[mdlug] [Tech Support] How to configure public samba share
Brian
brian at dangerbacon.com
Sat Oct 31 13:07:24 EDT 2009
My guess is that this is because the [homes] directive is turned on
automatically giving uses access to their configured home directory.
I bet if you look the nobody users home directory is set to / causing
this to appear as a share. Removing homes would then fix it.
On 10/31/09, list1c30fe42 at bellsouth.net <list1c30fe42 at bellsouth.net> wrote:
> Servers,
>
> I need to configure a CentOS-5 server such that a pair of directories
> are publicly available to clients of many types.
> At this time, the directories are accessible by http, ftp, and nfs.
> They need to also be available as smb shares.
>
> I have configured samba such that according to instructions found on
> the CentOS website, and tried many variations.
> So far, if my windows (vm) test client has read only access to the
> directory pair, then it has root read/write access to the whole
> server.
>
> How should I configure samba to publicly expose two directories and
> nothing else?
> What samba tutorials would anyone (dis)recommend?
> I have read smb.conf(5), what am I missing?
>
>
> With config files as below,
>
> If I use smbpasswd -a -n nobody,
> + windows reports the "Vendor *" shares are read-only (as desired),
> - but / is visible and writeable as share "nobody"
> + mount.cifs ... -o ro,guest on a linux host
> can mount the directories
> + tdbdump reports only nobody in /etc/samba/smbusers
>
> If I don't use smbpasswd -a -n nobody,
> - Windows reports access denied.
> + mount.cifs ... -o ro,guest,security=none on a linux host
> can mount the directories
> + smbclient -L ... -N from another linux box lists the correct shares
> + tdbdump reports empty /etc/samba/smbusers
>
>
>
> Distro: CentOS-5
>
> ---- /etc/samba/lmhosts ----
> 127.0.0.1 localhost
> ---- /etc/samba/lmhosts ----
>
> ---- /etc/samba/smbusers ----
> # Unix_name = SMB_name1 SMB_name2 ...
> root = administrator admin
> nobody = guest pcguest smbguest
> ---- /etc/samba/smbusers ----
>
> ---- /etc/samba/published-smb.conf ----
> # ...
>
> [Vendor Things]
> comment = vendor things
> path = /opt/vendor/lib
> public = yes
> printable = no
> browseable = yes
> guest ok = yes
>
> [Vendor Documentation]
> comment = vendor online documentation
> path = /opt/vendor/doc
> public = yes
> printable = no
> browseable = yes
> guest ok = yes
> ---- /etc/samba/published-smb.conf ----
>
> ---- /etc/samba/smb.conf ----
> # This is the main Samba configuration file. You should read the
> # ...
> workgroup = MYGROUP
> server string = Samba Server Version %v
> ; ...
>
> # ----------------------- Standalone Server Options ------------------------
> #
> # Security can be set to user, share(deprecated) or server(deprecated)
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>
> security = user
> passdb backend = tdbsam
>
> # ...
>
> # ------------------ Printing Options ----------------
> # ...
> # You can choose a non default printing system using the Printing option
>
> load printers = yes
> cups options = raw
>
> # ...
>
> #================ Share Definitions ================
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> ; ...
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> guest ok = no
> writable = no
> printable = yes
>
> # ...
>
> # My public share
> include = /etc/samba/published-smb.conf
> ---- /etc/samba/smb.conf ----
>
> TIA,
> --
> Bob
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
More information about the mdlug
mailing list