
chmod 1770/abc/{design,sales,ops,develop}
chmod 775/abc/share
chmod 1775/abc/share/{design,sales,ops,develop}
Final stage: Test effect
Take Sales1 user as an example,
Relative root directory: Sales1 cannot enter a directory other than the sales and share folders.
Relative Sales directory: Sales1 can create new, delete your own files. However, the file created by Sales2 cannot be deleted (sticky worked)
Relative share directory: Sales1 can access all directories but only write permissions within the sales directory, and because sticky permissions are set, Sales1 cannot delete files created by Sales2.
At this point, complete
Setup of Samba server under Linux (case simulation)