Setup of Samba server under Linux (case simulation)

The Mock case:

ABC Company has 4 departments: Sales+design+develop+ops

Now you have to set up separate shared folders for each of the four departments and a share folder that can read and write to each other.

Considering the accidental deletion or malicious deletion of other employees with the department of the file, need to use the sticky attribute, sticky general role in the directory, once the role, then the directory files can only be deleted by the file founder or root.

Open up!

Step1 Creating a directory structure

Mkdir-p/abc/{design,sales,develop,ops,share{design,sales,develop,ops}}
/abc//abc/|-- Design|-- develop|-- ops|-- Sales '-- share    |--  Design    |-- Develop    |-- ops    '--Sales

STEP2 Add an Account

We create 2 users for each department and write a script user.sh

#/bin/Bash#depart=(Sales design develop OPS) for in ${depart[@]};  Do     groupadd $g    for in12);  Do -m-s/sbin/nologin-G ${g} ${g} $i    donedone         

STEP3 Configuration smb.conf

#======================= Global Settings =====================================[Global] Workgroup=SAMBA Serverstring=Samba Server NetBIOS name=SAMBA# ---------------------------Logging Options-----------------------------# Logs split per machine log file= /var/log/samba/log.%m # max 50KB per log file, then rotate max log size= -# -----------------------Standalone Server Options------------------------Security=User Passdb Backend=Tdbsam Load Printers=Yes cups options=raw#============================ Share Definitions ==============================;       [Homes]; Comment=Home Directory; Browseable=No; Writeable=No[sales] Comment=Sales Share Path=/abc/Sales browsable=Yes guest OK=No writable=No write list=@sales [design] Comment=Design Share Path=/abc/Design browsable=Yes guest OK=No writable=No write list=@design [Develop] comment=Develop share path=/abc/Develop browsable=Yes guest OK=No writable=No write list=@sales [ops] Comment=Ops share Path=/abc/Ops browsable=Yes guest OK=No writable=No write list=@sales [share] Comment= PublicShare Path=/abc/Share browsable=Yes guest OK=No writable= yes

Step4. Setting permissions

Chown:d Esign/abc/design

Chown:sales/abc/sales

Chown:d Evelop/abc/develop

Chown:ops/abc/ops

Chown:d Esign/abc/share/design

Chown:sales/abc/share/sales

Chown:d Evelop/abc/share/develop

Chown:ops/abc/share/ops

chmod 1770/abc/{design,sales,ops,develop}

chmod 775/abc/share

chmod 1775/abc/share/{design,sales,ops,develop}

Final stage: Test effect

Take Sales1 user as an example,

Relative root directory: Sales1 cannot enter a directory other than the sales and share folders.

Relative Sales directory: Sales1 can create new, delete your own files. However, the file created by Sales2 cannot be deleted (sticky worked)

Relative share directory: Sales1 can access all directories but only write permissions within the sales directory, and because sticky permissions are set, Sales1 cannot delete files created by Sales2.

At this point, complete

Setup of Samba server under Linux (case simulation)