The scenario: a mixed network of Windows and Linux PCs (2 Windows XP, one Xandros, one SimplyMEPIS) which need access to edit files in a directory on one of the Linux servers. Here’s what I did: I’m not sure all the steps were necessary, but none of them is sufficient on its own!
It is taken as read that the PCs are all in the same workgroup, and Samba is installed and running on the Linux PC with the files to be shared.
1. Create users with the same name and password on all the PCs. Create a group on the Linux PCs and add the users to it (in this example the group is called editors). Note, the numeric user and group ids on the Linux boxes must be the same. If you are using a GUI interface to create users and groups, check the numbers they end up with. If they are not the same you need to use e.g.
groupmod -g 1002 editors
to change one of them to match the other. This might invalidate the group of any files belonging to users in that group, so check and reset the group if necessary, using chgrp:
chgrp -R editors www
You can make editors the default group for the users if you like, but it’s not necessary.
2. Create the directory to be shared (www in this example); it should be owned by one of the users created earlier and have the group set to editors. Use chmod to make it writable by owner and group. Now, set the sticky bit to force files to inherit the group permissions:
chmod g+s www
3. You can edit /etc/profile.d/profile (as root; the exact path of this file may vary) and change the umask line to read
umask 002
This globally forces new files to be created with group write permissions.
The steps so far have ensured that users in the editors group on the Linux box can edit files in the www directory and its subdirectories. Now you need to share the directory using Samba. Use a GUI tool if you like to set up the share (SimplyMEPIS has a nice one). But ultimately you will need to edit /etc/samba/smb.conf (as root of course) to make sure it’s set up correctly. This file is not difficult to understand, but make a backup copy first in case you trash anything. The minimum needed is the following:
4. In the [global] section, under authentication, set
security = share
This is not the most secure way, but it’s OK on a suitably small and private network. I tried using security = users, but the Xandros PC didn’t seem to like this at all; the file manager hung on opening when any of the shares were mounted.
5. In the section for the www share, force the user to be one of the users you set up earlier:
[www]
public=yes
browseable=yes
path=/opt/www
writeable=yes
force user=veronica
You might have other stuff in there, but I think this is the minimum (it was the “force user” that finally got it to work for me). If you want you can restrict access by IP address to make it more secure, e.g.:
hosts allow = 192.168.1.0/24
Don’t forget to stop and restart Samba if you have edited the smb.conf file! As root:
/etc/init.d/samba restart
6. Test by mounting the share on another PC and creating, editing, or deleting a file on the share.