Redes - Samba: Comparticion de recursos por niveles

porblema

crear directorios para tres grupos de usuarios

  • secretaria
  • coordinacion
  • jefes

arbol de directorio

|- compartidos
|  |- secretaria
|  |  |- secretaria01
|  |  |- secretaria02
|  |- coordinacion
|  |  |- coordinacion01
|  |  |- coordinacion02
|  |  |- coordinacion03
|  |  |- coordinacion04

crear usuarios en el sistema
y usar "smbpasswd -a <usuario>" para asignale contraseña en samba

condiciones exigidas

  • el servidor samba debe pedir autenticcion de los usuarios para acceder a los directorios
  • todos los usuarios deben poder modificar solo sus propios directorios, pero con acceso de solo lectura a los recursos de su mismo grupo, los jefes pueden cambiar todo
  • otras redes no pueden tener acceso a esos recursos

procedimiento

instalar samba

configurar samba/smb.conf

# Samba config file created using SWAT
# from UNKNOWN (127.0.0.1)
# Date: 2014/01/22 09:53:12

[global]
    workgroup = WORKGROUP
    realm = CARPETASRED
    netbios name = CARPETASRED
    server string = Recursos compartidos
    dns proxy = no
    security = user
    passdb backend = tdbsam
    # cups options = raw
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    usershare allow guests = yes
    map to guest = Bad User
    username map = /etc/samba/smbusers
    guest ok = yes
log file = /var/log/samba/log.%m
max log size = 50
syslog = 0
# name resolve order = lmhosts host wins bcast
time server = yes
    interfaces = lo br0 192.168.16.0/24 192.168.34.0/24 127.0.0.1
    hosts allow = 127. 192.168.34. 192.168.16.
    # remote announce = 192.168.16.0/24 192.168.34.0/24
################ Auditoria de Samba ###############################
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite rename
full_audit:facility = local5
full_audit:priority = notice
################################################################
veto files = /*.inf/*.bat/*.scr/*.lnk/*.cmd/
delete veto files = yes
########## Printing ##########
load printers = yes
printing = cups
printcap name = cups
usershare max shares = 100
encrypt passwords = true
guest account = nobody

###################################

[recursos_compartidos]
    admin users = jefe01 jefe02
    valid users = jefe01 jefe02
    path = /home/compartir/recursos/
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

###################################

[coordinacion]
    valid users = coordinacion01 coordinacion02 coordinacion03 coordinacion04
    path = /home/compartir/recursos/coordinacion/
    public = no
    guest ok = no
    read only = yes
    writeable = no
    create mask = 0777
    directory mask = 0777

[secretaria]
    valid users = secretaria01 secretaria02
    path = /home/compartir/recursos/secretaria/
    public = no
    guest ok = no
    writeable = no
    read only = yes
    create mask = 0777
    directory mask = 0777

###################################

[secretaria01]
    admin users = secretaria01
    valid users = secretaria01
    path = /home/compartir/recursos/secretaria/secretaria01
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

[secretaria02]
    admin users = secretaria02
    valid users = secretaria02
    path = /home/compartir/recursos/secretaria/secretaria02
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

###################################

[coordinacion01]
    admin users = coordinacion01
    valid users = coordinacion01
    path = /home/compartir/recursos/coordinacion/coordinacion01
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

[coordinacion02]
    admin users = coordinacion02
    valid users = coordinacion02
    path = /home/compartir/recursos/coordinacion/coordinacion02
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

[coordinacion03]
    admin users = coordinacion03
    valid users = coordinacion03
    path = /home/compartir/recursos/coordinacion/coordinacion03
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

[coordinacion04]
    admin users = coordinacion04
    valid users = coordinacion04
    path = /home/compartir/recursos/coordinacion/coordinacion04
    public = no
    guest ok = no
    writeable = yes
    create mask = 0777
    directory mask = 0777

el archivo samba/smbusers para asentar los usuarios habilitados

coordinacion01 = coordinacion01
coordinacion02 = coordinacion02
coordinacion03 = coordinacion03
coordinacion04 = coordinacion04
secretaria01 = secretaria01
secretaria02 = secretaria02
jefe01 = jefe01
jefe02 = jefe02

++++REFERENCIAS

*

Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.