>>1) Prevent users from logging in at the keyboard of the server. Keep the server under lock and key.. :) There might be other alternative but as far as I go. I go with LOCK. >>2) Each user's private directory has Linux OS (I guess) related Create a Shell script to transverse through all the directories and delete those files!! OR... look into /etc/.skel This is where _all_ the files in user directories will be copied from. >>3) Somewhere in the mix I setup a public directory. Users have What exactly do you want here? I don't understand. >>4) I have a folder and account setup called pcguest. "bad-user" >>defaults to that folder but has not access in it. Samba has a "bad-user". This is the default (i think) for the below reasons <snip> # If you want users samba doesn't recognize to be mapped to a guest user map to guest = bad user <snip> This means that for users that are not authenticated in your server (meaning, their username/pass combo is not in Linux's Passwd/smbpasswd file then they will only have read access (if you grant it to them) >>5) What am I not thinking of? In my setup, I have a share folder made especially for users to share files across the lan. Everyone can have write/read access. It's like the /tmp folder in Linux. This seems to be the most popular folder. HIH :) Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: Buck [mailto:RHList@xxxxxxxxxxxx] Sent: Monday, September 29, 2003 1:21 AM To: RH Shrike Subject: File Server irritants (newbie) I am happy to say I have finally succeeded in installing and configuring a file server that allows for group control. Here are the particulars: Workstations are all Windows computers (Currently they are Win2kpro but I need to keep the option open for connecting 95/98 computers. I have not had need to connect MACs and don't know how to support them.) Each user is a member of one or more groups. Each member has a home/membername directory. Its only use is for the user's My Documents folder to be mapped there. Each group has a home/groupname directory mapped to a common drive name for each group member (i.e. accounting is always mapped to drive G: and management is always mapped to drive H:) Here are a few things that I would like to change 1) Prevent users from logging in at the keyboard of the server. The users buck, root and net manager will need permission to log from the keyboard but I don't want ANYONE in the company to have access to the server directly from the keyboard. 2) Each user's private directory has Linux OS (I guess) related files. Since they won't be using Linux, I would like to either delete them or create empty directories like the groups create. 3) Somewhere in the mix I setup a public directory. Users have browse access and nothing else. I think I know how to remove it though. 4) I have a folder and account setup called pcguest. "bad-user" defaults to that folder but has not access in it. I am wondering if I can remove that account and folder as I see no need to have guest accounts at this time. Guest accounts need to be on the workstations and guests have no reason to access my server, at least not in the business model I am using. 5) What am I not thinking of? I have learned that initially setting up Linux as a firewall is a PITA, lots of work, I can save the necessary config files to make next time quick and easy. It looks like I have to modify the samba.conf for each group I add, but adding users is very easy. I downloaded samba-2.2.8a-2rh9.i386.rpm from Samba.org. I read that 3.x does not include SWAT (which I like). Earlier on a previous install I tried updating to 3.x but the system still shows 2.x being used. I don't know if it is important that I upgrade or not. I don't care as long as the version I am using will work safely and reliably. It might be that SWAT isn't compatible, I don't know. I didn't try to install 3.x on this system. I'll leave it up to those of you with more experience to let me know if it is something I need or not. When I installed RHL 9, it installed Samba and when I installed the Samba 2.x that I downloaded, it appeared to have uninstalled the previous version. Once the dust settles on the four items listed above, I will want to add backup and security. Once those are completed, I will have my dedicated file server and will select feature to learn. Thank you all for your help. Buck -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
