Koozali.org: home of the SME Server

smb.conf and custom templates

john

smb.conf and custom templates
« on: March 01, 2002, 03:44:03 AM »
Hi all.

I'm trying to add a few lines to deny certain specific users access to certain ibays.

I know i'm supposed to use the 90ibays custom template, but what's the easiest way of doing this?

Just add a bunch of "if ibay=share1 $result.="invalid users=username/n""? (well, not _exactly_ like that. but you get the idea :)  )

is that right?

'cause it seems like it be a whole lot easier to just edit smb.conf and add the lines I need to the relevant shares.

thanks,
john

Tom Carroll

Re: smb.conf and custom templates
« Reply #1 on: March 01, 2002, 06:44:13 AM »
john wrote:

> 'cause it seems like it be a whole lot easier to just edit
> smb.conf and add the lines I need to the relevant shares.

You really should use the 90ibays template in the templates-custom directory.  This ensures that anytime you trigger an event that would rebuild the smb.conf file it will include any changes you make, otherwise you will lose anything you do to the smb.conf file and may open your shares to the users you do wish to have access.

Tom Carroll

Ray Mitchell

Re: smb.conf and custom templates
« Reply #2 on: March 01, 2002, 08:26:18 AM »
Dear John

Wouldn't it be easier to use the features of sme server ??

Using server-manager: eg www.yourdomain.com/server-manager

Set up a Group(s) which form the basis of access to an ibay.

Change the ownership of an ibay to a certain Group. Make sure you change from Administrator or Everyone to the applicable Group name. Also make access Read=Group, Write=Group.

Then make Users members of Group(s), remembering that users can be members of multiple groups. Only make a user a member of a group that owns an ibay that the user is entitled to access.

Therefore you restrict a certain user to only have access to ibays to which they have group access rights.

Job done, no need for command prompt intervention !!

Regards
Ray Mitchell

john

Re: smb.conf and custom templates
« Reply #3 on: March 03, 2002, 01:05:48 AM »
Ray Mitchell wrote:
>
> Dear John

Man I hate getting letters like this.... ;)

> Wouldn't it be easier to use the features of sme server ??
>
> Using server-manager: eg www.yourdomain.com/server-manager
>
> Set up a Group(s) which form the basis of access to an ibay.
>
> Change the ownership of an ibay to a certain Group. Make sure
> you change from Administrator or Everyone to the applicable
> Group name. Also make access Read=Group, Write=Group.
>
> Then make Users members of Group(s), remembering that users
> can be members of multiple groups. Only make a user a member
> of a group that owns an ibay that the user is entitled to
> access.
>
> Therefore you restrict a certain user to only have access to
> ibays to which they have group access rights.
>
> Job done, no need for command prompt intervention !!



hmm. yes. I think you may indeed be right. hadn't thought about it quite that way. I'm not a sys-admin,
just a hobbyist. :)

I'm actually trying to learn samba more than anything.

however, your method makes a lot of sense.

thanks for setting me straight :)

--john

john

Re: smb.conf and custom templates
« Reply #4 on: March 03, 2002, 10:29:31 PM »
So I did all that.

But I was looking at my smb.conf, and there's nothing about
valid groups, users, etc. I can assume than, that e-smith
determines all it's samba permissions from the linux
permissions, since linux permissions (nearly) always take
precedence over samba permissions. since all directories under
the ibay dir are --- for other.

not as much help for learning samba then. :)

thanks,
john

Ray Mitchell wrote:
>
> Dear John
>
> Wouldn't it be easier to use the features of sme server ??
>
> Using server-manager: eg www.yourdomain.com/server-manager
>
> Set up a Group(s) which form the basis of access to an ibay.
>
> Change the ownership of an ibay to a certain Group. Make sure
> you change from Administrator or Everyone to the applicable
> Group name. Also make access Read=Group, Write=Group.
>
> Then make Users members of Group(s), remembering that users
> can be members of multiple groups. Only make a user a member
> of a group that owns an ibay that the user is entitled to
> access.
>
> Therefore you restrict a certain user to only have access to
> ibays to which they have group access rights.
>
> Job done, no need for command prompt intervention !!
>
> Regards
> Ray Mitchell