Samba Permissions for Networking Newbie

I have a home file server I am setting up with 2 hard drives (openSUSE 10.3 and files). My router handles all the DHCP functions and my network consists of Linux, Windows XP and a laptop.

I cannot just open full access because I don’t trust my son who is becoming a little hacker.

My question/request/plea is

  1. Does the below look like a doable structure or would there be a better structure to do the same thing?
  2. **How do I set this up?!! **
    I am new to networking and permissions on a whole, and still learning Yast and openSUSE.

Thank you for taking the time to look at this.

____ Below is the details of the structure I am attempting to create. ______

SYSTEM INFORMATION:
I’ve grouped things down to 4 users and 3 categories of users and 2 roles with a mix of permissions.

4 usersF= Father ; the admin (me)
M= Mother ; no clue what they are doing
D= Daughter : should have limited access
S= Son : has to have limited access (potential hacker, high-risk)3 Categories Administration;
[INDENT]for web server, database, updates
for web development
YAST (over SSH) for general management
Shared;
for all users to access, but only Mom and Dad can modify/deleteUser;each users has own directory for their files, inaccessible to others (except maybe Mom and Dad)
contains a “public” folder for anybody to read/write to [/INDENT]2 Roles:Parents
[INDENT]full access to Administration
full access to Shared
full access to User (specifically the kids’ directories)
Kids
no access to Administration
read-only access to Shared
full access to their own User directory and public ONLY[/INDENT]
CATEGORY ACCESS AND SAMPLE DIRECTORIES:

The Administration category :

sample directories:/SAMBA/admin/backups
/srv/www/…users access:parent role
[INDENT]F → Full access
M → Full access kid role D → no access
S → no access[/INDENT]

The Shared category:

sample directories:/SAMBA/shared/family
/SAMBA/shared/pictures
/SAMBA/shared/video
/SAMBA/shared/musicusers access:parent role
[INDENT]F → Read/Write access to all
M → Read/Write access to allkid roleD → Read-Only access to all
S → Read-Only access to all[/INDENT]

The Users category: (each user has own directory, plus a “public” directory fully read/write)

sample directories:/SAMBA/users/public
/SAMBA/users/Dad
/SAMBA/users/Mom
/SAMBA/users/Daughter
/SAMBA/users/Son
users access:parent role[INDENT]F → Read/Write access to [Dad]
M → Read/Write access to [Mom]kid roleD → Read/Write access to [Daughter]
S → Read/Write access to [Son]all users* → Read/Write access to [public]
[/INDENT]

SAMPLE USER CASES:

sample Usage (assuming above directories are /SAMBA/shared and /SAMBA/user):
Mom wants to save her files on the server so it is accessible from all household computers:
=> save to SAMBA/user/mom

Dad wants to save pictures from digital camera for all to see (but not for kids to accidentally delete):
=> save to SAMBA/share/Pictures

Daughter wants to save pictures from digital camera:
=> save to /SAMBA/user/My Pictures
=> or
=> save to SAMBA/user/public (then Mom or Dad can move to /SAMBA/share/Pictures if desired)

Son wants to get into Daughter’s files to cause havoc (that’s what brothers do!):
=> should have access to her directory

Daughter wants to email a family pciture from recent vacation to best friend:
=> grab from /SAMBA/share/Pictures

Mother wants to make homemade Christmas cards to send out:
=> grab pictures from /SAMBA/share/Pictures
=> work on them locally
=> save final files in /SAMBA/share/Family/ChristmasCards (or something like that)

Dad wants to print out more of these Christmas cards for co-workers:
=> grab files from /SAMBA/share/Family/ChristmasCards

Dad wants to update PHP on server:
=> ssh into server
=> “su” into Root
=> run “yast”

Does ANY of this make any sense?

Hi,
it is very interesting, that you do not get answers to your question.
Whereever you search there are plenty of how to samba/nfs but no advice for such questions.
I do have the same problem and I also wonder what is the most useful directory structure and permissions, especially as I use a heterogenious network with Windows and Linux…
If you discovered something I’d be glad to hear from you…

Jo

Hey guys. I to have had this issue in the past. I have dugg around looking for the answers to no avail, but have figured it out on my own. I’m only missing just a very small piece.

On your server side I would suggest implementing the server that rrcomputerconsulting.com demonstartes in their article. It is fairly easy to set up, but you must know how to use ssh and nano. Also you have to intuitively change entries based on your home network name. Also, use Ubuntu 8.04 or below. If you use Debian stable (which I do) you will have to work around the authclientconfig part. This is a very stable server. Mine has been running for about a year with no shutdowns or reboots.

I am in the process of developing a new guide for people just like us. I found the folks are not very helpfullon the irc chats. In fact they are downright rude. So anyway here is the address of the rr site. RRCC: Viewing the article “Ubuntu 7.10 Small Business Server (version 2.0)”

Hope that helps.

If you guys want to send me your e-mail I can work with you through there.

Thanks

Ernie

eanda-sbs.com