In my workplace, we switched from Windows shared folder for network use to Ubuntu server for our 4 disc hardware raid. We do not use Active Directory (I don't even know what it is) but we do use user permissions to access the raid and mount it as a network drive. You can install webmin and use that to help manage the server.
There are a couple tricks: setting up the user permissions and umask in smb.conf and then getting the shared folder's permissions and "sticky bits" set correctly.
Edit with some details of how I set up my file server:
1.5 years after answering this question, I installed new server OS (now is Debian 7.3) and went through setting up samba, again using webmin. One thing that didn't work as expected was user passwords linking to unix passwords. This QA fixed that with suggesting manually issuing smbpasswd -a <username>
. Although the old ubuntu HDD was failing, I copied /etc/
to the /raid
so I can look back at what worked before.
We've got the below permissions set up. The "smb" user and password are known by anyone needing access to the network share, which is then mapped to a drive letter consistently on windows computers. If I log in from my chrisk user on windows which coincidentally uses same password as on the filesrv, then I can access my personal folder on the raid as well as all of the /raid
files. There are no "personal" groups, everyone is in users
group.
12:53 chrisk@filesrv /raid$ ls -alh
drwxrwsr-x. 47 smb users 4.0K Dec 29 18:43 .
drwxr-xr-x 23 root root 4.0K Dec 27 02:36 ..
drwxrwsr-x. 7 smb users 4.0K Aug 15 2009 catalog_tech
drwx--S--T. 42 chrisk users 12K Dec 29 20:52 chrisk
drwxrwsr-x. 5 smb users 4.0K Oct 12 12:36 customers
drwxrwsr-x. 6 smb users 4.0K Dec 20 12:48 dealers
drwxrwsr-x 3 smb users 4.0K Nov 5 17:51 Distributors
drwxrwsr-x. 22 smb users 4.0K Dec 29 16:58 docs
drwx--S--T. 42 liz users 12K Dec 29 20:52 liz
drwx------ 17 smb users 4.0K Sep 8 2011 smb
I read up and to get these permissions, I believe that I did a # chmod -R 7775 *
on /raid
and then # chmod -R 7775 <user>
for each username.
This works really well for when windows share users log in and create files and lets the drive behave as one would expect on their own computer. Things get a little iffy when I am writing code, though, because I switch from Windows OS to my Linut Mint computer and I sshfs
mount /raid
and I'll create files that Windows people can't mess with because they will keep my permissions. On this brave new Debian raid world, I'll have to see if this is still the case.
Security is the inverse of convenience this configuration is very convenient and thus unsecure in many aspects of file security or employee vandalism. It works great for "mom & pop" situations. When we have new employees (twice in 7 years), we all have a meeting and go over what the staff thinks about it all. It is only one step better than having a Windows box with an everyone
share.
Next steps of improved security I am considering: There could be users
and staff
groups implemented for nuanced levels of security and then make an "everyone login" that isn't smb
for folks to access and share everyday files. SMB could probably have yet another everyone
user which doesn't have write/delete privileges, too.