summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Hentges <oe@hentges.net>2006-05-27 13:07:13 +0000
committerOpenEmbedded Project <openembedded-devel@lists.openembedded.org>2006-05-27 13:07:13 +0000
commit0ac0f2907d567cb7513958de0285c4fc0818e855 (patch)
treeaf1e29c5a3962240069931e983471650c436817b
parent510c8990d1d46f56bd5ca2434e23fd67aaa762b7 (diff)
samba: samba-sessential: The next step on my way to a fool-proof samba server. This one starts a wide open p/w-less server with a single share containing a helpfile explaining how to configure a samba user+password. Once that's done the _real_ secure samba server is activated grating access to the targets filesystem via encrypted passwords
-rw-r--r--packages/samba/files/Managing-Samba.txt74
-rw-r--r--packages/samba/files/init-essential68
-rw-r--r--packages/samba/files/smb-essential-inactive.conf34
-rw-r--r--packages/samba/files/smb-essential.conf283
-rw-r--r--packages/samba/samba-essential_3.0.20.bb9
5 files changed, 183 insertions, 285 deletions
diff --git a/packages/samba/files/Managing-Samba.txt b/packages/samba/files/Managing-Samba.txt
index 079cf34e4b..01f7592824 100644
--- a/packages/samba/files/Managing-Samba.txt
+++ b/packages/samba/files/Managing-Samba.txt
@@ -1,34 +1,40 @@
-This device is running a bare-bone Samba server which allows easy
-transfer of files and directories between any networked desktop PC and
-your networked PDA.
-
-Since it is generally a bad idea to allow everyone read and write access
-to your PDA, you will have to configure at least one user to get access to
-any shared folder but "tmp" (tmp is read-write for everyone).
-
-How to create a Samba user with password:
-
-- If you haven't already created a non-root user, do so now:
- root@poodle:/usr/bin# adduser testuser
- Changing password for testuser
- Enter the new password (minimum of 5, maximum of 8 characters)
- Please use a combination of upper and lower case letters and numbers.
- Enter new password:
- Bad password: too short.
-
- Warning: weak password (continuing).
- Re-enter new password:
- Password changed.
- root@poodle:/usr/bin#
-
-- Note that the password you entered will _not_ be your samba password.
- Samba uses its own password database.
-
-- Add a Samba password for your user:
- root@poodle:/usr/bin# smbpasswd -a testuser
- New SMB password:
- Retype new SMB password:
- Added user testuser.
- root@poodle:/usr/bin#
-
-- Done ;)
+This device is running a bare-bone Samba server which allows easy
+transfer of files and directories between any networked desktop PC and
+your networked PDA.
+
+Since it is generally a bad idea to allow everyone read and write access
+to your PDA, you will have to configure at least one user to get access to
+any shared folder.
+
+How to create a Samba user with password:
+
+- If you haven't already created a non-root user, do so now:
+ root@poodle:/usr/bin# adduser testuser
+ Changing password for testuser
+ Enter the new password (minimum of 5, maximum of 8 characters)
+ Please use a combination of upper and lower case letters and numbers.
+ Enter new password:
+ Bad password: too short.
+
+ Warning: weak password (continuing).
+ Re-enter new password:
+ Password changed.
+ root@poodle:/usr/bin#
+
+- Note that the password you entered will _not_ be your samba password.
+ Samba uses its own password database.
+
+- Add a Samba password for your user:
+ root@poodle:/usr/bin# smbpasswd -a testuser
+ New SMB password:
+ Retype new SMB password:
+ Added user testuser.
+ root@poodle:/usr/bin#
+
+- After you have added your new samba user, you'll have to restart the samba
+ server by running "/etc/init.d/samba restart" or by rebooting the device
+
+- Use the newly created username / password combination to access your network
+ shares. Please note the the Samba username must also exist as a unix username!
+
+
diff --git a/packages/samba/files/init-essential b/packages/samba/files/init-essential
new file mode 100644
index 0000000000..59184ce733
--- /dev/null
+++ b/packages/samba/files/init-essential
@@ -0,0 +1,68 @@
+#! /bin/sh
+#
+# This is an init script for openembedded
+# Copy it to /etc/init.d/samba and type
+# > update-rc.d samba defaults 60
+#
+
+
+smbd=/usr/sbin/smbd
+test -x "$smbd" || exit 0
+nmbd=/usr/sbin/nmbd
+test -x "$nmbd" || exit 0
+
+
+if test -e /etc/samba/private/smbpasswd
+then
+ if test -n "`cat /etc/samba/private/smbpasswd`"
+ then
+ CONFIG_FILE="/etc/samba/smb.conf"
+ fi
+fi
+
+test -z "$CONFIG_FILE" && CONFIG_FILE="/etc/samba/smb-essential-inactive.conf"
+
+case "$1" in
+ start)
+ echo -n "Starting Samba: smbd"
+ start-stop-daemon --start --quiet --exec $smbd -- -s $CONFIG_FILE
+ echo -n " nmbd"
+ start-stop-daemon --start --quiet --exec $nmbd -- -s $CONFIG_FILE
+ echo "."
+ ;;
+ stop)
+ echo -n "Stopping Samba: smbd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid
+ echo -n " nmbd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid
+ echo "."
+ ;;
+ reload|force-reload)
+ start-stop-daemon --stop --quiet --signal 1 --exec $smbd -- -s $CONFIG_FILE
+ start-stop-daemon --stop --quiet --signal 1 --exec $nmbd -- -s $CONFIG_FILE
+ ;;
+ restart)
+ echo -n "Stopping Samba: smbd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid
+ echo -n " nmbd"
+ start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid
+ echo ""
+ echo -n "Waiting for samba processes to die off"
+ for i in 1 2 3 ;
+ do
+ sleep 1
+ echo -n "."
+ done
+ echo ""
+ echo -n "Starting Samba: smbd"
+ start-stop-daemon --start --quiet --exec $smbd -- -s $CONFIG_FILE
+ echo -n " nmbd"
+ start-stop-daemon --start --quiet --exec $nmbd -- -s $CONFIG_FILE
+ echo "."
+ ;;
+ *)
+ echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/packages/samba/files/smb-essential-inactive.conf b/packages/samba/files/smb-essential-inactive.conf
new file mode 100644
index 0000000000..c27c575d64
--- /dev/null
+++ b/packages/samba/files/smb-essential-inactive.conf
@@ -0,0 +1,34 @@
+
+
+[global]
+ workgroup = OPENZAURUS
+ server string = OpenZaurus Samba Server
+
+ netbios name = %L-INACTIVE
+
+ security = share
+
+ load printers = no
+
+ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+
+ dns proxy = yes
+
+
+#============================ Share Definitions ==============================
+
+[Samba-Help]
+ comment = How to enable Samba
+ path = /usr/share/samba/help
+ writable = no
+ public = yes
+ printable = no
+
+[printers]
+ comment = All Printers
+ path = /usr/spool/samba
+ guest ok = no
+ writable = no
+ printable = yes
+ browseable = no
+
diff --git a/packages/samba/files/smb-essential.conf b/packages/samba/files/smb-essential.conf
index 29681f3a64..0dc5eb0ba5 100644
--- a/packages/samba/files/smb-essential.conf
+++ b/packages/samba/files/smb-essential.conf
@@ -1,212 +1,60 @@
-# This is the main Samba configuration file. You should read the
-# smb.conf(5) manual page in order to understand the options listed
-# here. Samba has a huge number of configurable options (perhaps too
-# many!) most of which are not shown in this example
-#
-# For a step to step guide on installing, configuring and using samba,
-# read the Samba-HOWTO-Collection. This may be obtained from:
-# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
-#
-# Many working examples of smb.conf files can be found in the
-# Samba-Guide which is generated daily and can be downloaded from:
-# http://www.samba.org/samba/docs/Samba-Guide.pdf
-#
-# Any line which starts with a ; (semi-colon) or a # (hash)
-# is a comment and is ignored. In this example we will use a #
-# for commentry and a ; for parts of the config file that you
-# may wish to enable
-#
-# NOTE: Whenever you modify this file you should run the command "testparm"
-# to check that you have not made any basic syntactic errors.
-#
-#======================= Global Settings =====================================
-[global]
-# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
- workgroup = ZAURUS
-# server string is the equivalent of the NT Description field
+[global]
+ workgroup = OPENZAURUS
server string = OpenZaurus Samba Server
-
-# Security mode. Defines in which mode Samba will operate. Possible
-# values are share, user, server, domain and ads. Most people will want
-# user level security. See the Samba-HOWTO-Collection for details.
+
security = user
-# This option is important for security. It allows you to restrict
-# connections to machines which are on your local network. The
-# following example restricts access to two C class networks and
-# the "loopback" interface. For more examples of the syntax see
-# the smb.conf man page
-; hosts allow = 192.168.1. 192.168.2. 127.
-
-# If you want to automatically load your printer list rather
-# than setting them up individually then you'll need this
load printers = no
-# you may wish to override the location of the printcap file
-; printcap name = /etc/printcap
-
-# on SystemV system setting printcap name to lpstat should allow
-# you to automatically obtain a printer list from the SystemV spool
-# system
-; printcap name = lpstat
-
-# It should not be necessary to specify the print system type unless
-# it is non-standard. Currently supported print systems include:
-# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
-; printing = cups
-
-# Uncomment this if you want a guest account, you must add this to /etc/passwd
-# otherwise the user "nobody" is used
; guest account = pcguest
-# this tells Samba to use a separate log file for each machine
-# that connects
log file = /var/log.%m
-# Put a capping on the size of the log files (in Kb).
max log size = 50
-# Use password server option only with security = server
-# The argument list may include:
-# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
-# or to auto-locate the domain controller/s
-# password server = *
-; password server = <NT-Server-Name>
-
-# Use the realm option only with security = ads
-# Specifies the Active Directory realm the host is part of
-; realm = MY_REALM
-
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration.
-; passdb backend = tdbsam
-
-# Using the following line enables you to customise your configuration
-# on a per machine basis. The %m gets replaced with the netbios name
-# of the machine that is connecting.
-# Note: Consider carefully the location in the configuration file of
-# this line. The included file is read at that point.
-; include = /usr/local/samba/lib/smb.conf.%m
-
-# Most people will find that this option gives better performance.
-# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
-# and the manual pages for details.
-# You may want to add the following on a Linux system:
-# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
-# Configure Samba to use multiple interfaces
-# If you have multiple network interfaces then you must list them
-# here. See the man page for details.
-; interfaces = 192.168.12.2/24 192.168.13.2/24
-
-# Browser Control Options:
-# set local master to no if you don't want Samba to become a master
-# browser on your network. Otherwise the normal election rules apply
-; local master = yes
-
-# OS Level determines the precedence of this server in master browser
-# elections. The default value should be reasonable
-; os level = 33
-
-# Domain Master specifies Samba to be the Domain Master Browser. This
-# allows Samba to collate browse lists between subnets. Don't use this
-# if you already have a Windows NT domain controller doing this job
-; domain master = yes
-
-# Preferred Master causes Samba to force a local browser election on startup
-# and gives it a slightly higher chance of winning the election
-; preferred master = yes
-
-# Enable this if you want Samba to be a domain logon server for
-# Windows95 workstations.
-; domain logons = yes
-
-# if you enable domain logons then you may want a per-machine or
-# per user logon script
-# run a specific logon batch file per workstation (machine)
-; logon script = %m.bat
-# run a specific logon batch file per username
-; logon script = %U.bat
-
-# Where to store roving profiles (only for Win95 and WinNT)
-# %L substitutes for this servers netbios name, %U is username
-# You must uncomment the [Profiles] share below
-; logon path = \\%L\Profiles\%U
-
-# Windows Internet Name Serving Support Section:
-# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
-; wins support = yes
-
-# WINS Server - Tells the NMBD components of Samba to be a WINS Client
-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
-; wins server = w.x.y.z
-
-# WINS Proxy - Tells Samba to answer name resolution queries on
-# behalf of a non WINS capable client, for this to work there must be
-# at least one WINS Server on the network. The default is NO.
-; wins proxy = yes
-
-# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
-# via DNS nslookups. The default is NO.
- dns proxy = no
-
-# These scripts are used on a domain controller or stand-alone
-# machine to add or delete corresponding unix accounts
-; add user script = /usr/sbin/useradd %u
-; add group script = /usr/sbin/groupadd %g
-; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-; delete user script = /usr/sbin/userdel %u
-; delete user from group script = /usr/sbin/deluser %u %g
-; delete group script = /usr/sbin/groupdel %g
+ dns proxy = yes
#============================ Share Definitions ==============================
[homes]
- comment = Home Directories
+ comment = Home Directory for %U
browseable = no
writable = yes
-
-# Un-comment the following and create the netlogon directory for Domain Logons
-; [netlogon]
-; comment = Network Logon Service
-; path = /usr/local/samba/lib/netlogon
-; guest ok = yes
-; writable = no
-; share modes = no
-
-
-# Un-comment the following to provide a specific roving profile share
-# the default is to use the user's home directory
-;[Profiles]
-; path = /usr/local/samba/profiles
-; browseable = no
-; guest ok = yes
-
+ follow symlinks = yes
+ include = /etc/test.%U
# This one is useful for people to share files
-[tmp]
- comment = Temporary file space
- path = /tmp
- read only = no
- public = yes
+;[tmp]
+; comment = Temporary file space
+; path = /tmp
+; read only = no
+; public = yes
+
+[printers]
+ comment = All Printers
+ path = /usr/spool/samba
+ guest ok = no
+ writable = no
+ printable = yes
+ browseable = no
[CompactFlash]
comment = Compact Flash Storage
path = /media/cf
writable = yes
printable = no
- public = no
+ public = no
[SD-MMC]
comment = SD & MMC Storage
path = /media/card
writable = yes
printable = no
- public = no
+ public = no
[RootFS]
comment = Zaurus Rootfs
@@ -214,82 +62,21 @@
writable = yes
printable = no
public = no
+ follow symlinks = yes
+
+[Home]
+ comment = "User Home Directories"
+ path = /home
+ writable = yes
+ printable = no
+ public = no
+ follow symlinks = yes
[Samba-Help]
comment = How to configure Samba
path = /usr/share/samba/help
writable = no
- public = yes
- printable = no
-
-# A publicly accessible directory, but read only, except for people in
-# the "staff" group
-;[public]
-; comment = Public Stuff
-; path = /home/samba
-; public = yes
-; writable = yes
-; printable = no
-; write list = @staff
-
-# Other examples.
-#
-# A private printer, usable only by fred. Spool data will be placed in fred's
-# home directory. Note that fred must have write access to the spool directory,
-# wherever it is.
-;[fredsprn]
-; comment = Fred's Printer
-; valid users = fred
-; path = /homes/fred
-; printer = freds_printer
-; public = no
-; writable = no
-; printable = yes
-
-# A private directory, usable only by fred. Note that fred requires write
-# access to the directory.
-;[fredsdir]
-; comment = Fred's Service
-; path = /usr/somewhere/private
-; valid users = fred
-; public = no
-; writable = yes
-; printable = no
-
-# a service which has a different directory for each machine that connects
-# this allows you to tailor configurations to incoming machines. You could
-# also use the %U option to tailor it by user name.
-# The %m gets replaced with the machine name that is connecting.
-;[pchome]
-; comment = PC Directories
-; path = /usr/pc/%m
-; public = no
-; writable = yes
-
-# A publicly accessible directory, read/write to all users. Note that all files
-# created in the directory by users will be owned by the default user, so
-# any user with access can delete any other user's files. Obviously this
-# directory must be writable by the default user. Another user could of course
-# be specified, in which case all files would be owned by that user instead.
-;[public]
-; path = /usr/somewhere/else/public
-; public = yes
-; only guest = yes
-; writable = yes
-; printable = no
-
-# The following two entries demonstrate how to share a directory so that two
-# users can place files there that will be owned by the specific users. In this
-# setup, the directory should be writable by both users and should have the
-# sticky bit set on it to prevent abuse. Obviously this could be extended to
-# as many users as required.
-;[myshare]
-; comment = Mary's and Fred's stuff
-; path = /usr/somewhere/shared
-; valid users = mary fred
-; public = no
-; writable = yes
-; printable = no
-; create mask = 0765
-
-
+ public = yes
+ printable = no
+
+
diff --git a/packages/samba/samba-essential_3.0.20.bb b/packages/samba/samba-essential_3.0.20.bb
index 21130bb0ab..60e4f241d5 100644
--- a/packages/samba/samba-essential_3.0.20.bb
+++ b/packages/samba/samba-essential_3.0.20.bb
@@ -1,12 +1,13 @@
-PR = "r1"
+PR = "r2"
SRC_URI = "http://us2.samba.org/samba/ftp/stable/samba-${PV}.tar.gz \
file://configure.patch;patch=1 \
file://cifs.patch;patch=1 \
file://config-lfs.patch;patch=1 \
- file://init \
+ file://init-essential \
file://quota.patch;patch=1;pnum=0 \
file://smb-essential.conf \
+ file://smb-essential-inactive.conf \
file://Managing-Samba.txt"
S := ${WORKDIR}/samba-${PV}/source
@@ -41,12 +42,14 @@ do_install_append() {
rm -f ${D}/sbin/mount.smbfs
rmdir ${D}/sbin
install -d "${D}${sysconfdir}/init.d"
- install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/samba
+ install -c -m 755 ${WORKDIR}/init-essential ${D}${sysconfdir}/init.d/samba
install -d "${D}${sysconfdir}/samba"
install -d "${D}/usr/share/samba/help"
+ install ${WORKDIR}/smb-essential-inactive.conf "${D}${sysconfdir}/samba/"
install ${WORKDIR}/smb-essential.conf "${D}${sysconfdir}/samba/smb.conf"
+
install ${WORKDIR}/Managing-Samba.txt ${D}/usr/share/samba/help
}