diff options
author | Matthias Hentges <oe@hentges.net> | 2006-05-27 13:07:13 +0000 |
---|---|---|
committer | OpenEmbedded Project <openembedded-devel@lists.openembedded.org> | 2006-05-27 13:07:13 +0000 |
commit | 0ac0f2907d567cb7513958de0285c4fc0818e855 (patch) | |
tree | af1e29c5a3962240069931e983471650c436817b | |
parent | 510c8990d1d46f56bd5ca2434e23fd67aaa762b7 (diff) |
samba: samba-sessential: The next step on my way to a fool-proof samba server. This one starts a wide open p/w-less server with a single share containing a helpfile explaining how to configure a samba user+password. Once that's done the _real_ secure samba server is activated grating access to the targets filesystem via encrypted passwords
-rw-r--r-- | packages/samba/files/Managing-Samba.txt | 74 | ||||
-rw-r--r-- | packages/samba/files/init-essential | 68 | ||||
-rw-r--r-- | packages/samba/files/smb-essential-inactive.conf | 34 | ||||
-rw-r--r-- | packages/samba/files/smb-essential.conf | 283 | ||||
-rw-r--r-- | packages/samba/samba-essential_3.0.20.bb | 9 |
5 files changed, 183 insertions, 285 deletions
diff --git a/packages/samba/files/Managing-Samba.txt b/packages/samba/files/Managing-Samba.txt index 079cf34e4b..01f7592824 100644 --- a/packages/samba/files/Managing-Samba.txt +++ b/packages/samba/files/Managing-Samba.txt @@ -1,34 +1,40 @@ -This device is running a bare-bone Samba server which allows easy -transfer of files and directories between any networked desktop PC and -your networked PDA. - -Since it is generally a bad idea to allow everyone read and write access -to your PDA, you will have to configure at least one user to get access to -any shared folder but "tmp" (tmp is read-write for everyone). - -How to create a Samba user with password: - -- If you haven't already created a non-root user, do so now: - root@poodle:/usr/bin# adduser testuser - Changing password for testuser - Enter the new password (minimum of 5, maximum of 8 characters) - Please use a combination of upper and lower case letters and numbers. - Enter new password: - Bad password: too short. - - Warning: weak password (continuing). - Re-enter new password: - Password changed. - root@poodle:/usr/bin# - -- Note that the password you entered will _not_ be your samba password. - Samba uses its own password database. - -- Add a Samba password for your user: - root@poodle:/usr/bin# smbpasswd -a testuser - New SMB password: - Retype new SMB password: - Added user testuser. - root@poodle:/usr/bin# - -- Done ;) +This device is running a bare-bone Samba server which allows easy
+transfer of files and directories between any networked desktop PC and
+your networked PDA.
+
+Since it is generally a bad idea to allow everyone read and write access
+to your PDA, you will have to configure at least one user to get access to
+any shared folder.
+
+How to create a Samba user with password:
+
+- If you haven't already created a non-root user, do so now:
+ root@poodle:/usr/bin# adduser testuser
+ Changing password for testuser
+ Enter the new password (minimum of 5, maximum of 8 characters)
+ Please use a combination of upper and lower case letters and numbers.
+ Enter new password:
+ Bad password: too short.
+
+ Warning: weak password (continuing).
+ Re-enter new password:
+ Password changed.
+ root@poodle:/usr/bin#
+
+- Note that the password you entered will _not_ be your samba password.
+ Samba uses its own password database.
+
+- Add a Samba password for your user:
+ root@poodle:/usr/bin# smbpasswd -a testuser
+ New SMB password:
+ Retype new SMB password:
+ Added user testuser.
+ root@poodle:/usr/bin#
+
+- After you have added your new samba user, you'll have to restart the samba
+ server by running "/etc/init.d/samba restart" or by rebooting the device
+
+- Use the newly created username / password combination to access your network
+ shares. Please note the the Samba username must also exist as a unix username!
+
+
diff --git a/packages/samba/files/init-essential b/packages/samba/files/init-essential new file mode 100644 index 0000000000..59184ce733 --- /dev/null +++ b/packages/samba/files/init-essential @@ -0,0 +1,68 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/samba and type +# > update-rc.d samba defaults 60 +# + + +smbd=/usr/sbin/smbd +test -x "$smbd" || exit 0 +nmbd=/usr/sbin/nmbd +test -x "$nmbd" || exit 0 + + +if test -e /etc/samba/private/smbpasswd +then + if test -n "`cat /etc/samba/private/smbpasswd`" + then + CONFIG_FILE="/etc/samba/smb.conf" + fi +fi + +test -z "$CONFIG_FILE" && CONFIG_FILE="/etc/samba/smb-essential-inactive.conf" + +case "$1" in + start) + echo -n "Starting Samba: smbd" + start-stop-daemon --start --quiet --exec $smbd -- -s $CONFIG_FILE + echo -n " nmbd" + start-stop-daemon --start --quiet --exec $nmbd -- -s $CONFIG_FILE + echo "." + ;; + stop) + echo -n "Stopping Samba: smbd" + start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid + echo -n " nmbd" + start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid + echo "." + ;; + reload|force-reload) + start-stop-daemon --stop --quiet --signal 1 --exec $smbd -- -s $CONFIG_FILE + start-stop-daemon --stop --quiet --signal 1 --exec $nmbd -- -s $CONFIG_FILE + ;; + restart) + echo -n "Stopping Samba: smbd" + start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid + echo -n " nmbd" + start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid + echo "" + echo -n "Waiting for samba processes to die off" + for i in 1 2 3 ; + do + sleep 1 + echo -n "." + done + echo "" + echo -n "Starting Samba: smbd" + start-stop-daemon --start --quiet --exec $smbd -- -s $CONFIG_FILE + echo -n " nmbd" + start-stop-daemon --start --quiet --exec $nmbd -- -s $CONFIG_FILE + echo "." + ;; + *) + echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload}" + exit 1 +esac + +exit 0 diff --git a/packages/samba/files/smb-essential-inactive.conf b/packages/samba/files/smb-essential-inactive.conf new file mode 100644 index 0000000000..c27c575d64 --- /dev/null +++ b/packages/samba/files/smb-essential-inactive.conf @@ -0,0 +1,34 @@ + + +[global] + workgroup = OPENZAURUS + server string = OpenZaurus Samba Server + + netbios name = %L-INACTIVE + + security = share + + load printers = no + + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + + dns proxy = yes + + +#============================ Share Definitions ============================== + +[Samba-Help] + comment = How to enable Samba + path = /usr/share/samba/help + writable = no + public = yes + printable = no + +[printers] + comment = All Printers + path = /usr/spool/samba + guest ok = no + writable = no + printable = yes + browseable = no + diff --git a/packages/samba/files/smb-essential.conf b/packages/samba/files/smb-essential.conf index 29681f3a64..0dc5eb0ba5 100644 --- a/packages/samba/files/smb-essential.conf +++ b/packages/samba/files/smb-essential.conf @@ -1,212 +1,60 @@ -# This is the main Samba configuration file. You should read the -# smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options (perhaps too -# many!) most of which are not shown in this example -# -# For a step to step guide on installing, configuring and using samba, -# read the Samba-HOWTO-Collection. This may be obtained from: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf -# -# Many working examples of smb.conf files can be found in the -# Samba-Guide which is generated daily and can be downloaded from: -# http://www.samba.org/samba/docs/Samba-Guide.pdf -# -# Any line which starts with a ; (semi-colon) or a # (hash) -# is a comment and is ignored. In this example we will use a # -# for commentry and a ; for parts of the config file that you -# may wish to enable -# -# NOTE: Whenever you modify this file you should run the command "testparm" -# to check that you have not made any basic syntactic errors. -# -#======================= Global Settings ===================================== -[global] -# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH - workgroup = ZAURUS -# server string is the equivalent of the NT Description field +[global] + workgroup = OPENZAURUS server string = OpenZaurus Samba Server - -# Security mode. Defines in which mode Samba will operate. Possible -# values are share, user, server, domain and ads. Most people will want -# user level security. See the Samba-HOWTO-Collection for details. + security = user -# This option is important for security. It allows you to restrict -# connections to machines which are on your local network. The -# following example restricts access to two C class networks and -# the "loopback" interface. For more examples of the syntax see -# the smb.conf man page -; hosts allow = 192.168.1. 192.168.2. 127. - -# If you want to automatically load your printer list rather -# than setting them up individually then you'll need this load printers = no -# you may wish to override the location of the printcap file -; printcap name = /etc/printcap - -# on SystemV system setting printcap name to lpstat should allow -# you to automatically obtain a printer list from the SystemV spool -# system -; printcap name = lpstat - -# It should not be necessary to specify the print system type unless -# it is non-standard. Currently supported print systems include: -# bsd, cups, sysv, plp, lprng, aix, hpux, qnx -; printing = cups - -# Uncomment this if you want a guest account, you must add this to /etc/passwd -# otherwise the user "nobody" is used ; guest account = pcguest -# this tells Samba to use a separate log file for each machine -# that connects log file = /var/log.%m -# Put a capping on the size of the log files (in Kb). max log size = 50 -# Use password server option only with security = server -# The argument list may include: -# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] -# or to auto-locate the domain controller/s -# password server = * -; password server = <NT-Server-Name> - -# Use the realm option only with security = ads -# Specifies the Active Directory realm the host is part of -; realm = MY_REALM - -# Backend to store user information in. New installations should -# use either tdbsam or ldapsam. smbpasswd is available for backwards -# compatibility. tdbsam requires no further configuration. -; passdb backend = tdbsam - -# Using the following line enables you to customise your configuration -# on a per machine basis. The %m gets replaced with the netbios name -# of the machine that is connecting. -# Note: Consider carefully the location in the configuration file of -# this line. The included file is read at that point. -; include = /usr/local/samba/lib/smb.conf.%m - -# Most people will find that this option gives better performance. -# See the chapter 'Samba performance issues' in the Samba HOWTO Collection -# and the manual pages for details. -# You may want to add the following on a Linux system: -# SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 -# Configure Samba to use multiple interfaces -# If you have multiple network interfaces then you must list them -# here. See the man page for details. -; interfaces = 192.168.12.2/24 192.168.13.2/24 - -# Browser Control Options: -# set local master to no if you don't want Samba to become a master -# browser on your network. Otherwise the normal election rules apply -; local master = yes - -# OS Level determines the precedence of this server in master browser -# elections. The default value should be reasonable -; os level = 33 - -# Domain Master specifies Samba to be the Domain Master Browser. This -# allows Samba to collate browse lists between subnets. Don't use this -# if you already have a Windows NT domain controller doing this job -; domain master = yes - -# Preferred Master causes Samba to force a local browser election on startup -# and gives it a slightly higher chance of winning the election -; preferred master = yes - -# Enable this if you want Samba to be a domain logon server for -# Windows95 workstations. -; domain logons = yes - -# if you enable domain logons then you may want a per-machine or -# per user logon script -# run a specific logon batch file per workstation (machine) -; logon script = %m.bat -# run a specific logon batch file per username -; logon script = %U.bat - -# Where to store roving profiles (only for Win95 and WinNT) -# %L substitutes for this servers netbios name, %U is username -# You must uncomment the [Profiles] share below -; logon path = \\%L\Profiles\%U - -# Windows Internet Name Serving Support Section: -# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server -; wins support = yes - -# WINS Server - Tells the NMBD components of Samba to be a WINS Client -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -; wins server = w.x.y.z - -# WINS Proxy - Tells Samba to answer name resolution queries on -# behalf of a non WINS capable client, for this to work there must be -# at least one WINS Server on the network. The default is NO. -; wins proxy = yes - -# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names -# via DNS nslookups. The default is NO. - dns proxy = no - -# These scripts are used on a domain controller or stand-alone -# machine to add or delete corresponding unix accounts -; add user script = /usr/sbin/useradd %u -; add group script = /usr/sbin/groupadd %g -; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u -; delete user script = /usr/sbin/userdel %u -; delete user from group script = /usr/sbin/deluser %u %g -; delete group script = /usr/sbin/groupdel %g + dns proxy = yes #============================ Share Definitions ============================== [homes] - comment = Home Directories + comment = Home Directory for %U browseable = no writable = yes - -# Un-comment the following and create the netlogon directory for Domain Logons -; [netlogon] -; comment = Network Logon Service -; path = /usr/local/samba/lib/netlogon -; guest ok = yes -; writable = no -; share modes = no - - -# Un-comment the following to provide a specific roving profile share -# the default is to use the user's home directory -;[Profiles] -; path = /usr/local/samba/profiles -; browseable = no -; guest ok = yes - + follow symlinks = yes + include = /etc/test.%U # This one is useful for people to share files -[tmp] - comment = Temporary file space - path = /tmp - read only = no - public = yes +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +[printers] + comment = All Printers + path = /usr/spool/samba + guest ok = no + writable = no + printable = yes + browseable = no [CompactFlash] comment = Compact Flash Storage path = /media/cf writable = yes printable = no - public = no + public = no [SD-MMC] comment = SD & MMC Storage path = /media/card writable = yes printable = no - public = no + public = no [RootFS] comment = Zaurus Rootfs @@ -214,82 +62,21 @@ writable = yes printable = no public = no + follow symlinks = yes + +[Home] + comment = "User Home Directories" + path = /home + writable = yes + printable = no + public = no + follow symlinks = yes [Samba-Help] comment = How to configure Samba path = /usr/share/samba/help writable = no - public = yes - printable = no - -# A publicly accessible directory, but read only, except for people in -# the "staff" group -;[public] -; comment = Public Stuff -; path = /home/samba -; public = yes -; writable = yes -; printable = no -; write list = @staff - -# Other examples. -# -# A private printer, usable only by fred. Spool data will be placed in fred's -# home directory. Note that fred must have write access to the spool directory, -# wherever it is. -;[fredsprn] -; comment = Fred's Printer -; valid users = fred -; path = /homes/fred -; printer = freds_printer -; public = no -; writable = no -; printable = yes - -# A private directory, usable only by fred. Note that fred requires write -# access to the directory. -;[fredsdir] -; comment = Fred's Service -; path = /usr/somewhere/private -; valid users = fred -; public = no -; writable = yes -; printable = no - -# a service which has a different directory for each machine that connects -# this allows you to tailor configurations to incoming machines. You could -# also use the %U option to tailor it by user name. -# The %m gets replaced with the machine name that is connecting. -;[pchome] -; comment = PC Directories -; path = /usr/pc/%m -; public = no -; writable = yes - -# A publicly accessible directory, read/write to all users. Note that all files -# created in the directory by users will be owned by the default user, so -# any user with access can delete any other user's files. Obviously this -# directory must be writable by the default user. Another user could of course -# be specified, in which case all files would be owned by that user instead. -;[public] -; path = /usr/somewhere/else/public -; public = yes -; only guest = yes -; writable = yes -; printable = no - -# The following two entries demonstrate how to share a directory so that two -# users can place files there that will be owned by the specific users. In this -# setup, the directory should be writable by both users and should have the -# sticky bit set on it to prevent abuse. Obviously this could be extended to -# as many users as required. -;[myshare] -; comment = Mary's and Fred's stuff -; path = /usr/somewhere/shared -; valid users = mary fred -; public = no -; writable = yes -; printable = no -; create mask = 0765 - - + public = yes + printable = no + + diff --git a/packages/samba/samba-essential_3.0.20.bb b/packages/samba/samba-essential_3.0.20.bb index 21130bb0ab..60e4f241d5 100644 --- a/packages/samba/samba-essential_3.0.20.bb +++ b/packages/samba/samba-essential_3.0.20.bb @@ -1,12 +1,13 @@ -PR = "r1" +PR = "r2" SRC_URI = "http://us2.samba.org/samba/ftp/stable/samba-${PV}.tar.gz \ file://configure.patch;patch=1 \ file://cifs.patch;patch=1 \ file://config-lfs.patch;patch=1 \ - file://init \ + file://init-essential \ file://quota.patch;patch=1;pnum=0 \ file://smb-essential.conf \ + file://smb-essential-inactive.conf \ file://Managing-Samba.txt" S := ${WORKDIR}/samba-${PV}/source @@ -41,12 +42,14 @@ do_install_append() { rm -f ${D}/sbin/mount.smbfs rmdir ${D}/sbin install -d "${D}${sysconfdir}/init.d" - install -c -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/samba + install -c -m 755 ${WORKDIR}/init-essential ${D}${sysconfdir}/init.d/samba install -d "${D}${sysconfdir}/samba" install -d "${D}/usr/share/samba/help" + install ${WORKDIR}/smb-essential-inactive.conf "${D}${sysconfdir}/samba/" install ${WORKDIR}/smb-essential.conf "${D}${sysconfdir}/samba/smb.conf" + install ${WORKDIR}/Managing-Samba.txt ${D}/usr/share/samba/help } |