Results 1 to 3 of 3

Thread: Samba Permissions for Networking Newbie

  1. #1
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,295
    Blog Entries
    1

    Default Samba Permissions for Networking Newbie

    I have a home file server I am setting up with 2 hard drives (openSUSE 10.3 and files). My router handles all the DHCP functions and my network consists of Linux, Windows XP and a laptop.

    I cannot just open full access because I don't trust my son who is becoming a little hacker.

    My question/request/plea is
    1. Does the below look like a doable structure or would there be a better structure to do the same thing?
    2. How do I set this up?!! I am new to networking and permissions on a whole, and still learning Yast and openSUSE.


    Thank you for taking the time to look at this.

    ____ Below is the details of the structure I am attempting to create. ______

    SYSTEM INFORMATION:
    I've grouped things down to 4 users and 3 categories of users and 2 roles with a mix of permissions.

    4 users
    F= Father ; the admin (me)
    M= Mother ; no clue what they are doing
    D= Daughter : should have limited access
    S= Son : has to have limited access (potential hacker, high-risk)
    3 Categories
    Administration;
    for web server, database, updates
    for web development
    YAST (over SSH) for general management
    Shared;
    for all users to access, but only Mom and Dad can modify/delete
    User;
    each users has own directory for their files, inaccessible to others (except maybe Mom and Dad)
    contains a "public" folder for anybody to read/write to
    2 Roles:
    Parents
    full access to Administration
    full access to Shared
    full access to User (specifically the kids' directories)
    Kids
    no access to Administration
    read-only access to Shared
    full access to their own User directory and public ONLY
    CATEGORY ACCESS AND SAMPLE DIRECTORIES:

    The Administration category :

    sample directories:
    /SAMBA/admin/backups
    /srv/www/...
    users access:
    parent role
    F --> Full access
    M --> Full access
    kid role
    D --> no access
    S --> no access

    The Shared category:

    sample directories:
    /SAMBA/shared/family
    /SAMBA/shared/pictures
    /SAMBA/shared/video
    /SAMBA/shared/music
    users access:
    parent role
    F --> Read/Write access to all
    M --> Read/Write access to all
    kid role
    D --> Read-Only access to all
    S --> Read-Only access to all


    The Users category: (each user has own directory, plus a "public" directory fully read/write)

    sample directories:
    /SAMBA/users/public
    /SAMBA/users/Dad
    /SAMBA/users/Mom
    /SAMBA/users/Daughter
    /SAMBA/users/Son
    users access:
    parent role
    F --> Read/Write access to [Dad]
    M --> Read/Write access to [Mom]
    kid role
    D --> Read/Write access to [Daughter]
    S --> Read/Write access to [Son]
    all users
    * --> Read/Write access to [public]

    SAMPLE USER CASES:

    sample Usage (assuming above directories are /SAMBA/shared and /SAMBA/user):
    Mom wants to save her files on the server so it is accessible from all household computers:
    => save to SAMBA/user/mom

    Dad wants to save pictures from digital camera for all to see (but not for kids to accidentally delete):
    => save to SAMBA/share/Pictures

    Daughter wants to save pictures from digital camera:
    => save to /SAMBA/user/My Pictures
    => or
    => save to SAMBA/user/public (then Mom or Dad can move to /SAMBA/share/Pictures if desired)

    Son wants to get into Daughter's files to cause havoc (that's what brothers do!):
    => should have access to her directory

    Daughter wants to email a family pciture from recent vacation to best friend:
    => grab from /SAMBA/share/Pictures

    Mother wants to make homemade Christmas cards to send out:
    => grab pictures from /SAMBA/share/Pictures
    => work on them locally
    => save final files in /SAMBA/share/Family/ChristmasCards (or something like that)

    Dad wants to print out more of these Christmas cards for co-workers:
    => grab files from /SAMBA/share/Family/ChristmasCards

    Dad wants to update PHP on server:
    => ssh into server
    => "su" into Root
    => run "yast"

    Does ANY of this make any sense?

  2. #2

    Default Re: Samba Permissions for Networking Newbie

    Hi,
    it is very interesting, that you do not get answers to your question.
    Whereever you search there are plenty of how to samba/nfs but no advice for such questions.
    I do have the same problem and I also wonder what is the most useful directory structure and permissions, especially as I use a heterogenious network with Windows and Linux.....
    If you discovered something I'd be glad to hear from you...

    Jo

  3. #3
    eanda-sbs NNTP User

    Default Re: Samba Permissions for Networking Newbie

    Hey guys. I to have had this issue in the past. I have dugg around looking for the answers to no avail, but have figured it out on my own. I'm only missing just a very small piece.

    On your server side I would suggest implementing the server that rrcomputerconsulting.com demonstartes in their article. It is fairly easy to set up, but you must know how to use ssh and nano. Also you have to intuitively change entries based on your home network name. Also, use Ubuntu 8.04 or below. If you use Debian stable (which I do) you will have to work around the authclientconfig part. This is a very stable server. Mine has been running for about a year with no shutdowns or reboots.

    I am in the process of developing a new guide for people just like us. I found the folks are not very helpfullon the irc chats. In fact they are downright rude. So anyway here is the address of the rr site. RRCC: Viewing the article "Ubuntu 7.10 Small Business Server (version 2.0)"

    Hope that helps.

    If you guys want to send me your e-mail I can work with you through there.

    Thanks

    Ernie

    eanda-sbs.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •