Ubuntu Samba Server Setup Procedure - Group and Permission
Ubuntu Samba Server Setup Procedure
1. Install Samba Server
$ sudo apt-get install samba
2. Uninstall Samba Server
$ sudo apt-get autoremove --purge samba
$ sudo apt-get remove samba
$ sudo apt-get autoremove samba
3. Create User
a. Setup User in Ubuntu
$ useradd -m <user>
b. Setup User in Samba Server
$ pdbedit -a <user>
c. Password Change
$ sudo passwd <user>
4. Create Group in Ubuntu
sambaでは、sambaが動作するLinux上に存在するグループ毎に、共有するファイルやディレクトリのアクセス権を変更できます。
a. Create Group
$ groupadd <group>
b. Add User to Group
$ gpasswd -a <user1> <group>
$ gpasswd -a <user2> <group>
User および Group 一覧は、/etc/フォルダーの group ファイルに記載されています。
5. Change ownership and Setup Permission
a. Change Ownership
$ sudo chown -R nobody:nogroup /mnt/sales
$ chown --help
Usage: chown [OPTION]... [OWNER][:[GROUP]] FILE...
or: chown [OPTION]... --reference=RFILE FILE...
or: chown [OPTION]... --reference=RFILE FILE...
Change the owner and/or group of each FILE to OWNER and/or GROUP.
With --reference, change the owner and group of each FILE to those of RFILE.
With --reference, change the owner and group of each FILE to those of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
(useful only on systems that can change the
ownership of a symlink)
--from=CURRENT_OWNER:CURRENT_GROUP
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
(useful only on systems that can change the
ownership of a symlink)
--from=CURRENT_OWNER:CURRENT_GROUP
change the owner and/or group of each file only if its current owner and/or group match those specified here. Either may be omitted, in which case a match is not required for the omitted attribute
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's owner and group rather than
specifying OWNER:GROUP values
-R, --recursive operate on files and directories recursively
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's owner and group rather than
specifying OWNER:GROUP values
-R, --recursive operate on files and directories recursively
The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the final
one takes effect.
option is also specified. If more than one is specified, only the final
one takes effect.
-H if a command line argument is a symbolic link
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
Owner is unchanged if missing. Group is unchanged if missing, but changed
to login group if implied by a ':' following a symbolic OWNER.
OWNER and GROUP may be numeric as well as symbolic.
Examples:
to login group if implied by a ':' following a symbolic OWNER.
OWNER and GROUP may be numeric as well as symbolic.
Examples:
chown root /u Change the owner of /u to "root".
chown root:staff /u Likewise, but also change its group to "staff".
chown -hR root /u Change the owner of /u and subfiles to "root".
chown root:staff /u Likewise, but also change its group to "staff".
chown -hR root /u Change the owner of /u and subfiles to "root".
b. Change group ownership
chgrpコマンドによって、publicの所有グループをgroup1に変更します。
$ sudo chgrp -R group1 /home/public/
$ chgrp --help
Usage: chgrp [OPTION]... GROUP FILE...
or: chgrp [OPTION]... --reference=RFILE FILE...
Change the group of each FILE to GROUP.
With --reference, change the group of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
(useful only on systems that can change the
ownership of a symlink)
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's group rather than specifying a
GROUP value
-R, --recursive operate on files and directories recursively
Usage: chgrp [OPTION]... GROUP FILE...
or: chgrp [OPTION]... --reference=RFILE FILE...
Change the group of each FILE to GROUP.
With --reference, change the group of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--dereference affect the referent of each symbolic link (this is
the default), rather than the symbolic link itself
-h, --no-dereference affect symbolic links instead of any referenced file
(useful only on systems that can change the
ownership of a symlink)
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's group rather than specifying a
GROUP value
-R, --recursive operate on files and directories recursively
The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the final
one takes effect.
option is also specified. If more than one is specified, only the final
one takes effect.
-H if a command line argument is a symbolic link
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
to a directory, traverse it
-L traverse every symbolic link to a directory
encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version output version information and exit
Examples:
chgrp staff /u Change the group of /u to "staff".
chgrp -hR staff /u Change the group of /u and subfiles to "staff".
chgrp -hR staff /u Change the group of /u and subfiles to "staff".
chmodコマンドによって、publicに対する読み、書き、実行権限をgroup1に属するユーザに与えます。chmodコマンドに "-R"オプションを付けると,あるディレクトリ(サブディレクトリ含む)にあるすべてのファイル,ディレクトリ,シンボリックリンクを対象に操作することができます。
$ chmod -R 774 /home/public/
order: owner - group - other
number: read=4 write=2 execute=1
774 = owner read write excute
group read write excute
number: read=4 write=2 execute=1
774 = owner read write excute
group read write excute
other read only
$ chmod --help
Usage: chmod [OPTION]... MODE[,MODE]... FILE...
or: chmod [OPTION]... OCTAL-MODE FILE...
or: chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's mode instead of MODE values
-R, --recursive change files and directories recursively
--help display this help and exit
--version output version information and exit
Usage: chmod [OPTION]... MODE[,MODE]... FILE...
or: chmod [OPTION]... OCTAL-MODE FILE...
or: chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.
-c, --changes like verbose but report only when a change is made
-f, --silent, --quiet suppress most error messages
-v, --verbose output a diagnostic for every file processed
--no-preserve-root do not treat '/' specially (the default)
--preserve-root fail to operate recursively on '/'
--reference=RFILE use RFILE's mode instead of MODE values
-R, --recursive change files and directories recursively
--help display this help and exit
--version output version information and exit
Each MODE is of the form '[ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+'.
以上でgroup1に属するユーザのみがアクセス可能なディレクトリの作成は完了です。後はsamba側の設定によってグループ毎の管理が可能になります。
6. Permission の確認
ファイルリストを表示するコマンドlsに「-l」オプションを付けて
$ ls -l
とすると,パーミッション情報が最初の10文字に表示されます。ここで先頭の1文字はファイルの種類,続く9文字は3文字ごとに「所有者」,「グループ」,「その他」のユーザ別パーミッションを表しています。
Note: Windows との関連
Windowsにはパーミッションという概念がありません.ですから,Windowsのファイルシステムはパーミッションの情報を保持できません.いったんFATやNTFSなどのファイルシステムに Linuxでつくったファイルやディレクトリを保存してしまうと,再びLinux側に移してもパーミッション情報が失われ,すべて775になってしまいます。
すべてのファイルに実行権限が付くことになり,これでは困ります.パーミッションの再設定を行うわけですが,一つずつchmodコマンドを打っていたのでは大変です.カレントディレクトリ以下のすべてのファイルのパーミッションを644に変更するには,つぎのようにfindと組み合わせてchmodを使います。
$ find ./ -type f | xargs chmod 644
これは,まず「find ./ -type f」でカレントディレクトリ以下のファイル名をすべて探し,その結果をパイプで「xargs」に渡して検索結果の一覧を作成し,「chmod 644」に渡して変更を適用させています。「chmod -R」を使わずに「-type f」でファイルに限定しているのは,「chmod -R」ではディレクトリまで644にしてしまい,そのディレクトリに移動できなくなるからです。
また,ファイルが少ない場合や拡張子が限定されている場合は
Comments
Post a Comment