Documente Academic
Documente Profesional
Documente Cultură
Home
Articles
Scripts
About
Printer Friendly
Forums
Blog
Samba
Certification
Linux
Misc
SMB
Search
Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps |
Linux
Home Articles
Linux Here
Like
Tweet
Installation
The Samba service is installed from a Yum repository using the following command.
# yum install samba
Turn on the Samba server and make sure it starts automatically on reboot.
# service smb start
# chkconfig smb on
Samba is configured by altering the contents of the "/etc/samba/smb.conf" and "/etc/samba/smbusers" files.
Configuration changes have to be followed by a reload or a restart of the smb service.
#
#
#
#
Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggest
opening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the
following additions to the INPUT chain.
Translate
http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
--dport
--dport
--dport
--dport
--dport
135
137
138
139
445
-j
-j
-j
-j
-j
ACCEPT
ACCEPT
ACCEPT
ACCEPT
ACCEPT
SELinux
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getsebool command.
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
#
The setsebool command is used to set a specific boolean value.
# setsebool use_samba_home_dirs on
# setsebool use_samba_home_dirs off
The samba_share_t context should be assigned to all content.
# semanage fcontext -a -t samba_share_t "/u01(/.*)?"
# restorecon -F -R -v /u01
You can check the current context setting on files and directories using the "ls -alZ" command.
More information on SELinux can be found here.
http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
mkdir
chgrp
chmod
chmod
/developers_dir
developers /developers_dir
g+s /developers_dir
-R 770 /developers_dir
Add the following share into the "/etc/samba/smb.conf" file. Notice the 0770 permissions again, so users don't
accidentally create files that can't be amended by other members of the group.
[devshare]
browseable=yes
path = /developers_dir
force group = +developers
valid users = @developers
write list = @developers
create mask = 0770
http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
OK
From another machine, mount the share as the "dev1" user and create a file.
# mkdir -p /u01/dev1
# mount -t cifs -o rw,username=dev1,password=dev1 //192.168.0.190/devshare /u01/dev1
# echo "apples" >> /u01/dev1/test.txt
From another machine, mount the share as the "dev2" user and edit the file created previously.
# mkdir -p /u01/dev2
# mount -t cifs -o rw,username=dev2,password=dev2 //192.168.0.190/devshare /u01/dev2
# echo "oranges" >> /u01/dev2/test.txt
# cat /u01/dev2/test.txt
apples
oranges
#
Security
The basic user security model for Samba is quite simple. As shown previously, existing Linux users can be made into
Samba users by issuing the "smbpasswd -a" command. This allows shares to be made user-specific by adding the
users into the "valid users" and "write list" entries of the "/etc/samba/smb.conf" file.
In a similar manner, permissions can be at the group-level by specifying the group with a preceeding "@" symbol.
Host-level security can be controlled using the Linux Firewall, or by addition of the "hosts allow" or "hosts deny"
parameters to the share definitions on the "/etc/samba/smb.conf" file. If these settings are placed in the "[global]"
section of the file, they affect all share defintions.
http://www.oracle-base.com/articles/linux/linux-samba-configuration.php