[mdlug] [Tech Support] How to configure public samba share

list1c30fe42 at bellsouth.net list1c30fe42 at bellsouth.net
Sat Oct 31 11:46:58 EDT 2009 

Servers,

I need to configure a CentOS-5 server such that a pair of directories
are publicly available to clients of many types.
At this time, the directories are accessible by http, ftp, and nfs.
They need to also be available as smb shares.

I have configured samba such that according to instructions found on
the CentOS website, and tried many variations.
So far, if my windows (vm) test client has read only access to the
directory pair, then it has root read/write access to the whole
server.

How should I configure samba to publicly expose two directories and
   nothing else?
What samba tutorials would anyone (dis)recommend?
I have read smb.conf(5), what am I missing?


With config files as below,

If I use smbpasswd -a -n nobody,
   + windows reports the "Vendor *" shares are read-only (as desired),
   - but / is visible and writeable as share "nobody"
   + mount.cifs ... -o ro,guest on a linux host
     can mount the directories
   + tdbdump reports only nobody in /etc/samba/smbusers

If I don't use smbpasswd -a -n nobody,
   - Windows reports access denied.
   + mount.cifs ... -o ro,guest,security=none on a linux host
     can mount the directories
   + smbclient -L ... -N from another linux box lists the correct shares
   + tdbdump reports empty /etc/samba/smbusers



Distro: CentOS-5

     ---- /etc/samba/lmhosts ----
127.0.0.1 localhost
     ---- /etc/samba/lmhosts ----

     ---- /etc/samba/smbusers ----
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
     ---- /etc/samba/smbusers ----

     ---- /etc/samba/published-smb.conf ----
# ...

[Vendor Things]
         comment = vendor things
         path = /opt/vendor/lib
         public = yes
         printable = no
         browseable = yes
         guest ok = yes

[Vendor Documentation]
         comment = vendor online documentation
         path = /opt/vendor/doc
         public = yes
         printable = no
         browseable = yes
         guest ok = yes
     ---- /etc/samba/published-smb.conf ----

     ---- /etc/samba/smb.conf ----
# This is the main Samba configuration file. You should read the
# ...
         workgroup = MYGROUP
         server string = Samba Server Version %v
; ...

# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

         security = user
         passdb backend = tdbsam

# ...

# ------------------ Printing Options ----------------
# ...
# You can choose a non default printing system using the Printing option

         load printers = yes
         cups options = raw

# ...

#================ Share Definitions ================

[homes]
         comment = Home Directories
         browseable = no
         writable = yes
; ...

[printers]
         comment = All Printers
         path = /var/spool/samba
         browseable = no
         guest ok = no
         writable = no
         printable = yes

# ...

# My public share
include = /etc/samba/published-smb.conf
     ---- /etc/samba/smb.conf ----

TIA,
--
Bob

More information about the mdlug mailing list