Andrew Hudson - Fedora™ Unleashed, 2008 edition

[programs]

path = /usr/local/programs

writeable = true

This bit shares the /usr/local/programsdirectory with any valid user who asks for it and makes that directory writable. It is the most basic share because it sets no limits on the directory.

Here are some parameters you can set in the sections:

► Requiring a user to enter a password before accessing a shared directory

► Limiting the hosts allowed to access the shared directory

► Altering permissions users are allowed to have on the directory

► Limiting the time of day during which the directory is accessible

The possibilities are almost endless. Any parameters set in the individual sections override the parameters set in the [global]section. The following section adds a few restrictions to the [programs]section:

[programs]

path = /usr/local/programs

writeable = true

valid users = ahudsonahudson

browseable = yes

create mode = 0700

The valid usersentry limits useridto just ahudson. All other users can browse the directory because of the browseable = yesentry, but only ahudsoncan write to the directory. Any files created by ahudsonin the directory give ahudsonfull permissions, but no one else will have access to the files. This is exactly the same as setting permissions with the chmodcommand. Again, there are numerous options, so you can be as creative as you want to when developing sections.

The [global]section establishes configuration settings for all of Samba. If a given para meter is not specifically set in another section, Samba uses the default setting in the [global]section. The [global]section also sets the general security configuration for Samba. The [global]section is the only section that does not require the name in brackets.

Samba assumes that anything before the first bracketed section not labeled [global]is part of the global configuration. (Using bracketed headings in /etc/samba/smb.confmakes your configuration file more readable.) The following sections discuss common Samba settings to share directories and printers. You will then see how to test your Samba configuration.

The [homes]section shares out Fedora home directories for the users. The home directory is shared automatically when a user's Windows computer connects to the Linux server holding the home directory. The one problem with using the default configuration is that the user sees all the configuration files (such as .profileand others with a leading period in the filename) that he normally wouldn't see when logging on through Linux. One quick way to avoid this is to include a path option in the [homes]section. To use this solution, each user who requires a Samba share of his home directory needs a separate "home directory" to act as his Windows home directory.

For example, this pseudo home directory could be a directory named sharein each user's home directory on your Fedora system. You can specify the path option when using SWAT by using the %uoption when specifying a path for the default homesshares. The complete path setting would be as follows:

/home/%u/share

This setting specifies that the directory named shareunder each user's directory is the shared Samba directory. The corresponding manual smb.confsetting to provide a separate "home directory" looks like this:

[homes]

comment = Home Directories

path = /home/%u/share

valid users = %S

read only = No

create mask = 0664

directory mask = 0775

browseable = No

If you have a default [homes]section, the share shows up in the user's Network Neighborhood as the user's name. When the user connects, Samba scans the existing sections in smb.conffor a specific instance of the user's home directory. If there is not one, Samba looks up the username in /etc/passwd. If the correct username and password have been given, the home directory listed in /etc/passwd is shared out at the user's home directory. Typically the [homes]section looks like this (the browseable = noentry prevents other users from being able to browse your home directory and using it is a good security practice):

[homes]

browseable = no

writable = yes

This example shares out the home directory and makes it writable to the user. Here's how you specify a separate Windows home directory for each user:

[homes]

browseable = no

writable = yes

path = /path/to/windows/directories

The [printers]section works much like the [homes]section, but defines shared printers for use on your network. If the section exists, users have access to any printer listed in your Fedora /etc/printcapfile.

Like the [homes]section, when a print request is received, all the sections are scanned for the printer. If no share is found (and with careful naming, there should not be unless you create a section for a specific printer), the /etc/printcapfile is scanned for the printer name that is then used to send the print request.

For printing to work properly, printing services must be set up correctly on your Fedora computer. A typical [printers]section looks like the following:

[printers]

comment = Fedora Printers

browseable = no

printable = yes

path = /var/spool/samba

The /var/spool/sambais a spool path set just for Samba printing.

After you have created your /etc/smb.conffile, you can check it for correctness. Do so with the testparmcommand. This command parses through your /etc/smb.conffile and checks for any syntax errors. If none are found, your configuration file will probably work correctly. It does not, however, guarantee that the services specified in the file will work. It is merely making sure that the file is correctly written.

As with all configuration files, if you are modifying an existing, working file, it is always prudent to copy the working file to a different location and modify that file. Then you can check the file with the testparmutility. The command syntax is as follows:

# testparm /path/to/smb.conf.back-up

Load smb config files from smb.conf.back-up

Processing section "[homes]"

Processing section "[printers]"

Loaded services file OK.

This output shows that the Samba configuration file is correct, and, as long as all the services are running correctly on your Fedora machine, Samba should be working correctly. Now copy your old smb.conffile to a new location, put the new one in its place, and restart Samba with the command /etc/init.d/smb restart. Your new or modified Samba configuration should now be in place.