[Samba] Airing Dirty Laundry
Avery Payne
apayne at pcfruit.com
Tue May 27 21:46:45 GMT 2008
On Sat, 24 May 2008 01:00:31 +0200, Udo Rader wrote:
>
> BTW, providing your smb.conf or actually the output of testparm would be
> a good start point to get better feedback on what goes wrong with your
> installation.
>
> - --
> Udo Rader
> http://www.bestsolution.at
Please note that this has had names changed to protect the guilty and
confuse the innocent. I have also heavily bowlderized any mention of
vendors into formats suitable for public display. Settings have been
left intact, and the entire shebang is of course behind a firewall so
I have no fear in exposing networking names.
The references can easily be inferred and for those who are not in
the know, you can visit www.centos.org and determine for yourself what
Prominent North American Enterprise Linux Vendor refers to. :D
Please forgive the cut-n-paste verbosity but at the time there was
considerable pressure and emphasis on documenting why each setting was
used, why the GUI wasn't used (which was a sore point with some staff) and
who-set-what, hence the repeated mention of GUI options not being
available, etc. And yes, there are a few sections that "repeat" - I
noticed that and will be cleaning that up as we head towards implementing
recommendations. After getting my public flogging^W^W^W^Wreceiving
constructive critism, I'll be looking forward to implementing ACL
inheritance and other settings that are sorely missing.
Yes, it's a mess, yes it needs some work - but that's why I'm posting it
here, eh?
#===================== Global Settings ===============================
[global]
# ----------------------- Network Related Options
-------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the
hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = PDX
; --- 2007-12-08 reset the server string to shorten its description and
bring it in line with other porthole servers.
; --- This string can be set in the Prominent North American Enterprise
Linux Vendor GUI.
server string = %L
netbios name = SRV2210
interfaces = lo eth0 eth1
; --- 2007-12-08 added standard options that increase performance (refer
to the Offical Samba 3.2 documentation
; --- at samba.org). DO NOT REMOVE THE SO_RCVBUF SETTING OR CHANGE IT,
IT IS PART OF A FIX TO THE ISSUE SURROUNDING
; --- DELAYED WRITES FOR MACROSQUISH PORTHOLE CLIENTS. YOU HAVE BEEN
WARNED!
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=16738
; --- 2008-01-16 added "keepalive" option
keepalive = 30
; --- 2008-01-22 added "deadtime" option; zero means it will never
disconnect
; --- a client.
deadtime = 0
getwd cache = yes
# --------------------------- Logging Options
-----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
log file = /var/log/samba.log
# logs split per machine
; log file = /var/log/samba/%m.log
; Level 0 = ???
; Level 1 = Share Access recorded
; Level 2 = File Access recorded
; Level 3 = File Locking
; Level 4 = High-level SMB protocol actvity
log level = 1
# max 50KB per log file, then rotate
; max log size = 50
# ----------------------- Security Model Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = ads
passdb backend = tdbsam
# ----------------------- Domain Controller Options
------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a MacroSquish Porthole NT domain controller doing
this job
#
# Domain Logons let Samba be a domain logon server for MacroSquish
Porthole workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the
client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; --- 2007-12-08 DO NOT REMOVE THIS OPTION, THIS OPTION PREVENTS THE FILE
SERVER FROM PARTICIPATING IN
; --- BROWSER ELECTIONS; TURNING THE OPTION ON WILL CAUSE THE FILE SERVER
TO BECOME A POTENTIAL HOLDER OF
; --- THE MASTER BROWSE LIST (IE, THE COMPUTERS LISTED IN NETWORK
EXPLODER WILL BE PROVIDED FROM DATA COLLECTED HERE!)
; --- Thus, turning on the option is a BAD thing. Do not do it.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
domain master = no
# ----------------------- Browser Control Options
----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
; --- 2007-12-08 DO NOT REMOVE THIS OPTION, THIS OPTION PREVENTS THE FILE
SERVER FROM PARTICIPATING IN
; --- BROWSER ELECTIONS; TURNING THE OPTION ON WILL CAUSE THE FILE SERVER
TO BECOME A POTENTIAL HOLDER OF
; --- THE MASTER BROWSE LIST (IE, THE COMPUTERS LISTED IN NETWORK
EXPLODER WILL BE PROVIDED FROM DATA COLLECTED HERE!)
; --- Thus, turning on the option is a BAD thing. Do not do it. Let the
domain controllers handle this!
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
domain master = no
local master = no
preferred master = no
os level = 33
; --- 2007-12-18 because of the enormous flood of WINs errors in the
logs, I have added this
; --- to get the server to think about other avenues besides wins to
resolve addresses. This
; --- is a "crutch" of sorts until the issues with the Win2K3 WINS
servers can be resolved.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
name resolve order = host wins bcast
#----------------------------- Name Resolution
-------------------------------
# MacroSquish Porthole Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS
Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
wins support = no
wins server = 10.2.1.2
# --------------------------- Printing Options
-----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to
raw
# for example will let you use drivers on your MacroSquish Porthole
clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
; load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options
---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in
global
# makes them the default for all shares
; --- 2007-12-08 due to Unix's heavy use of dotfiles as hidden
directories, and because it likes to
; --- fill up user home directories with these little annoyances, the
following option was set on
; --- to make porthole clients treat the directories and files as
"hidden". This is NOT on by default. This is
; --- also NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
hide dot files = true
; --- 2007-12-08 added this line to prevent backslash characters from
triggering name mangling; without this
; --- set to off, names that are "suspect" will be mangled windows-95
style into DOS 8.3 characters.
; --- Mangling is ENABLED by default.
; --- This is not a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
mangled names = false
; --- 2007-12-08 this option is REQUIRED to fix an issue with delayed
write errors on MacroSquish Porthole clients.
; --- DO NOT REMOVE THIS LINE! YOU HAVE BEEN WARNED!
; --- This is not a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
write raw = no
; --- 2007-12-18 this option is needed to provide "backwards emulation"
of Window's case insensitivity.
; --- This is not a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
case sensitive = false
# ----------------------------- Locking Options
----------------------------
; --- 2007-12-08 all oplocks are disabled for safety; in case we
selectively activate oplocks for
; --- a given share, we will also disable oplocks by file extension, as a
safety measure. Do not remove
; --- the next three lines or the system will suffer slowdowns and other
issues under heavy load.
; --- These are not standard Prominent North American Enterprise Linux
Vendor GUI options (they don't exist).
level2 oplocks = false
oplocks = false
veto oplock files = /*.mdb/*.MDB/*.ldb/*.LDB/*.dbf/*.DBF/*.cdx/
*.CDX/*.idx/*.IDX/*.dct/*.DCT/*.dcx/*.DCX/*.fpt/*.FPT/
; --- 2007-12-23 enabled kernel oplocks for additional safety, as Linux
supports these.
; --- Note that this is enabled by default anyways and will automatically
disable if the
; --- host OS does not support the feature. We enable it here explicitly.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
kernel oplocks = Yes
lock spin time = 15
#============================ Share Definitions
==============================
password server = 10.2.1.1
realm = PDX.PCFRUIT.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
; template shell = /bin/nologin
; --- 2007-12-08 This option is enabled to shorten names returned from
the domain. Typically domain names
; --- are returned with their domain attached, ie. PDX\joeuser is the
account "joeuser" in the "PDX" domain.
; --- By enabling this, the domain THAT THE SAMBA SERVICE IS JOINED TO
will have its domain name omitted from
; --- names that are returned from the domain, ie. PDX\joeuser becomes
just "joeuser" with no PDX attached.
; --- DO NOT DISABLE THIS OPTION. DISABLING THIS WILL AFFECT THE USER'S
HOME SHARES BECAUSE THEY ARE MAPPED
; --- USING THE USER'S DOMAIN NAME. This has the effect of changing the
location that Samba will look for when
; --- a user tries to connect to their home share. Note that other
domains will NOT have their name removed, ie.
; --- a user in PCFRUIT will show as PCFRUIT\someotheruser, because it
only affects the domain name we have joined to.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
winbind use default domain = true
; --- 2007-12-08 added to fix backslash naming issue on clients. DO NOT
REMOVE THIS OPTION.
; --- If you have a need to enable this (ie. make it visible) and you
want to show a backslash, simply
; --- comment out the option entirely and Samba will default the
character to a backslash (\). Do not
; --- attempt to assign the backslash manually as it will fail.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
winbind separator = +
; encrypt passwords = yes
; guest ok = no
; guest account = nobody
; encrypt passwords = yes
; guest ok = no
; guest account = nobody
; --- 2007-12-08 added to force all shares visible by default. This is a
deviation from
; --- the Prominent North American Enterprise Linux Vendor GUI tool as
; --- it attempt to set every share it creates individually. By setting
the value here in the global section,
; --- we can ensure that all shares inherit this setting by default.
Please do not change it; if you do need to change it
; --- you will need to go to each share definition and define it there,
otherwise your shares will not be visible in
; --- the MacroSquish Porthole Exploder window!
; --- This is not available on a global basis. The Prominent North
American Enterprise Linux Vendor GUI
; --- does provide for it on a share-by-share basis.
browseable = yes
[homes]
comment = Home Directories
path = /home/%S
; --- 2007-12-08 must be set to "no" for this section, otherwise a ghost
share will appear
browseable = no
writeable = yes
; --- 2007-12-08 activated stock permission setting by uncommenting
valid users = %S
; valid users = MYDOMAIN\%S
; --- 2007-12-08 added file creation mask to force correct permissions on
initial file creates
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
create mask = 0660
; --- 2007-12-08 added directory creation mask to force correct
permissions on initial directory creates
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
directory mask = 0770
; --- 2007-12-08 added well-known/documented option to force account to
user's account upon access. It is
; --- suggested that you keep this to prevent file ownership issues when
looking at user home directories from
; --- an administrative level.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
force user = %S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writeable = no
printable = yes
[home]
path = /home
writeable = yes
browseable = no
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support,
; --- added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
[depts]
path = /depts
writeable = yes
browseable = no
guest ok = yes
admin users = admin2, admin1, admin3, admin4
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support,
; --- added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
[share]
path = /share
writeable = yes
browseable = no
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support,
; --- added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
[accounting]
path = /depts/acct
writeable = yes
; browseable = yes
guest ok = yes
comment = Department Share - Accounting
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[buyers]
comment = Department Share - Buyers
path = /depts/buyers
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[hr]
comment = Department Share - HR
path = /depts/hr
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[is]
comment = Department Share - Information Services
path = /depts/is
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[management]
path = /depts/mgmt
writeable = yes
; browseable = yes
guest ok = yes
comment = Department Share - Management
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[operations]
comment = Department Share - Operations
path = /depts/ops
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[sales]
comment = Department Share - Sales
path = /depts/sales
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[archive]
comment = Shared Applications
path = /share/archive
writeable = yes
browseable = no
guest ok = no
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
oplocks = true
level2 oplocks = true
[dev]
comment = Development
path = /share/dev
writeable = yes
browseable = no
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support,
; --- added this option to allow for permissions to be set
; --- based on the accounting having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
[pcf_public]
comment = Public Non-Sensitive Files
path = /share/public
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to
; --- allow for permissions to be set based on the accounting having
write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
; --- NEITHER of these are standard Prominent North American Enterprise
Linux Vendor GUI options (they don't exist in the GUI).
force create mode = 0666
force directory mode =0777
[test]
comment = Testing Area - Not For General Use
path = /share/test
writeable = yes
; browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
; --- 2007-12-18 this is strictly a test environment. Admin
functionality has been disabled
; --- to facilitate permissions testing.
; admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to
; --- allow for permissions to be set based on the user having write
ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
; --- 2007-12-18 oplock functionality can be tested on this share
selectively.
level2 oplocks = true
oplocks = true
; veto oplock files =
; --- 2007-12-18 force a flush of all buffers to disk once a client sends
their buffers over
; --- to the service. This is NOT a standard Prominent North American
Enterprise Linux Vendor GUI option (it doesn't exist).
; sync always = yes
[vp]
comment = Visual Package for ERP/accounting based on Very Frumpy
Programming language
path = /share/vp
writeable = yes
read only = no
; browseable = yes
; --- 2007-12-08 added to force admin access based on account
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option
; --- to allow for permissions to be set based on the accounting having
write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
; --- 2007-12-13 as this is a critical share, this function has been
disabled to prevent potential conflict.
; dos filemode = yes
; --- 2007-12-18 oplock functionality can be tested on this share
selectively.
level2 oplocks = true
oplocks = true
veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/
*.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/
*.DLL/
; --- 2007-12-23 added these parameters as part of Very Old Accounting
Packager's recommendations
create mask = 0660
directory mask = 0770
guest ok = yes
[apps]
comment = Testing Area - Not For General Use
path = /share/apps
writeable = yes
browseable = yes
guest ok = yes
; --- 2007-12-08 added to force admin access based on account
; --- 2007-12-18 this is strictly a test environment. Admin
functionality has been disabled
; --- to facilitate permissions testing.
; admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
; --- 2007-12-12 per Prominent North American Enterprise Linux Vendor
Global Support, added this option to allow for permissions to be set
; --- based on the user having write ability to the object.
; --- This is NOT a standard Prominent North American Enterprise Linux
Vendor GUI option (it doesn't exist).
dos filemode = yes
; --- 2007-12-13 this next setting is part of a two-part fix that
addresses issues with MacroSquish Obfuscator documents
; --- being saved, only to be later re-openned as "read only". The issue
is in MacroSquish Obfuscator, not in Samba, and
; --- typically affects MacroSquish Weird documents (it creates a temp
document, you save it, it deletes the old doc
; --- and renames the temp). The other half of the fix requires that the
sticky bit be set for the group "chmod g+s <filename>"
force create mode = 0660
force directory mode =0770
; --- 2007-12-18 oplock functionality can be tested on this share
selectively.
level2 oplocks = true
oplocks = true
; veto oplock files =
; --- 2007-12-18 force a flush of all buffers to disk once a client sends
their buffers over
; --- to the service. This is NOT a standard Prominent North American
Enterprise Linux Vendor GUI option (it doesn't exist).
; sync always = yes
[vmware]
; --
; -- This share hosts VMWare Images.
; --
path = /share/vmware
comment = VMWare Virual Machine Images
browseable = Yes
read only = No
writeable = Yes
guest ok = No
dos filemode = yes
level2 oplocks = true
oplocks = true
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
force create mode = 0660
force directory mode = 0770
veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/
*.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/
*.DLL/
[stub]
; --
; -- Default Share Template
; --
; -- Copy this share template ONLY. Do not copy any other share for a
template as you
; -- may accidentally damage or loose it.
path = /share
comment = Stub Template (for internal use only)
browseable = Yes
read only = No
writeable = Yes
guest ok = No
dos filemode = yes
level2 oplocks = true
oplocks = true
admin users = PDX+admin1 PDX+admin3 PDX+admin4 PDX+admin2
force create mode = 0660
force directory mode = 0770
veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.fpt/*.FPT/*.cdx/
*.CDX/*.idx/*.IDX/*.ndx/*.NDX/*.dct/*.DCT/*.dcx/*.DCX/*.dbc/*.DBC/*.dll/
*.DLL/
More information about the samba
mailing list