k12 needs suggestions on our first samba problem

Doug Douglass samba at denverdata.com
Thu Nov 29 13:55:02 GMT 2001 

Barry,

There appear to be two fundamental problems you're trying to tackle:

1. How to disconnect users from an existing share.

2. How to prevent users from reconnecting to this same share.


According to comments in smbd man page, the only way to achieve #1 is to
stop/start smbd. That's not too hard to accomplish from the server, or via
SWAT.

As for #2, you can, as you're currently thinking, modify your smb.conf just
prior to the restart to disable the share that students access, effectively
preventing new connections. Then, when administration of your app is
complete, modify the smb.conf again and SIGHUP/restart smbd alowing
connections to the share.


Or, this is completely untested:

1. Add the "deadtime" global setting in smb.conf to some reasonable number.
It would be great if this was a per share setting, but as it is this will
effect ALL SHARES. With this setting you at least have a known amount time
when a client connection will be considered dead by samba.

2. Write a script (let's call it script1) that checks for the existence of a
known file and returns non-zero on failure. The file file could be anything,
but I'm thinking something like ".SERVICE_DISABLED" in the application share
directory.

3. Add the following to the application share in your smb.conf:

	preexec = script1
	preexec close = yes

4. Create an administrative share for the same path that students map to,
but do not include the preexec settings.

With the above setup you could either manually, or via a cron job: 1) create
the ".SERVICE_DISABLED" file, 2) restart smbd. Then any connection request
to the student share would not be allowed, administration of the application
would be allowed, and removing the ".SERVICE_DISABLED" file would allow
student connections again.

I kinda like it, except for the need to restart smbd. If there were a
programatic way to disconnect users, then you could just incorporate that,
and the creation of the ".SERVICE_DISABLED" file, into the preexec of the
adminstrative share, and remove it with a postexec! That would be
slick...connect for admin purposes, students are disconnected, no new
students are alowed to connect, admin does his thing, disconnects, and
students are back at it.

If that all made sense, then I hope it helps you out. Feel free to email me
back as I'm just finishing a strong cup of coffee and should be ful of even
better ideas :-))

Doug

More information about the samba mailing list