Samba Configuration with Special permission for umask

Samba Configuration Document

Contents

Create groups. 1

Create new users. 1

Add secondary groups to new users. 1

Verify users have all the required groups added as secondary. 1

Ensure the custom directories are grouped correctly. 2

Configure Samba Shares. 2

Adding SMB user. 2

Restart SMB service. 2

Appendix-A.. 2

Create groups

Groups can be created as below:

# groupadd ciztalk

# groupadd zcgateway

# groupadd tisiltop

# groupadd tominterface

# groupadd komdw

Create new users

Users can be created as below:

# useradd rsvenkana

# useradd rsbonala

Add secondary groups to new users

# usermod -aG ciztalk,zcgateway,tisiltop,tominterface,omdw rsbonala

# usermod -aG ciztalk,zcgateway,tisiltop,tominterface,omdw rsvenkana

# usermod -aG ciztalk,zcgateway,tisiltop,tominterface,omdw appisild

# usermod -aG ciztalk,zcgateway,tisiltop,tominterface,omdw oraisild

Verify users have all the required groups added as secondary

# id rsbonala

uid=23002(rsbonala) gid=23002(rsbonala) groups=23002(rsbonala),23013(ciztalk),23014(zcgateway),23015(tisiltop),23016(tominterface),23017(omdw)

# id rsvenkana

uid=23003(rsvenkana) gid=23003(rsvenkana) groups=23003(rsvenkana),23013(ciztalk),23014(zcgateway),23015(tisiltop),23016(tominterface),23017(omdw)

# id appisild

uid=23001(appisild) gid=23001(oaaisild) groups=23001(oaaisild),23013(ciztalk),23014(zcgateway),23015(tisiltop),23016(tominterface),23017(omdw)

# id oraisild

uid=23000(oraisild) gid=23000(dbaisild) groups=23000(dbaisild),23013(ciztalk),23014(zcgateway),23015(tisiltop),23016(tominterface),23017(omdw)

Ensure the custom directories are grouped correctly

# chown -R appisild:zcgateway ZC_GATEWAY/

# chown -R appisild:tisiltop ISIL_TOP/

# chown -R appisild:tominterface OM_Interface/

# chown -R appisild:omdw OM_DW

# chown -R appisild:ciztalk Ciztalk

Configure Samba Shares

The samba configuration file is in the location: /etc/samba/smb.conf

The current configuration is in the Appendix-A of this document.

Note:

1. Make sure home directory & printer is commented if not required.
2. If more than 1 user need to access the directory, then add the user in valid users field separated by comma and add that user in that group.
3. If a new user needs read-only access to a share, add the user to read list field
4. If a new user needs read-write access to a share, add the user to write list field

Adding SMB user

[root@PBOADQ1A Ciztalk]# smbpasswd -a rsbonala

New SMB password:

Retype new SMB password:

Added user rsbonala.

Restart SMB service

# service smb restart

Appendix-A

## Vikram

[APD3_CIZTALK]

comment = Ciztalk

path = /d01/app/appisild/Ciztalk

force group = ciztalk

force create mask = 0775

directory mask = 0755

valid users = @ciztalk

write list = @ciztalk

[APD3_EC_GATEWAY]

comment = EC_Gateway

path = /d01/app/appisild/apps/apps_st/appl/EC_GATEWAY

force group = zcgateway

create mask = 775

valid users = @zcgateway

write list = @zcgateway

[APD3_ISIL_TOP]

comment = ISIL_TOP

path = /d01/app/appisild/apps/apps_st/appl/ISIL_TOP

force group = tisiltop

create mask = 775

valid users = @tisiltop

write list = @tisiltop

[APD3_OM_INTERFACE]

comment = OM_Interface

path = /d01/app/appisild/apps/apps_st/appl/OM_Interface

force group = tominterface

create mask = 775

valid users = @tominterface

write list = @tominterface

[APD3_OM_DW]

comment = OM_DW

path = /d01/app/appisild/apps/apps_st/appl/OM_Interface/OM_DW

force group =kkomdw

create mask = 775

valid users = @omdw

write list = @omdw