由 ruochen 在 08-27-2003 20:14 发表:
smaba的问题!~~
我的系统是rh9,samba是系统自带的!~~我是在gui环境下配置的!samba的远程管理swat已经配置好了!
我建立两个帐号wangyang和wy,家目录都是在home下,即/home/wangyang和/home/wy,我想把他们的家目录都共享出来,但是/home/wangyang只能wangyang能访问,有读写的权限;/home/wy给所有用户,但是只能读,就这样的权限
我的配置文件如下:
Samba config file created using SWAT
from 210.43.133.45 (210.43.133.45)
Date: 2003/08/27 15:33:02
Global parameters
[global]
server string = samba server
encrypt passwords = yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = Newpassword* %n\n Retypenewpassword %n\n passwd:allauthenticationtokensupdatedsuccessfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
username map = /etc/samba/smbusers
guest ok = yes
printing = cups
[homes]
comment = Home Directories
valid users = %S
writeable = yes
create mask = 0664
directory mask = 0775
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[wangyang]
comment = only wangyang use read and write
path = /home/wangyang
writeable = yes
[wy]
comment = anybody use only read
path = /home/wy
guest ok = yes
由 Glue 在 08-27-2003 20:24 发表:
[wangyang]那一段用不着,因为有[homes],每个用户都能看到自己的 家目录
基于同样理由,[wy]也可以不要,但要把/home/wy的属主换成别的用户,这样的话 wy进来就只能看,不能改了。
-_-
由 ruochen 在 08-27-2003 20:38 发表:
This is the main Samba configuration file. You should read the
smb.conf(5) manual page in order to understand the options listed
here. Samba has a huge number of configurable options (perhaps too
many!) most of which are not shown in this example
Any line which starts with a ; (semi-colon) or a # (hash)
is a comment and is ignored. In this example we will use a
for commentry and a ; for parts of the config file that you
may wish to enable
NOTE: Whenever you modify this file you should run the command "testparm"
to check that you have not made any basic syntactic errors.
#======================= Global Settings =====================================
[global]
workgroup = NT-Domain-Name or Workgroup-Name
server string is the equivalent of the NT Description field
server string = samba server
This option is important for security. It allows you to restrict
connections to machines which are on your local network. The
following example restricts access to two C class networks and
the "loopback" interface. For more examples of the syntax see
the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
if you want to automatically load your printer list rather
than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
It should not be necessary to spell out the print system type unless
yours is non-standard. Currently supported print systems include:
bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
Uncomment this if you want a guest account, you must add this to /etc/passwd
otherwise the user "nobody" is used
; guest account = pcguest
this tells Samba to use a separate log file for each machine
that connects
log file = /var/log/samba/%m.log
Put a capping on the size of the log files (in Kb).
max log size = 0
Security mode. Most people will want user level security. See
security_level.txt for details.
security = SHARE
Use password server option only with security = server
The argument list may include:
password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
or to auto-locate the domain controller/s
password server = *
; password server =
1<nt-server-name>
2
3
4
5# Password Level allows matching of _n_ characters of the password for
6
7# all combinations of upper and lower case.
8
9; password level = 8
10
11; username level = 8
12
13
14
15# You may wish to use password encryption. Please read
16
17# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
18
19# Do not enable this option unless you have read those documents
20
21encrypt passwords = yes
22
23smb passwd file = /etc/samba/smbpasswd
24
25
26
27# The following is needed to keep smbclient from spouting spurious errors
28
29# when Samba is built with support for SSL.
30
31; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
32
33
34
35# The following are needed to allow password changing from Windows to
36
37# update the Linux system password also.
38
39# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
40
41# NOTE2: You do NOT need these to allow workstations to change only
42
43# the encrypted SMB passwords. They allow the Unix password
44
45# to be kept in sync with the SMB password.
46
47unix password sync = Yes
48
49passwd program = /usr/bin/passwd %u
50
51passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
52
53
54
55# You can use PAM's password change control flag for Samba. If
56
57# enabled, then PAM will be used for password changes when requested
58
59# by an SMB client instead of the program listed in passwd program.
60
61# It should be possible to enable this without changing your passwd
62
63# chat parameter for most setups.
64
65
66
67pam password change = yes
68
69
70
71# Unix users can map to different SMB User names
72
73; username map = /etc/samba/smbusers
74
75
76
77# Using the following line enables you to customise your configuration
78
79# on a per machine basis. The %m gets replaced with the netbios name
80
81# of the machine that is connecting
82
83; include = /etc/samba/smb.conf.%m
84
85
86
87# This parameter will control whether or not Samba should obey PAM's
88
89# account and session management directives. The default behavior is
90
91# to use PAM for clear text authentication only and to ignore any
92
93# account or session management. Note that Samba always ignores PAM
94
95# for authentication in the case of encrypt passwords = yes
96
97
98
99obey pam restrictions = yes
100
101
102
103# Most people will find that this option gives better performance.
104
105# See speed.txt and the manual pages for details
106
107socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
108
109
110
111# Configure Samba to use multiple interfaces
112
113# If you have multiple network interfaces then you must list them
114
115# here. See the man page for details.
116
117; interfaces = 192.168.12.2/24 192.168.13.2/24
118
119
120
121# Configure remote browse list synchronisation here
122
123# request announcement to, or browse list sync from:
124
125# a specific host or from / to a whole subnet (see below)
126
127; remote browse sync = 192.168.3.25 192.168.5.255
128
129# Cause this host to announce itself to local subnets here
130
131; remote announce = 192.168.1.255 192.168.2.44
132
133
134
135# Browser Control Options:
136
137# set local master to no if you don't want Samba to become a master
138
139# browser on your network. Otherwise the normal election rules apply
140
141; local master = no
142
143
144
145# OS Level determines the precedence of this server in master browser
146
147# elections. The default value should be reasonable
148
149; os level = 33
150
151
152
153# Domain Master specifies Samba to be the Domain Master Browser. This
154
155# allows Samba to collate browse lists between subnets. Don't use this
156
157# if you already have a Windows NT domain controller doing this job
158
159; domain master = yes
160
161
162
163# Preferred Master causes Samba to force a local browser election on startup
164
165# and gives it a slightly higher chance of winning the election
166
167; preferred master = yes
168
169
170
171# Enable this if you want Samba to be a domain logon server for
172
173# Windows95 workstations.
174
175; domain logons = yes
176
177
178
179# if you enable domain logons then you may want a per-machine or
180
181# per user logon script
182
183# run a specific logon batch file per workstation (machine)
184
185; logon script = %m.bat
186
187# run a specific logon batch file per username
188
189; logon script = %U.bat
190
191
192
193# Where to store roving profiles (only for Win95 and WinNT)
194
195# %L substitutes for this servers netbios name, %U is username
196
197# You must uncomment the [Profiles] share below
198
199; logon path = \\\%L\Profiles\%U
200
201
202
203# Windows Internet Name Serving Support Section:
204
205# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
206
207; wins support = yes
208
209
210
211# WINS Server - Tells the NMBD components of Samba to be a WINS Client
212
213# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
214
215; wins server = w.x.y.z
216
217
218
219# WINS Proxy - Tells Samba to answer name resolution queries on
220
221# behalf of a non WINS capable client, for this to work there must be
222
223# at least one WINS Server on the network. The default is NO.
224
225; wins proxy = yes
226
227
228
229# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
230
231# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
232
233# this has been changed in version 1.9.18 to no.
234
235guest ok = yes
236
237dns proxy = no
238
239
240
241# Case Preservation can be handy - system default is _no_
242
243# NOTE: These can be set on a per share basis
244
245; preserve case = no
246
247; short preserve case = no
248
249# Default case is normally upper case for all DOS files
250
251; default case = lower
252
253# Be very careful with case sensitivity - it can break things!
254
255; case sensitive = no
256
257
258
259#============================ Share Definitions ==============================
260
261[homes]
262
263comment = Home Directories
264
265browseable = no
266
267writeable = yes
268
269valid users = %S
270
271create mode = 0664
272
273directory mode = 0775
274
275# If you want users samba doesn't recognize to be mapped to a guest user
276
277; map to guest = bad user
278
279
280
281
282
283# Un-comment the following and create the netlogon directory for Domain Logons
284
285; [netlogon]
286
287; comment = Network Logon Service
288
289; path = /usr/local/samba/lib/netlogon
290
291; guest ok = yes
292
293; writable = no
294
295; share modes = no
296
297
298
299
300
301# Un-comment the following to provide a specific roving profile share
302
303# the default is to use the user's home directory
304
305;[Profiles]
306
307; path = /usr/local/samba/profiles
308
309; browseable = no
310
311; guest ok = yes
312
313
314
315
316
317# NOTE: If you have a BSD-style pri</nt-server-name>