TurnKey Linux Virtual Appliance Library

Recommended Setup for File Server for proper Users / Groups permission

Okay-

I've got my Fileserver all setup with the synced samba shares as per recommendations, etc.  I am wondering what is the best way to set up my users and groups so everyone has the right access via the Webmin, if that is all possible.  So far, I got two users "S" and "I".  And I have one group setup "GO".  Both "S" and "I" are members of "GO" group.  I've set up the Turnkey File server on a hard drive, and mounted a separate hard drive for the storage (/srv/storage).  I have each user's home directory there as well, so "S"'s home directory is /srv/storage/"S".  I'm using a SFTP helping program called ExpanDrive http://www.expandrive.com/ to make it easier for the Windows clients to connect to the fileserver and map the drives.  It also makes connections work the same for the client whether they are in network or outside the network.  I say all this because I want to figure out the best way to set up stuff so that each user has a private directory (password protected) as well as each user in the group gets to access common files.  Do I map two separate drives (one private to the home directory, the other public to both using the Group home directory)?  Is there an easier way to map the drives or how does this usually work?

 

Any (good) advice about setting this up would be appreciated.  Let me know if you need any more information from me to give me better advice....

 

Mike

Jeremy's picture

I'm a little confused....

So you want users to be able to access via SFTP and Samba shares? Will they all have access to a folder of common files for all, or just for their respective group? Also when you mention having the correct Webmin access, do you mean that you want your users to be able to access Webmin itself? Or are you just meaning that you are setting up access via Webmin?

Samba filesharing uses SMB/CIFS and as such is something of a (simplistic) clone of Windows file sharing. As it sounds like you understand, it uses its own users (that are separate from Linux users but can be synced). Obviously SFTP is completely different and uses Linux user accounts. There is no reason you can't use both but if you want users to have a private home that others can't access at all then you'll need to make chroot gaols (jails) for each user. I wouldn't know where to start for creating a shared chroot gaol, especially if you also want users to have write access. Using SFTP access (that comes preconfigured ith TKL - which is provided via the openSSH-server package) all users have read access of the whole filesystem. That is why you need to gaol users to their home.

Unless you need/want both SFTP and Samba access it'll probably be much easier to just use one or the other. If you want Samba use the Fileserver appliance, if you just want SFTP (or FTPS) access then you could just use Core (unless of course you also want eXtplorer). It may be easier to reconfigure the vsftpd package (which is already included with TKL Fileserver - but is bound to localhost and is used as the FTP backend for eXtplorer - if you wish to use this then you'll need to reconfigure it and lose the FTP functionality of eXtplorer). Having said that there are other (S)FTP server packages available for Ubuntu which you could use.

I'm sure you could set up both but I'm not sure how. It will require a bit more research on your part I think, and probably a bit of trial and error. If you keep in mind that TKL v11.x is based on Ubuntu 10.04 you should find quite a few resources. The Ubuntu Server guide is probably going to be a very useful and the Ubuntu forums may be a good place to search/ask questions. They won't have details of TKL specifics (such as eXtplorer) but they will be helpful regarding SFTP gaols (jails) and using Samba file shares.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)