[Gllug] Group directories and Samba shares

[Bruce Richardson]

On Tue, Nov 27, 2001 at 10:51:37PM +0000, John Edwards wrote:
> Hi
> I'm looking into ways of automating the setting up of Samba shares for 
> shared group areas, and was wondering if anyone has tried this and got 
> any suggestions on how to do it or what to avoid.
> 
> 
> One of the great things about Samba is it's automatic sharing of the 
> user's home directory, but there is nothing similar for groups. For most 
> of the places the machines are at the group areas are used much more than 
> the users' home directories because people want shared places to work on 
> project files, lookup accounts information, etc.

You could set something up using variable substitutions and file
includes.  For example, %G expands to the primary group of the
connecting user, so you could have

include = /var/state/samba/%g.options

and put any group-specific things you like in there.  The fact that it's
the primary group is restrictive but you could do useful things with the
distinction between %u, %g, and %U, %G (%u and %g may be determined by
"force user" and "force group", for example)

The simplest way I can see do do this is simply to have one or two

include = /var/state/samba/%U.options

includes in smb.conf, maybe one for global options and one in the shares
section.  These include files would themselves contain include lines
which would include files containing the settings for specific groups.  

So

1.  Create include files containing the settings for specific groups.
Distribute them to your servers (using rsync or cfengine or whatever).

2.  For each user, create an include file (or include files) containing
a series of

include = /etc/samab.group1.options
include = /etc/samab.group2.options

lines and push that out to your servers.

When a user's group membership changes, recreate their include file to
specify the right groups and push it out.  When a group's settings
change, push that out.

Crude but it would work.

> The boxes I use run RedHat 7.x and Debian 2.2, so most tools are 
> available including Perl and cfengine.

cfengine works.  You could have cfengine on the samba servers pull down
the user/group config files from a master server, either on a scheduled
basis or by running cfrun.  But I'm teaching egg-sucking here.

Variable substitution can do most everything else in your list, as well.

Another, riskier option that occurs to me is to have the
/var/state/samba/%U.options file be a fifo.  The fifo could pull it's
information from any kind of script or process, which itself could be
getting information from a central host.  But a lot is dependent on how
samba reads the file.  I use a fifo to generate my random sigs but I
occasionally get 3 out at once.

-- 
Bruce

The ice-caps are melting, tra-la-la-la.  All the world is drowning,
tra-la-la-la-la.  -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011128/f715d4b2/attachment.pgp>