IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
<indextermid="appf-idx-993481-0"class="startofrange"><primary>configuration files</primary><secondary>sample of</secondary></indexterm>This appendix gives an example of a production <filename>smb.conf</filename> file and looks at how many of the options are used in practice. The following is a slightly disguised version of one we used at a corporation with five Linux servers, five Windows for Workgroups clients and three NT Workstation clients:</para>
<programlisting># smb.conf -- File Server System for: 1 Example.COM BSC & Management Office
[globals]
workgroup = 1EG_BSC
interfaces = 10.10.1.14/24</programlisting>
<para>We provide this service on only one of the machine's interfaces. The <literal>interfaces</literal> option sets its address and netmask, where <literal>/24</literal> is the same as using the netmask 255.255.255.0:</para>
<programlisting>comment = Samba ver. %v
preexec = csh -c `echo /usr/samba/bin/smbclient \
-M %m -I %I` &</programlisting>
<para>We use the <command>preexec</command> command to log information about all connections by machine name (<literal>%m</literal>) and IP address (<literal>%I)</literal>:</para>
<programlisting># smbstatus will output various info on current status
status = yes
browseable = yes
printing = bsd
# the username that will be used for access to services
# specified with 'guest = ok'
guest account = samba</programlisting>
<para>The default guest account was <literal>nobody</literal>, uid -1, which produced log messages on one of our machines saying "your server is being unfriendly," so we created a specific Samba guest account for browsing and printing:</para>
<para>Daemons can't use Samba, only people. The <literal>invalid</literal><literal>users</literal> option closes a security hole; it prevents intruders from breaking in by pretending to be a daemon process.</para>
<programlisting># hosts that are ALLOWED or DENIED from connecting to ANY service
hosts allow = 10.10.1.
hosts deny = 10.10.1.6
# where the lock files will be located
lock directory = /var/lock/samba/locks
# debug log files
# %m = separate log for each NetBIOS name (each machine)
log file = /var/log/samba/log.%m
# We send priority 0, 1 and 2 messages to the system logs
syslog = 2
# If a WinPopup message is sent to the server,
# redirect it to a user via e-mail
message command = /bin/mail -s 'message from #% on %m' \
# caching algorithm to reduce time doing getwd() calls.
getwd cache = yes
socket options = TCP_NODELAY
# tell the server whether the client is present and
# responding in seconds
keep alive = 60
# num minutes of inactivity before a connection is
# considered dead
dead time = 30
read prediction = yes
max xmit = 17384
read size = 512</programlisting>
<para>The <literal>share</literal><literal>modes</literal>, <literal>max</literal>, <literal>xinit</literal>, and <literal>read</literal><literal>size</literal> options are machine-specific (see <linklinkend="SAMBA-AP-B">Appendix B</link>):</para>
<programlisting># locking is done by the server
locking = yes
# control whether dos style attributes should be mapped
# to unix execute bits
map hidden = yes
map archive = yes
map system = yes</programlisting>
<para>The three <literal>map</literal> options will work only on shares with a create mode that includes the execute bits (0111). Our <literal>homes</literal> and <literal>printers</literal> shares won't honor them, but the [<literal>www]</literal> share will:</para>
<para>The password file of the Samba server specifies each person's home directory as <emphasis>/home/</emphasis><replaceable>machine_name</replaceable><emphasis>/</emphasis><replaceable>person</replaceable>, which NFS converts to point to the actual physicl location under <emphasis>/u/users</emphasis>. The <literal>path</literal> option in the <literal>[homes]</literal> share tells Samba the actual (non-NFS) location:</para>
<para>Shared Programs shows up in the Network Neighborhood, and <literal>programs</literal> is the volume name you specify when an installation program wants to know the label of the CD-ROM from which it thinks it's loading:</para>
<programlisting>path = /u/programs
public = yes
writeable = yes
printable = no
create mode = 664
[cdrom]
comment = "Unix CDROM"
path = /u/cdrom
public = no
writeable = no
printable = no
volume = "cdrom"
[data]
comment = "Data Directories %T"
path = /u/data
public = no
create mode = 770
writeable = yes
volume = "data"
[nt4]
comment = "NT4 Server"
path = /u/systems/nt4
public = yes
create mode = 770
writeable = yes
volume = "nt4_server"
[www]
comment = "WWW System"
path = /usr/www/http
public = yes
create mode = 775
writeable = yes
volume = "www_system"</programlisting>
<para>The <literal>[www]</literal> share is the directory used on the Unix server to serve web pages. Samba makes the directory available to local PC users so the art department can update web pages.</para>