Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
601602603604605606607608609610
“main” (Installation and Administration) 2004/6/25 13:29 page 581 #607
i
i
i
i
i
i
i
i
24
Heterogenous Networks
create mask = 0640 Systems that are not based on MS Windows
NT do not understand the concept of UNIX permissions, so they
cannot assign permissions when creating a file. The parameter
create mask defines the access permissions assigned to newly
created files. This only applies to writable shares. In effect, this
setting means the owner has read and write permissions and the
members of the owner’s primary group have read permissions.
valid users = %S prevents read access even if the group has
read permissions. For the group to have read or write access,
deactivate the line valid users = %S.
Security Levels
The SMB protocol comes from the DOS and Windows world and directly
takes into consideration the problem of security. Each share access can be
protected with a password. SMB has three possible ways of checking the
permissions:
Share Level Security (security = share):
A password is firmly assigned to a share. Everyone who knows this
password has access to that share.
User Level Security (security = user):
This variation introduces the concept of the user to SMB. Each user
must register with the server with his own password. After regis-
tration, the server can grant access to individual exported shares
dependent on user names.
Server Level Security (security = server):
To its clients, Samba pretends to be working in user level mode. How-
ever, it passes all password queries to another user level mode server,
which takes care of authentication. This setting expects an additional
parameter (password server =).
The distinction between share, user, and server level security applies to the
entire server. It is not possible to offer individual shares of a server config-
uration with share level security and others with user level security. How-
ever, you can run a separate Samba server for each configured IP address
on a system.
More information about this subject can be found in the Samba HOWTO
Collection. For multiple servers on one system, pay attention to the options
interfaces and bind interfaces only.
581SUSE LINUX Enterprise Server