Unit 14: File Server




          You  will  need  to  restart  the  SAMBA  daemons  to  effect  these  changes.  Restart  the  SAMBA   notes
          daemons with the following command entered at a terminal prompt:
          sudo /etc/init.d/samba restart

          computer accounts

          Computer  Accounts  are  used  in  Directory  Services  to  uniquely  identify  computer  systems
          participating in a network, and are even treated in the same manner as users in terms of security.
          Computer accounts may have passwords just as user accounts do, and are subject to authorization
          to network resources in the same manner as user accounts. For example, if a network user, with
          a valid account for a particular network attempts to authenticate with a network resource from a
          computer which does not have a valid computer account, depending upon policies enforced on
          the network, the user may be denied access to the resource if the computer the user is attempting
          authentication from is considered to be an unauthorized computer.
          A  computer  account  may  be  added  to  the  SAMBA  password  file,  provided  the  name  of  the
          computer being added exists as a valid user account in the local password database first. The
          syntax for adding a computer or machine account to the SAMBA password file is to use the
          smbpasswd command from a terminal prompt as follows:
          sudo smbpasswd -a -m COMPUTER_NAME




             Note     Be sure to replace the token COMPUTER_NAME in the example above with
             the actual name of the specific computer you wish to add a machine account for.
          file permissions


          File Permissions define the explicit rights a computer or user has to a particular directory, file,
          or set of files. Such permissions may be defined by editing the /etc/samba/smb.conf file and
          specifying the explicit permissions of a defined file share. For example, if you have defined a
          SAMBA share called sourcedocs and wish to give read-only permissions to the group of users
          known as planning, but wanted to allow writing to the share by the group called authors and the
          user named richard, then you could edit the /etc/samba/smb.conf file, and add the following
          entries under the [sourcedocs] entry:

          read list = @planning
          write list = @authors, richard
          Save the /etc/samba/smb.conf for the changes to take effect.
          Another  possible  permission  is  to  declare  administrative  permissions  to  a  particular  shared
          resource. Users having administrative permissions may read, write, or modify any information
          contained in the resource the user has been given explicit administrative permissions to. For
          example,  if  you  wanted  to  give  the  user  melissa  administrative  permissions  to  the  example
          sourcedocs  share,  you  would  edit  the  /etc/samba/smb.conf  file,  and  add  the  following  line
          under the [sourcedocs] entry:

          admin users = melissa
          Save the /etc/samba/smb.conf for the changes to take effect.









                                           LoveLy professionaL university                                   279