Month: February 2017

Posted on

SAMBA group Permissions Centos 7

Mary, Eve, Peter and Julian are coworkers in a new startup.

their share all documents in a samba share because they’re using cutting edge technologies.

One shared folder is mapped to a network drive inside these unit there are 4 folders, billing, marketing, projects and contracts, permisions are defined by the next matrix

They are a little special and they need to have all folders inside the network unit, because they waste a lot of time searching for server folders.

So let’s go to configure this samba server under Centos 7.

1.- we will need to install several packages


yum -y update

yum install epel-release

yum install samba samba-client samba-common vim

2.- Open several ports and enable services


systemctl enable smb.service
systemctl enable nmb.service
systemctl start smb.service
systemctl start nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

3.- Create users

Each member of group needs an user


adduser   -s /sbin/nologin mary
adduser   -s /sbin/nologin eve
adduser   -s /sbin/nologin peter
adduser   -s /sbin/nologin julian

4.- Create Groups

each folder needs a group


groupadd billing
groupadd marketing
groupadd projects
groupadd contracts

5.- Join Groups and users

We will need to join users and groups


usermod -a -G billing mary
usermod -a -G marketing mary
usermod -a -G marketing eve
usermod -a -G projects eve
usermod -a -G projects peter
usermod -a -G contracts peter
usermod -a -G contracts julian
usermod -a -G billing julian

6.- Create samba config

we will edit our samba config, shared folder will be at /media/shared


vim /etc/samba/smb.conf

our config file should be like these


[global]
workgroup = SAMBA
security = user
name = THESERVER
passdb backend = tdbsam

[shared]
comment = shared folder
path = /media/shared
guest ok = no
guest only = no
write list = @billing, @marketing, @projects, @contracts
valid users = @billing, @marketing, @projects, @contracts
create mask = 660
directory mask = 2770

we need to inform selinux that /media/shared directory will be user by samba process


chcon -t samba_share_t /media/shared/

7 Create directory structure

we need to create our directory structure inside /media/shared and give correct permissions.


mkdir billing
mkdir marketing
mkdir projects
mkdir contracts

chgrp billing billing/

chgrp contracts contracts/

chgrp marketing marketing/

chgrp  projects projects/

and now here it’s the magic

all directories needs to have read and write permisions for group


chmod g+rw *

and we will enable Set Group ID for all directories


chmod g+s *

with Set Group ID SETGID all files created in each directory will have the same group that parent directory

8 Create password for users

each user needs to have a password to access to shared folder


smbpasswd -a mary

smbpasswd -a eve

smbpasswd -a peter

smbpasswd -a julian

Test if everything is working

Enjoy

Posted on

Installing Zabbix Agent onto a Sinology DS216J

Nowadays small storage servers are a cheap solution for store backups and SME storage server.

Recently  Small business with various Sinology Servers in different locations asked me if there any way to control a few parameters like free storage space.

Quickly I remember that zabbix could be a good solution for this scenario, I get a Sinology DS216J and start checking if where posible to install a zabbix agent inside.

Like Qnap these devices are small ARM processors with a customized linux distribution installed.

The process was simply, Just attach a hard disk and update to latest firmware, remember newer is always better.

After First steps, we will need to get a terminal access.

This is easy

Login as admin in your sinology web interface an go to Control Panel -> Advanced Mode -> Terminal & SNMP and enable SSH service

from a linux terminal or  using putty we will login in the sinology


ssh admin@'sinology ip'

for example ssh admin@192.168.100.1

now we are inside the nas linux, first we will need to change to root user


sudo su -

now we can install Entware-ng that is a package repository only a few steps are needed

create a dir to store packages


mkdir -p /volume1/@entware-ng/opt

change /opt dir to the previous created


rm -rf /opt
ln -sf /volume1/@entware-ng/opt /opt

now we will execute the repo installer, in our case we are runing an armv7


wget -O - http://pkg.entware.net/binaries/armv7/installer/entware_install.sh | /bin/sh

next step is integrade entware with our profile

just edit /etc/profile and append these line at the end

. /opt/etc/profile

now we should reboot our nas and login again as admin

and start zabbix installation


opkg update

and we can install zabbix agent


opkg install zabbix-agentd

your zabbix configuration file will be at

/opt/etc/zabbix_agentd.conf

and you can start and stop zabbix agent launching this command


/opt/etc/init.d/S07zabbix_agentd start

/opt/etc/init.d/S07zabbix_agentd stop

 

references:

https://github.com/Entware-ng/Entware-ng/wiki/Install-on-Synology-NAS