[Gllug] Group directories and Samba shares

John Edwards john_ed at cornerstonelinux.co.uk
Tue Nov 27 22:51:37 UTC 2001 

Hi
I'm looking into ways of automating the setting up of Samba shares for 
shared group areas, and was wondering if anyone has tried this and got 
any suggestions on how to do it or what to avoid.


One of the great things about Samba is it's automatic sharing of the 
user's home directory, but there is nothing similar for groups. For most 
of the places the machines are at the group areas are used much more than 
the users' home directories because people want shared places to work on 
project files, lookup accounts information, etc.

The Filesystem Hierarchy Standard does not specify any particular place 
for group shared areas, except to say that /home is the place for home 
directories, so I would assume that would be the place for any group 
directories as well (and also aviod any group/name).


After doing it on several machines by hand this is getting to be a chore, 
especially when some of them are only accessible sporadically via a modem.

The Systems guys at my previous place of work (Brunel Uni) had a system 
setup based on make and Perl, but was limited to only the primary group 
and tied into the local setup of nis for the user account information, 
and so is probably not very portable (and could have ownership/licensing 
issues).

The boxes I use run RedHat 7.x and Debian 2.2, so most tools are 
available including Perl and cfengine.


The beginnings of a plan:

*) User and group account information are aquired from the default name 
   service using getpwent and getgrent (probably using Perl). We can not 
   assume /etc/passwd and /etc/group.

*) User home directories stay in /home/$USERNAME (mainly private files).
   Samba will automatically share this, and it's mounted by a login script.

*) Group shared directories in /home/SHARED/$GROUPNAME, and chmod 2775 
   so that all files are always group-writable by the group. System groups 
   and private groups belonging to a user account would not be included.

*) The smb.conf is setup as required by the local sysadmin, with the 
   addition of an "include" line for an autogenerated smb-groups.conf.

*) The smb-groups.conf file is created by a script whenever the user 
   account information changes. Groups entries are restricted to members 
   of the group and group ownership and group write are enforced.

*) Windows login scripts could also be automatically written from a 
   template, with the groups that a user belongs to being automounted 
   at login. The lack of drive letters can restrict the number of mounts.

*) Unix machines using NFS can just mount /home of course.

*) And once the main work is done netatalk configuration for Macintosh 
   clients would not be too difficult.


So anyone interested ? Results from any work will be copyrighted by 
respective authors and available under the GPL.


-- 
#------------------------------------------------------------#
|      John Edwards    Email: John.Edwards at uk.com            |
|                                                            |
|     "Security vulnerabilities are here to stay."           |
|   Scott Culp, Manager, Microsoft Security Response Center  |
#------------------------------------------------------------#

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list