Benutzer-Werkzeuge

Webseiten-Werkzeuge


server:fs

File Server

Grundlage

Setting up Samba as a Standalone Server

Final erhalten wir einen Fileserver, der alle Daten unter dem Share \\sv1\data bereitstellt.

Voraussetzung:

  • Das Server-Gerät mit Betriebssystem nach Anleitung unter Server installieren.
nano /etc/hosts

<sxh xml; title: /etc/hosts> 127.0.0.1 localhost #127.0.1.1 sv1 (auskommentieren) 192.168.178.2 sv1.<yourdomain>.spnds.org sv1 </sxh>

nano /etc/resolv.conf

<sxh xml; title: /etc/resolv.conf> domain <yourdomain>.spdns.org search <yourdomain>.spdns.org nameserver 192.168.178.1 </sxh>

Installation von Samba

apt install acl samba smbclient

Samba Share Stammverzeichnis anlegen

mkdir -p /srv/disk0/samba
mkdir -p /srv/disk1/samba

Samba-Benutzer

Die Benutzer müssen erst lokal auf dem Server angelegt und dann für Samba berechtigt werden.

useradd -s /sbin/nologin <vorname>
useradd -s /sbin/nologin mediaplayer
useradd -s /sbin/nologin scanner

Passwort setzen

passwd <vorname>
passwd mediaplayer
passwd scanner

Samba-Passwort setzen

smbpasswd -a <vorname>
smbpasswd -a mediaplayer
smbpasswd -a scanner

Samba Account aktivieren

smbpasswd -e <vorname>
smbpasswd -e mediaplayer
smbpasswd -e scanner

Samba-Gruppen

Hauptgruppen

groupadd smb-admins
groupadd smb-users

Für jedes Share (außer data und temp) je eine Gruppe für den Schreib-/ Lesezugriff:

groupadd smb-backups-ro
groupadd smb-backups-rw
groupadd smb-music-ro
groupadd smb-music-rw
groupadd smb-photos-ro
groupadd smb-photos-rw
groupadd smb-software-ro
groupadd smb-software-rw
groupadd smb-videos-ro
groupadd smb-videos-rw

Gruppen-Benutzer Zuweisungen

usermod -G smb-admins -a <yourdomain>
usermod -G smb-users -a <vorname>
usermod -G smb-users -a mediaplayer
usermod -G smb-users -a scanner

Benutzer hinzufügen

usermod -G smb-backups-rw -a <vorname>
usermod -G smb-music-rw -a <vorname>
usermod -G smb-photos-rw -a <vorname>
usermod -G smb-software-rw -a <vorname>
usermod -G smb-videos-rw -a <vorname>

usermod -G smb-music-ro -a mediaplayer
usermod -G smb-photos-ro -a mediaplayer
usermod -G smb-videos-ro -a mediaplayer

Kontrolle

groups smb-admin
groups <vorname>
groups mediaplayer
groups scanner

Shares erstellen

Ordner anlegen

mkdir -p /srv/disk0/samba/backups/
mkdir -p /srv/disk0/samba/data/
mkdir -p /srv/disk0/samba/temp/
mkdir -p /srv/disk1/samba/music/
mkdir -p /srv/disk1/samba/photos/
mkdir -p /srv/disk1/samba/software/
mkdir -p /srv/disk1/samba/videos/

chown -R root:smb-admins /srv/disk0/samba/backups/
chown -R root:smb-admins /srv/disk0/samba/data/
chown -R root:smb-admins /srv/disk0/samba/temp/
chown -R root:smb-admins /srv/disk1/samba/music/
chown -R root:smb-admins /srv/disk1/samba/photos/
chown -R root:smb-admins /srv/disk1/samba/software/
chown -R root:smb-admins /srv/disk1/samba/videos/

chmod 2770 /srv/disk0/samba/backups/
chmod 2770 /srv/disk0/samba/data/
chmod 2770 /srv/disk0/samba/temp/
chmod 2770 /srv/disk1/samba/music/
chmod 2770 /srv/disk1/samba/photos/
chmod 2770 /srv/disk1/samba/software/
chmod 2770 /srv/disk1/samba/videos/

Extended ACLs

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs#Setting_Extended_ACLs

Set the permissions on the directory

setfacl -m group:"smb-backups-rw":rwx /srv/disk0/samba/backups/
setfacl -m group:"smb-backups-ro":r-x /srv/disk0/samba/backups/
setfacl -R -m other::--- /srv/disk0/samba/backups/

setfacl -m group:"smb-users":r-x /srv/disk0/samba/data/
setfacl -R -m other::--- /srv/disk0/samba/data/

setfacl -m group:"smb-users":rwx /srv/disk0/samba/temp/
setfacl -R -m other::--- /srv/disk0/samba/temp/

setfacl -m group:"smb-music-rw":rwx /srv/disk1/samba/music/
setfacl -m group:"smb-music-ro":r-x /srv/disk1/samba/music/
setfacl -R -m other::--- /srv/disk1/samba/music/

setfacl -m group:"smb-photos-rw":rwx /srv/disk1/samba/photos/
setfacl -m group:"smb-photos-ro":r-x /srv/disk1/samba/photos/
setfacl -R -m other::--- /srv/disk1/samba/photos/

setfacl -m group:"smb-software-rw":rwx /srv/disk1/samba/software/
setfacl -m group:"smb-software-ro":r-x /srv/disk1/samba/software/
setfacl -R -m other::--- /srv/disk1/samba/software/

setfacl -m group:"smb-videos-rw":rwx /srv/disk1/samba/videos/
setfacl -m group:"smb-videos-ro":r-x /srv/disk1/samba/videos/
setfacl -R -m other::--- /srv/disk1/samba/videos/

Configure the same permissions set are inherited to new file system objects created in this directory:

setfacl -m default:group:"smb-backups-rw":rwx /srv/disk0/samba/backups/
setfacl -m default:group:"smb-backups-ro":r-x /srv/disk0/samba/backups/
setfacl -m default:other::--- /srv/disk0/samba/backups/

setfacl -m default:group:"smb-users":r-x /srv/disk0/samba/data/
setfacl -m default:other::--- /srv/disk0/samba/data/

setfacl -m default:group:"smb-users":rwx /srv/disk0/samba/temp/
setfacl -m default:other::--- /srv/disk0/samba/temp/

setfacl -m default:group:"smb-music-rw":rwx /srv/disk1/samba/music/
setfacl -m default:group:"smb-music-ro":r-x /srv/disk1/samba/music/
setfacl -m default:other::r-x /srv/disk1/samba/music/

setfacl -m default:group:"smb-photos-rw":rwx /srv/disk1/samba/photos/
setfacl -m default:group:"smb-photos-ro":r-x /srv/disk1/samba/photos/
setfacl -m default:other::--- /srv/disk1/samba/photos/

setfacl -m default:group:"smb-software-rw":rwx /srv/disk1/samba/software/
setfacl -m default:group:"smb-software-ro":r-x /srv/disk1/samba/software/
setfacl -m default:other::--- /srv/disk1/samba/software/

setfacl -m default:group:"smb-videos-rw":rwx /srv/disk1/samba/videos/
setfacl -m default:group:"smb-videos-ro":r-x /srv/disk1/samba/videos/
setfacl -m default:other::--- /srv/disk1/samba/videos/

Kontrolle

getfacl /srv/disk1/samba/videos

<sxh> getfacl: Removing leading '/' from absolute path names # file: srv/disk1/samba/videos # owner: root # group: smb-admins # flags: -s- user::rwx group::rwx group:smb-videos-ro:r-x (Set the permissions on the directory) group:smb-videos-rw:rwx (Set the permissions on the directory) mask::rwx other::— (Set the permissions on the directory) default:user::rwx default:group::rwx default:group:smb-videos-ro:r-x (Configure the same permissions set are inherited to new file system objects created in this directory) default:group:smb-videos-rw:rwx (Configure the same permissions set are inherited to new file system objects created in this directory) default:mask::rwx default:other::— (Configure the same permissions set are inherited to new file system objects created in this directory) </sxh>

Samba-Konfiguration

sudo -i
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
nano /etc/samba/smb.conf

<sxh xml; title: /etc/samba/smb.conf> [global]

workgroup = HOME
server role = standalone
acl allow execute always = yes

# Enable Extended ACL Support # map acl inherit = yes # store dos attributes = yes # vfs objects = acl_xattr

# Access based enumeration # hide unreadable = yes

[backups]

path = /srv/disk0/samba/backups/
inherit acls = yes
guest ok = no
read only = no

[data]

path = /srv/disk0/samba/data/
inherit acls = yes
guest ok = no
read only = no

[music]

path = /srv/disk1/samba/music/
inherit acls = yes
guest ok = no
read only = no

[photos]

path = /srv/disk1/samba/photos/
inherit acls = yes
guest ok = no
read only = no

[software]

path = /srv/disk1/samba/software/
inherit acls = yes
guest ok = no
read only = no

[temp]

path = /srv/disk0/samba/temp/
inherit acls = yes
guest ok = no
read only = no

[videos]

path = /srv/disk1/samba/videos/
inherit acls = yes
guest ok = no
read only = no

</sxh>

  • Den Abschnitt [homes] komplett auskommentieren

Test und Start von SAMBA:

testparm
systemctl enable smbd
systemctl enable nmbd
systemctl restart smbd
systemctl restart nmbd

Samba Config neu laden

smbcontrol all reload-config

Data-Share zusammenbauen

mkdir -p /srv/disk0/samba/data/Backups
mkdir -p /srv/disk0/samba/data/Temp
mkdir -p /srv/disk0/samba/data/Music
mkdir -p /srv/disk0/samba/data/Photos
mkdir -p /srv/disk0/samba/data/Software
mkdir -p /srv/disk0/samba/data/Videos

mount -o bind /srv/disk0/samba/backups/ /srv/disk0/samba/data/Backups/
mount -o bind /srv/disk0/samba/temp/ /srv/disk0/samba/data/Temp/
mount -o bind /srv/disk1/samba/music/ /srv/disk0/samba/data/Music/
mount -o bind /srv/disk1/samba/photos/ /srv/disk0/samba/data/Photos/
mount -o bind /srv/disk1/samba/software/ /srv/disk0/samba/data/Software/
mount -o bind /srv/disk1/samba/videos/ /srv/disk0/samba/data/Videos/

nano /lib/systemd/system/smb-data.service

<sxh xml; title: /lib/systemd/system/smb-data.service> [Unit] Description=Data-Share zusammenfügen

[Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/mount -o bind /srv/disk0/samba/backups/ /srv/disk0/samba/data/Backups/ ExecStart=/bin/mount -o bind /srv/disk0/samba/temp/ /srv/disk0/samba/data/Temp/ ExecStart=/bin/mount -o bind /srv/disk1/samba/music/ /srv/disk0/samba/data/Music/ ExecStart=/bin/mount -o bind /srv/disk1/samba/photos/ /srv/disk0/samba/data/Photos/ ExecStart=/bin/mount -o bind /srv/disk1/samba/software/ /srv/disk0/samba/data/Software/ ExecStart=/bin/mount -o bind /srv/disk1/samba/videos/ /srv/disk0/samba/data/Videos/ ExecStop=/bin/umount /srv/disk0/samba/data/Videos/ ExecStop=/bin/umount /srv/disk0/samba/data/Software/ ExecStop=/bin/umount /srv/disk0/samba/data/Photos/ ExecStop=/bin/umount /srv/disk0/samba/data/Music/ ExecStop=/bin/umount /srv/disk0/samba/data/Temp/ ExecStop=/bin/umount /srv/disk0/samba/data/Backups/

[Install] WantedBy=multi-user.target </sxh>

systemctl daemon-reload
systemctl start smb-data
systemctl enable smb-data
systemctl status smb-data

Log-Files in /var/log/samba

Firewall

ufw allow from 192.168.178.0/24 to any port 137 proto udp
ufw allow from 192.168.178.0/24 to any port 138 proto udp
ufw allow from 192.168.178.0/24 to any port 139 proto udp
ufw allow from 192.168.178.0/24 to any port 445 proto tcp
ufw status

Test

smbclient -U <vorname> //sv1/videos
server/fs.txt · Zuletzt geändert: 2020/02/13 10:52 von hse