In this article we will tell you how to install and configure file storage on the Linux operating system, or rather, we will use server Ubuntu 16.04 LTS. Most deb-based distributions are configured in a similar way.

Such a server can be used for network installation of a 1C:Enterprise file database - this is much more reliable than storing it on one of the users’ work computers. Or such a server can be adapted for network backup storage.

Just do not use the same server to install the infobase and store its backup copies.

Why Linux? Firstly, it is free and completely legal. Secondly, Linux consumes much less hardware resources, and even old, scrapped equipment will do an excellent job of file storage. Thirdly, a well-configured Linux practically does not require the intervention of a system administrator; it is operated according to the “set it and forget it” principle.

So, let's begin…

Equipment selection

As I already wrote, almost any equipment will suit us, but we still have some wishes. Since the server will be a file server, our wishes will concern the disk system. It would be nice to find a machine with a RAID controller on board. If we are making a server to host a working file database, it would be a good idea to place it on RAID-5; if the storage is for backups, RAID-1 would be an excellent option.

At the same time, we do not have any special requirements for RAM; 1 GB is enough. There are also no special requirements for the processor; Linux will run on anything that is still alive.

Perhaps the best option is to purchase a refurbished, used server. Take the cheapest one you can find, the main thing is that it has undergone maintenance beforehand, it has been cleaned of dust and all system tests have been run.

For lack of anything better, you can use any old computer, but remember that you do this at your own peril and risk. The most vulnerable point of a file server is the disk subsystem. If you have it consisting of one single old disk, you are taking a very big risk.

If you cannot find a RAID controller, you can configure software RAID using the operating system. Please note that this will increase the requirements for the processor and RAM, but you will not be afraid of controller failure.

Operating system installation

First, let's define the server architecture. If you know the brand of processor installed in the server, by reading its specifications you will find out whether it is compatible with x86-64 (64 bit) or only i386 (32 bit) architecture. An indirect sign is the size of the RAM, 32-bit architecture cannot work with RAM of more than 3 GB, sometimes 4 GB of memory was installed in this architecture, but only 3 GB was visible in the system.

Contact the Father of Bots, first send him the command /start, then /newbot. Next, answer the questions of the Father of Bots, as a result you will receive from him a token and a link to your bot.

Open the configuration file

$ nano backtracker.conf

and set up

Token = # Here you need to specify the telegram bot token received from the Father of Bots failonly = # False if you want to receive messages about the presence of new files or True if only about their absence path = # Specify the path to the scanned folders hours = # Specify the “freshness” of the files in hours, for example 8

Run the utility

$./backtracker.ry

The first launch is needed to automatically determine the ID of the Telegram subscriber who will receive messages (this is not his phone number). Connect to your bot using the link that the Father of Bots gave you and send it the /start command. In response, you will receive a message that your ID has been determined, and the utility will configure itself and close. Run it again to perform the scan.

After setting up and checking the operation of the utility, add it to the cron daemon schedule

$ crontab -e

Add a line

0 8 * * * ~/backtracker/backtracker.py

The scan will run every day at 8 am. If something goes wrong at night, you will know about it.

System Resources

You can monitor server resources using the console utility top or its more colorful version htop. Let's install and launch it

$sudo apt install htop $htop

Monitor RAM usage periodically. If you often experience loads around 100%, set up a swap file.

$ sudo dd if=/dev/zero of=/swapfile bs=1M count=1024 $ sudo chmod 600 /swapfile && sudo mkswap /swapfile $ sudo swapoff -a $ sudo swapon /swapfile $ echo "/swapfile swap swap defaults 0 0 "| sudo tee -a /etc/fstab

Here count=1024 is the size of the paging file in megabytes.

Disk space

To monitor the file system, it is convenient to use the Midnight Commander file manager. If you have seen the times of MS DOS and Notron Commander, then there is no need to explain anything.

Install and launch

$ sudo apt install mc $ mc

It’s so convenient to monitor file storage, quarantine, and free disk space.

Deploying a file server for Windows machines on Ubuntu is quite simple. Typically, such a server is used to organize file storage within an Active Directory domain.

At the same time, you can easily create file servers on a domainless network, including for home use.

In any case, use Samba - install it using the Synaptic package manager or the following command:

sudoapt-get install samba

FileserverVcompositiondomainActive Directory

To create a file server integrated into an Active Directory domain, you first need to join your Ubuntu machine to the domain.

To create a file server, you do not need to configure PAM; you just need to add domain users and groups via Winbind to the system.

After logging into the domain, configure shared resources on your computer. Please note that Samba will map Windows file permissions to Unix permissions, but fundamental differences in the permissions mechanisms will likely prevent it from doing so. File rights are always and in any case managed by your file system on a computer running Ubuntu, and Samba can only adapt to them, but not change their behavior.

So by default, shared resources will have modest access control capabilities, including assigning different rights to the user, group, and everyone else. But you can easily fix this by adding POSIX ACL support to the FS. Then you can assign different rights to different users and groups, much like in Windows.

POSIX ACL support can be found in ext3/4, and to activate it you only need to add the acl parameter to the mount options of the desired partition.

Important! The directory that needs to be shared via Samba must be on a disk mounted with the acl option. Otherwise, it will be impossible to properly apply the mechanism for delimiting access rights to files on the shares.

Another thing to keep in mind is that POSIX ACLs do not support inheritance of access rights from parent directories, while Windows does have this feature. So Samba has an additional mechanism for storing permission inheritance information using extended file system attributes. In order for Samba to correctly handle inheritance of rights, in addition to acl, add the user_xattr parameter to the file system mounting options, which is responsible for enabling support for extended attributes.

For example, it is convenient to use separate LVM disks to organize shared resources. In this case, the lines in fstab for them look like this:

/dev/mapper/data-profiles /var/data/profiles ext3defaults,noexec,acl,user_xattr 0 2

The noexec option is needed to be on the safe side: there should be 100% no Linux executable files on Windows shares.

Install the package of necessary utilities for working with acl on Ubuntu:

Sudo aptitude install acl

Now view the extended rights (i.e. ACL) on a file or directory with the following command:

Getfacl file

Install with this command:

Setfacl file

Don't forget that the POSIX ACL mechanism has nothing to do with Samba - it's just an add-on to the standard Linux permissions mechanism. So Samba can use it, but cannot change or bypass it in any way.

To use extended FS attributes, a utility package similar to acl - attr - is useful, install it with the following command:

Sudo aptitude install attr

To view extended attributes, use the command:

Getfattr file

And to install do:

Setfattr file

Remember that Samba stores all inheritance information in binary form in a single extended attribute, user.SAMBA_PAI. So changing something using setfattr will not work, only complete removal of extended attributes is possible (in some cases this becomes necessary).

It is possible to control the inheritance of rights from a Windows machine using the standard tools of this system, or the smbcacls utility.

Extended file system attributes allow Samba to enable full support for DOS file attributes (for example, hidden, archive, etc.).

If your system has a directory that needs to be shared via Samba (and it is located on a disk mounted with acl and user_xattr support), configure its sharing - enter the necessary information in the /etc/samba/smb.conf file.

First of all, take care of the general settings for adding to the section of this file:

# Disable printer sharing. Unless, of course, you really want to share them. # To completely disable you need to specify all 4 lines below load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # Make files with the following names hidden when viewed on Windows hide files = /$RECYCLE.BIN/desktop.ini/lost+found/Thumbs.db/ # Use the next UNIX user as Guest for the public share guest account = nobody # Treat unregistered users as guest map to guest = Bad User ## Settings that use extended file system attributes # Handle inheritance of rights using extended FS attributes map acl inherit = yes # Use extended FS attributes to store DOS attributes store dos attributes = yes # Disable DOS attribute mapping on UNIX rights, enabled by default # According to man smb.conf, when using extended attributes, these options must be disabled map archive = no map system = no map hidden = no map readonly = no

Then configure the shared resource itself. In the example it is indicated as profiles, and physically on an Ubuntu machine it is located at /var/data/profiles:

# Comment comment = User Profiles # Path to the folder we are sharing path = /var/data/profiles/ # Users with unlimited access rights to the share # I have a Domain Administrators group. # These users are treated as local root when working with files admin users = "@DOMAIN\ Domain Administrators " # Hide folders that the user does not have access to hide unreadable = yes # Access is not read only read only = no # Masks for created files - can be set as desired#create mask = 0600 #directory mask = 0700 # Disabling locks - it's better to disable locking = no

There are a number of other options - all detailed information is in the Samba documentation.

Be sure to set the correct owner and access rights to the shared folder, otherwise writing to it may be prohibited at the Linux permission level. You can do this:

Sudo chmod ug + rwx /var/data/profiles sudo chown root :"domain users" / var/data/profiles

Attention! Since your Ubuntu machine is joined to a domain, you can use domain users and groups as file owners directly in Ubuntu.

Check that Samba is configured correctly with the following command:

Sudo /etc/init. d/samba restart

Now you can access the shared resource from any machine in the domain. But don’t forget about the SGID and Sticky bits for directories, designed to inherit the owning group and prevent users from deleting files that are not theirs - this is especially true for multi-user storages. At the same time, unlike editing rights from Windows, it is impossible to change these bits on folders on a shared resource - only manually directly on the Ubuntu computer.

Samba allows you to store previous versions of files, which can be useful when creating shares of user data.

Standalone file server

Not everyone has an Active Directory domain. Therefore, it often becomes necessary to organize an independent file storage on a Linux machine with its own authorization system. It is not difficult.

In this case, all information about users will be stored in the Samba database, and users will have to be added and deleted manually.

The main thing is to decide on the method of access to the resource used. You should correctly set the value of the security parameter in the section of the /etc/samba/smb.conf file.

The default value is share or user.

And do not forget to change the value of the workgroup parameter to the appropriate one, and all other settings will directly depend on specific goals.

At home it is convenient when everyone can see everyone. To do this, simply add 4 lines to the section of the /etc/samba/smb.conf file (some may already be present):

[ global ] workgroup = WORKGROUP map to guest = Bad User netbios name = NOTEBOOK security = user

NOTEBOOK - the name of the computer that will be on the network. Also install additional programs:

share

Then add the following lines to the end of the /etc/samba/smb.conf file, and replace “yuraku1504” with the username of the Samba computer:

[MyShareWork] comment = Anonymous Samba Share path=/home/yuraku1504/share guest ok= yes browsable = yes writable = yes read only = no force user = yuraku1504 force group = yuraku1504

The folder will be opened for reading and writing.

first of all, the article is for myself and for the same fools of novice system administrators or those who sympathize with them. so to speak, step-by-step instructions.
a server on Linux can be made from almost any old computer. The server version of Linux is not fancy, but works excellently. at your disposal may be: a file server (file storage), a printer server (centralized management of a printer or printers), a mail server (mailer), a game server (your own game server, necessarily with blackjack and whores), you can simply How to use a gateway to the Internet. There are many possibilities (I haven’t listed them all here).

today I'm interested in file server And web server(for the game support site). This post will be about them.

1. installing a linux distribution. creating users.
The already beloved Ubuntu was taken as a basis. specifically in this case, fresh was used Ubuntu 9.10 server i386.
You can download the isoshnik for free from the official Canonical website.

after loading the working console, I installed Midnight Commander. This is a pseudo-graphical shell, similar to Norton Commander (at one time it was installed on the gooless MS DOS). very convenient to use.
$ sudo apt-get install mc
$mc

I plan to have several games on the server. Accordingly, I will create several accounts with minimal rights.

2. configure samba and raise the file server.
First, let's configure the server's network card. select a free IP address (I had 192.168.1.4 free).
We configure the grid by editing the file: /etc/network/interfaces:
$ sudo nano -w etc/network/interfaces
interfaces file contents:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.4
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

[note that "address" is written with two"d" and two"s". I had some mistakes here. most likely due to inattention]

then:
# echo server.home.net > /etc/hostname

And further:
$hostname
$ hostname -f
these two commands should display the name server.home.net.

now, actually, samba. If you didn’t select Samba file server at the very beginning (during installation of the distribution), then it’s okay. We can now install all the necessary packages:
$ sudo apt-get install samba smbclient smbfs ntp ntpdate

we installed the programs: Samba, SMBlient and SMBFS, which are the basis for our file server.
I installed the latest packages - NTP and NTPDate - so that the server could synchronize its system clock over the Internet.

Let's execute a command that will make our disk accessible to all network users (we will give them full rights to this disk).:
$ sudo mkdir /media/multimedia
$ sudo chmod 777 /media/multimedia

Now let's configure Samba.
this is necessary so that our file server is visible on the home network.
By default, in Windows, all network computers are included in a workgroup called MSHOME.
Let's check that samba has the same workgroup name in the configuration file:
$ sudo nano -w /etc/samba/smb.conf

find and edit the line:
workgroup=MSHOME

[You can, of course, assign your own values ​​to the workgroup parameter. just remember that the name of the workgroup in Windows and Linux must be the same.]

so that the disk is visible, as well as read and written for all network users, add to the end of the config:
comment = Public Folder
path = media/multimedia
public = yes
writable = yes
create mask = 0777
directory mask = 0777
force user = nobody
force group = nogroup

[note that "nogroup" is written seamlessly. In many descriptions the settings are written separately. It didn’t work for me when writing separately]

save the changes to the file and reload the Samba package:
$ sudo /etc/init.d/samba force-reload

3. install apache and launch the web server.
you don't need much for a web server. everything is quite simple here. you need to install apache (what is Apache) and have HTML skills.
$ sudo apt-get install apache2

After installing Apache, you can start creating a website. By default, the address of your site will be the same as the IP address of your server in the local area (for example, http://192.168.1.4). it's no good. you need a human address (domain name, read about domains). there are two options here.
1. buy. normal second-level domain (such as http://myserver.com).
2. take a free one, but of the third level (like http://game.myserver.com).

paid costs about 600 rubles for half a year. free - not worth a damn.

I used a free third-level domain for my server at http://dynDNS.com. There you need to register, select a domain name (provided that it is free), indicate your real ip (). on your Internet gateway (or router), configure port forwarding on port 80 from HTTP to your internal server IP.

As a result (if everything is configured correctly), when accessing the address you registered, the user ends up on the main web page of the site on your server.

how to set up your website.
all site settings are in /var/www. by default in this directory there is one modest index.html with an inscription It works!, which hints to us about normal operation.
This file can/should be edited to suit you, to create your own website.

restart the server with the command:
$ sudo shutdown -r now

One of the most common uses of servers in general is file storage. Such storage facilities may contain backup copies of user files and databases, and storage facilities are also used to store information that needs to be shared with employees of a company or a specific department of the company. Within the framework of this material - setting up a Samba server.

Samba is the most popular software package used for creating file storage, ( SMB/CIFS storage that allows you to organize a file server, to which clients using machines based on both Linux and Windows OS will have access).

Also apply NFS(“Network File Systems”) and iSCSI storages based on data blocks (partitions, LVM) to which remote access is provided. iSCSI “exports” not the file system, but the device itself; you can work with it remotely as with a local disk.

This article will look at an example of building a file storage using Samba.

Setting up a Samba server on Ubuntu

Samba is widely used precisely because of its ability to work with clients using different operating systems. It can be integrated with Active Directory, which, however, is not common practice.

The file server that will be configured is designed to serve 30-50 clients.

Two basic configurations will be configured sequentially: a file storage to which all users of the organization have access (“ file dump") and storage that has certain access restrictions.

We read the package description and check the dependencies:

apt-cache show samba | less

If a 404 error occurs during the installation process, this means that any files necessary for correct installation were not found in the repositories.

We update the lists of repositories (if necessary, adding the necessary ones in advance and install the package; && means that the second part of the command will be executed only if the first is executed successfully).

apt-get update && apt-get install samba

workgroup = remote-tech-support

We bring the value of the workgroup parameter in accordance with the recommendations contained in the commented out lines of the config - we indicate our domain - setting this parameter, by the way, is not at all necessary.

The package will work using the default options, however, to ensure a minimum level of security, one value must be adjusted:

Remove the comment mark before the parameter

security = user

Setting up a basic file server configuration

Samba's function now is to provide minimal functionality - the ability to freely exchange files.

Go to the bottom of the config and add a “ball”:

read only = no
path = /mnt/fileserver
guest ok = no

The main ones are the directives with the name of the shares, the access level and the path to the directory to which shared access is provided.

read only determines the ability to write to shared files

Restarting the service

/etc/init.d/smbd restart

Creates a directory for the file server

Now the logical volume is 10 GB in size, let's call it vg0

lvcreate -L 10G -n samba vg0

Add to fstab so that the volume is mounted every time the computer is rebooted

/dev/vg0/samba /mnt/fileserver ext4 defaults 0 0

Updating information about mounted devices

Checking whether the ball is visible in the file system

Passwords for accessing the file server

User passwords for working with smbd differ from system user passwords (which are set in /etc/passwd).

Passwords for working with Samba are set using the smbpasswd command

Create test directories

We see that the owner of TestA is student

TestB owner is root

The goal now is to allow all users to write information to files in both directories.

Create a new fileserver group and add the student user to it

adduser student fileserver

We see that the test directories have the owner group root.

Removing directories

We install the group ID bit balls on the directory.

chgrp fileserver fileserver/

chmod g+rws fileserver/

Due to +s, rights (user ownership) will be inherited by all files created within the shared

directory.

Checking that the fileserver user group is listed

We add a line to the config, due to which all users accessing the share will be temporarily added to the fileserver group

mcedit /etc/samba/smb.conf

comment = Everybody can use that share
read only = no
path = /mnt/fileserver
guest ok = no
force group = fileserver
force create mode = 666
force create mode = 777

Open another terminal and log in as user student

ALT+F2

Let's create files whose owner will be student

drwxr-sr-x student fileserver TestA
drwxr-sr-x student fileserver TestB

The owner of the directories is student, the owner group is fileserver. The security bit(s) installed earlier is present.

We turn on a Windows PC located on the same subnet. Log in using the student user details.

At the command line, type //server01 (or any other name previously given to the server)
We see the Public share directory, which contains the TestA and TestB directories

We create a text document in Public share and make sure that no errors occur.
We look at the properties of TestB - we see that the owner of the directory is root, the group is fileserver. For TestA - fileserver and student, respectively.

In TestA you can create and edit any files, TestB can be viewed through the fileserver group, you cannot create or edit files here.

User or group write rights are sufficient. There is no need to use both user and group for the same directory.

Setting up a more secure configuration and differentiating rights

Now we will change the Samba configuration by providing each user with a directory for storing personal information

mcedit /etc/samba/smb.conf

remove comment marks from the lines related to the section. After restarting Samba, upon authorization, each user will see a directory whose name will coincide with the user name; personal data can be stored in this directory, to which only the user who owns the directory (and root) will have access.

We set the value of the read only parameter in the section to no, and also edit the values ​​of other parameters:

read only = no
create mask = 0700
directory mask = 0700
valid users = %S

/etc/init.d/samba reload

Let's go to Windows. It is necessary to update the list of shared directories because the OS caches data - one way is to go directly to the user directory, type \\server01 in the command line, then in the address field \\server01\student

We find ourselves in the user’s home directory, where we can create files and directories. Creating a directory

Back to Linux. We look at the rights and see that the owner and group of the owner are student

comment = Share for accounting department
read only = no
path = /mnt/fileserver/Accounting
guest ok = no
force group = +accounting
force create mode = 660
force directory mode = 770

Here we add security by setting +accounting; in contrast to the previously configured configuration, users are not added to the group, but only use it to gain access to the share. By setting rights, users who are not members of the owner’s group are prevented from even reading files created by Samba.

Accordingly, in order for a user to be assigned the rights of the accounting user group, he must already be a member of it.

comment = IT department
read only = no
path = /mnt/fileserver/IT
guest ok = no
force group = +IT
force create mode = 660
force directory mode = 770

Create directories:

mkdir /mnt/fileserver/Accounting

mkdir /mnt/fileserver/IT

Add groups and an existing user to one of the groups. All user and group names in Linux are case sensitive.

Reading the configuration

Specify users and user groups:

chmod root.fileserver fileserver

chmod root.accounting Accounting

Checking whether directory ownership is configured correctly

Removing test directories:

We return to Windows. Since student is a member of the IT group, he should only have access to the directory related to the IT department. He must not have access to other directories (he can view the contents of the Accounting directory, but cannot create or edit files). Let us make sure that this is indeed the case.

Let's make the settings according to the last scenario. Let's create a group with limited access.

adduser student internet_dev

chown www-data.internet_dev internet/

mcedit /etc/samba/smb.conf

comment = IT department
read only = no
path = /var/www/internet
guest ok = no
valid users = @internet_dev
force group = internet_dev
force create mode = 664
force directory mode = 775

The valid users value here assumes the presence of users in the internet_dev group, and you can also specify a list of users here.
Other rights are set because not only users will work with the /var/www/internet directory, but also, in this case, Apache

In Windows, refresh the information on the screen (F5) and try to open the internet directory. If the settings made are correct, these attempts will not be successful - the password entry window will be displayed endlessly.

adduser student internet_dev

Let's create and open a document in Windows - we don't save it.

On Linux we run smbstatus

smbstatus- a command showing the shared shares, the files opened in them and the users using them.

We find the ID of the process responsible for maintaining the connection with the share (let's say 2456) and kill it

Doing ps aux and among the processes we see a newly spawned process of the same kind, but with a different ID - it was recreated by Samba

We go back to Windows and see that the open but not saved document is in the same state in which we left it, we can continue to edit it, then save it.

Our experience confirms that if the file server is interrupted, the data being worked with will not be lost.

Chapter 11: Setting Up a Read-Only File Server

11.1. Creating a shared directory

Let's start working with the Samba server by setting up a simple file server with read-only access. Every client (even anonymous clients using guest access) will be able to read the contents of shared files.

The first step is to create a directory and place several test files in it.

# mkdir -p /srv/samba/readonly # cd /srv/samba/readonly/ # echo "It's cold today." >winter.txt # echo "It's hot today." >summer.txt # ls -l total 8 -rw-r—r— 1 root root 17 Jan 21 05:49 summer.txt -rw-r—r— 1 root root 18 Jan 21 05:49 winter.txt #

11.2. Configuring shared directory settings

11.2.1. Section of global parameters of the smb.conf configuration file

In this example, the Samba server is in a workgroup named WORKGROUP (which is a standard workgroup). We also specify a server description string that can be seen by users exploring the network using the net view command, Windows Explorer, or the smbclient utility.

# head -5 smb.conf workgroup = WORKGROUP server string = Public Anonymous File Server netbios name = TEACHER0 security = share

You may have noticed a line in the above section of the server configuration file. This line sets the standard mode for restricting access to our Samba server. Setting the access mode allows clients (which can be the smbclient utility, any version of Windows OS, another Samba server) to provide a password to access each of the shared resources. This is one of the options for using the SMB/CIFS protocol. Another use of this protocol (called user mode) allows the client to provide a username and password combination before the server obtains information about the share the client wishes to access.

11.2.2. Section of shared resource settings of the smb.conf configuration file

Our shared resource will be named pubread, and the path to the previously created directory will be used as the path (specified using the path parameter). Each user will be able to access this directory (through the use of the parameter value) read-only (according to the parameter value).

Path = /srv/samba/readonly comment = files to read read only = yes guest ok = yes

Below is a very similar configuration used by the Samba server included with the Ubuntu 11.10 distribution.

root@ubu1110:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = UBU1110 security = share path = /srv/samba/readonly read only = yes guest ok = yes

In fact, the name of the Linux distribution you use is not critical. Below is a similar configuration used by the Samba server included in the Debian 6 distribution, which is essentially identical to the one above.

root@debian6:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = DEBIAN6 security = share path = /srv/samba/readonly read only = yes guest ok = yes

11.3. Server restart

After testing the configuration file using the utility, you should restart the Samba server (so that you do not have to wait for information about the shared resource to begin distributing between computers on the network).

# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]

11.4. Checking the presence of a shared resource

11.4.1. Checking using the smbclient utility

Now you can check the availability of a shared resource using the utility. Our share is the fourth share in the list.

# smbclient -NL 127.0.0.1 Domain= OS= Server= Sharename Type Comment ——— —- ——- IPC$ IPC IPC Service (Public Anonymous File Server) global$ Disk pub0 Disk pubread Disk files to read Domain= OS= Server= Server Comment ——— — —- TEACHER0 Samba 3.0.33-3.7.el5 W2003EE Workgroup Master ——— ——- WORKGROUP W2003EE

11.4.2. Check using Windows OS

The last step in checking for the presence of a shared resource is to read the file from the Samba shared directory using a computer running Microsoft Windows. First of all, we must use the command to mount the pubread shared directory as a disk drive, denoted by the letter K:.

C:\> net use K:\\teacher0\pubread The command completed successfully.

After this, we must check the ability to view the contents of the shared directory and read files from this directory.

C:\> dir k: Volume in drive K is pubread Volume Serial Number is 0C82-11F2 Directory of K:\ 01/21/2009 05:49

. 21/01/2009 05:49 .. 01/21/2009 05:49 17 summer.txt 01/21/2009 05:49 18 winter.txt 2 File(s) 35 bytes 2 Dir(s) 13.496.242.176 bytes free

In order to simply make sure that it is safe to use a Samba server to organize file sharing, let's try to write data to a file from a directory shared with it.

K:\> echo very cold > winter.txt Access is denied. K:\>

Or, you can use Windows Explorer.

11.5. Note about using netcat utility

The above Windows shell output was obtained in the Linux console using a utility to interact with the Windows command shell.

This utility works quite simply: it waits for a connection to a specific port of a computer running Windows OS, and executes the command shell binary file cmd.exe after receiving the connection. The netcat utility is similar to the cat utility in the sense that, like the cat utility, it does nothing other than transfer data, but the netcat utility is designed to transfer data over a network.

To create the conditions necessary to establish the described connection, you should run the following command on a computer running Windows OS (after downloading the Windows version of the netcat utility).

nc -l -p 23 -t -e cmd.exe

After this, you can establish a connection to this machine using the netcat utility from any computer running Linux. This will display the cmd.exe shell greeting in your Linux shell.

paul@laika:~$ nc 192.168.1.38 23 Microsoft Windows (C) Copyright 1985-2003 Microsoft Corp.

Setting up a corporate file server on Debian Linux

C:\> net use k: /delete net use k: /delete k: was deleted successfully.

11.6. Practice: Setting up a file server with read-only access

11.7. The correct procedure for completing a practical task: setting up a file server with read-only access

1. Create a directory to allow each client on the network to have read-only access to its files in a suitable file system directory (following the standard FHS file system hierarchy).

Select one of the following options:

The directory must not be used!

The directory should not be used either!

The directory is also not suitable!

2. Make sure that you have set the correct owner ID for the created directory and that the files in it are public.

chown root:root /srv/samba/readonly chmod 755 /srv/samba/readonly

3. Place the text file in the created directory.

echo Hello World > hello.txt

4. Provide all clients with access to the created directory over the network using the Samba server.

Your Samba server configuration file smb.conf.readonly might look like this:

Workgroup = WORKGROUP server string = Read Only File Server netbios name = STUDENTx security = share path = /srv/samba/readonly comment = read only file share read only = yes guest ok = yes

Test its correctness using the testparm utility before use!

5. Check from your computer and a separate computer (using the smbclient, net use, commands) the readability of files from the shared directory.

If using Linux:

If using Windows Explorer: Go to the My Network Neighborhood directory.

If you are using the Windows command shell

6. Create a backup copy of your smb.conf server configuration file named smb.conf.ReadOnlyFileServer.

cp smb.conf smb.conf.ReadOnlyFileServer

If you liked the article, share it with your friends:

Samba- a program that allows you to access network drives on various operating systems using the SMB/CIFS protocol. It has client and server parts. It is free software, released under the GPL license.

Samba runs on most Unix-like systems such as GNU/Linux, POSIX-compliant Solaris and Mac X Server, various BSD variants, /2, Windows. Samba included in almost all GNU/Linux distributions, including, of course, Ubuntu.

To make a shared folder in Ubuntu Desktop, just right-click on the folder and select the “Publish Folder” menu item. There is no need to edit any configuration files. Everything described below applies only to manual configuration, for example, in the case of creating a file server.

To install, just open a terminal and enter:

sudo apt-get install samba

The application will be automatically downloaded and installed.

Using the terminal, we will make a backup copy of the initial configuration file:

sudo cp /etc/samba/smb.conf(,.bak)

Now you can edit the settings file /etc/samba/smb.conf; to do this, open it in any text editor with superuser rights. For example, like this:

sudo nano /etc/samba/smb.conf

— what is written below is generally speaking just one specific scenario for using Samba, and in a huge number of cases everything is configured absolutely wrong. The article needs to be corrected, focusing on the capabilities of Samba, and not just on the use of this program as a file storage with local authorization. It is better to include the example with file storage in a separate detailed article.

An example of setting up Samba as a standalone file server with authorization:

; Global server settings; General server settings ; Computer name that will be displayed in the network environment netbios name = main-server server string = ; Client workgroup workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true ; File for user name aliases username map = /etc/samba/smbusers name resolve order = hosts wins bcast ; wins support is set to yes if your nmbd(8) in Samba is a WINS server. Do not set this parameter to yes unless you have multiple subnets and do not want your nmbd to act as a WINS server. Never set this parameter to yes on more than one machine within the same subnet. wins support = no ; Printer support printing = CUPS printcap name = CUPS ; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no ; Configuring binding to which interfaces to listen on, if listens on all interfaces are not specified; interfaces = lo, eth0 ; bind interfaces only = true ; ; ; path = /var/lib/samba/printers ; browseable = yes ; guest ok = yes ; read only = yes ; write list = root ; create mask = 0664 ; directory mask = 0775 ; ; ; path = /tmp ; printable = yes ; guest ok = yes ; browseable = no ; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Hard drive ball; The name of the balls is visible from clients; Path to the shared disk path = /media/sda1 ; Is it possible to browse browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 ; Binding to a specific user name or group, names separated by a space; force user = user1 user2 ; force group = group1 group2 ; Another hard drive, similar to the one above path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755

Now we need to deal with the users.

Samba uses users that are already in the system, let’s take the name user as an example, let’s say that it is already in the system, we need to add it to the SMB database and assign a password to access shared resources, we’ll do this with the command:

smbpasswd -a user

You will be prompted to enter a password, the user will be added to the database, now you need to enable this user.

smbpasswd -e user

Next, let's create an alias for the username user to make it easier for us to access from a Windows machine on which we have, for example, a user named Admin. To do this, we'll create and edit the file /etc/samba/smbusers:

sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers

Write a couple of lines into the file

# Unix_name = SMB_name1 SMB_name2 user = Admin

This completes the setup, restart Samba.

For Ubuntu 10.04 version use the command:

sudo service smbd restart

For earlier versions use:

sudo /etc/init.d/samba restart

Now you can use shared resources.

Setting up a Samba server on Ubuntu

Customization apps

There are also applications that allow you to configure Samba through a graphical interface (see GUI applications for working with Samba).

You can install the simplest one for Samba with the command:

sudo apt-get install system-config-samba

It is launched with the command:

sudo system-config-samba

It writes all changes to the samba configuration file.

For remote administration of Samba, webmin is perfect as a web interface for Samba.

File server for Windows network

Very often Samba is used to create a file server on a Windows network. A separate article is devoted to a description of this use case:

Articles about Samba

Links

Opening Windows to a Wider World. (slogan on www.samba.org)

Samba - implementation of network protocols Server Message Block (SMB) And Common Internet File System (CIFS). The main purpose is to share files and printers between Linux and Windows systems.

Samba consists of several daemons that run in the background and provide services and a number of command line tools for interacting with Windows services:

• smbd- a daemon that is an SMB server for file services and print services;
• nmbd- a daemon that provides NetBIOS naming services;
• smblient— the utility provides command line access to SMB resources. It also allows you to get lists of shared resources on remote servers and view your network environment;
• smb.conf— a configuration file containing settings for all Samba tools;

List of ports used by Samba

An introductory article about the basic principles of sharing files and printers.

Server installation and configuration

# under Arch Linux, server yaourt -S samba # under Arch Linux, client yaourt -S smbclient # under Ubuntu, server sudo apt-get install samba samba-common system-config-samba

Copy the settings file smb.conf

sudo cp /etc/samba/smb.conf.default /etc/samba/smb.conf

By default they are created resources for user home directories (section homes V smb.conf) and printers (section printers).

Access to the resource can be password-based or anonymous. For the first method there are a couple of points:

1. the user must exist in the system (created using the command and set a password);
2. the user must be added as a Samba user (using the command);

View users

sudo pdbedit -L -v

It is necessary that the computers belong to the same workgroup, in Windows this is the default WORKGROUP, so we will use it.

Below is an example of a simple file smb.conf with settings for anonymous access to the directory /srv/samba/public.

sudo mkdir -p /srv/samba/public sudo chmod -R 0777 /srv/samba/public

Parameter names are not case sensitive. There are synonyms for some common parameters, and antonyms for others. For example, writable And writeable are synonyms, and read-only– an antonym for them, i.e. option read only = yes is equivalent to option writable = no.

Workgroup = WORKGROUP server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = user map to guest = Bad User dns proxy = no # follow symlinks unix extensions = no wide links = yes follow symlinks = yes # utf encoding dos charset = cp866 unix charset = UTF8 # disable printers load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # hosts allow = 127. 192.168.24 . # by default, all files starting with a dot will have the “hidden” attribute hide dot files = yes comment = public folder path = /home/proft/public read only = no locking = no browsable = yes # allow guest access guest ok = yes force user = nobody force group = nobody # guest only = yes # create mode = 0777 # directory mode = 0777 # allow access only user1, user2 # valid users = user1, user2

Let's check the correctness of the settings using the command

The option specifies to also display default values.

Let's start the Samba server

# under Arch Linux sudo systemctl start smbd # under Ubuntu, server sudo service start smbd

Let's check the connection to Samba per port 139 by using

telnet 192.168.24.100 139

Samba has a number of options related to user authentication. The most important of them is the parameter security, which can take five different values