We've recently had a customer ask for this; I'm uncertain as to whether in the future they would require more than one user to access this fileshare, so I have set it up with groups. Can you cast your eyes over this set-up and see if I'm missing anything glaring or can do anything in a more secure manner? HOWTO script is for colleagues. Thanks.
WINDOWS - do this first:
Create shared folder <newshare>
Create fileshare user <newuser>
Share permissions on <newshare>:
<newuser> read/write
Advanced sharing | permissions - change, read.
Security:
uncheck 'Full control' for <newuser>
Linux
sudo to root [$sudo -s]
Create new group - e.g. windowshare [$groupadd windowshare]
Create new folder - e.g. /mounts/windows
Create new user and add to new group - e.g. customeruser [$useradd -m -d /home/customeruser -s /bin/bash -G windowshare -U customeruser]
Create folder 'cifs' in /etc
Change permissions on folder to 600 (user root)
Create .smbcredentials file in /etc/cifs with <newuser> windows credentials with user=<newuser> CR password=<password>
Create new line in /etc/fstab: //WINDOWSSERVER/share$ /mounts/windows cifs gid=windowshare,credentials=/etc/cifs/.smbcredentials,iocharset=utf8,sec=ntlm,file_mode=0770,dir_mode=0770 0 0
Put 'mount /mounts/windows' in /etc/rc.local to ensure shares mount at boot time if necessary.
run 'mount -a' as root
check customeruser user permissions on share:
$su - customeruser [enter password]
$cd /mounts/windows
$touch testfile.txt [should see file appear on windows share]
$mkdir testfilectory
$rm -rf testfilectory
$rm testfile.txt
$exit
0 Answers