Wednesday, December 29, 2010

SMB -- Provide network shares suitable for group collaboration

Configuring SMB shares for groups is very similar to sharing for an individual. The only gotcha here is making sure security on the folder are set properly.
Scenario: You have a group named group1, users foo and bar are members of this group. You need to share a directory named /group1 to these users only.

  1. Install samba
    1. yum install samba-client samba-common samba
  2. Configure the /etc/samba/samba.conf file
  3. Find the line workgroup and set the correct workgroup name
  4. At the end of the file, create a new directory block using the same syntax as the others. Note the use of the +group1 for valid users, this identifies it as a group instead of a user
    1.  #group1
    2. [group1]
    3. path = /group1
    4. writeable = yes
    5. browseable = yes
    6. valid users = +group1
  5. Save the file and restart the services -- service smb restart, service nmb restart
  6. Ensure the folder being shared is owned by the group
    1. chown root:group1 /group1
  7. Ensure the file permissions allow the group to read/write
    1. chmod 775 /group1 -R


GDP said...

If SELinux is enabled, you will need to label /group1 with samba_share_t using semanage.

Otherwise, the group will be denied access.

Anonymous said...

Group collaboration also implies setting the SETGID bit on the top directory.
So the chmod command would be

chmod 2775 /group1 -R