Samba – How to force Samba to create directory

active-directorysambashare

I need help with Samba configuration.

What I want to achieve is configuration, where windows user on share see only his files.
This is simply achived With configuration like this:

Users are authorized by Windows AD Server

[BACKUP]
  comment = BACKUP STORAGE LOCATION
  path = /storage/BACKUP
  read only = no
  browseable = yes
  writable = yes
  create mode = 0600
  directory mode = 0700
  force directory mode = 0700
  force create mode = 0600
  access based share enum = yes
  hide unreadable = yes
  valid users = "@DOMAINNAME+SOMEUSERGROUP"

It works ok but…
On the server side, everything in directory /storage/BACKUP keeps files of every user.

So I would like to create directory here for every user (I Can't use [home], because it's already used)

So i Would like to keep it like this:

/storage/BACKUP/username/

So when i change path, and add %U at end, everything is almost ok.

The problem is that i need to manually create directory /storage/BACKUP/username.

So what i need is somehow force Samba to create this directory before user to access this share.

I've tried adding add user script = /path/to/mkdir /storage/BACKUP/%U
But this is not working because:

I don't know why 😉
I've already have users logged in before
It should start for new created users, this will be ok for me, but it not works.

I'm not creating users in linux, after they login, so i'm not using add user/machine script anywhere else.

So i want to force Samba to create directory for user, when this user tries to connect.
I'm searching google from couple of hours, and didn't find a way to do it that will work for me.

I need to keep /server/BACKUP location for everyone, but on the server side, Need to keep files in separated directories per user, so creating a new share is also not a solution.

Best Answer

You can use the preexec or root preexec options for this. They specify a script that is run upon connection to a share. In case of preexec the share is run as the connecting user, and as root with root preexec.

In your share:

[BACKUP]
root preexec = /etc/samba/gendir.sh %u

where /etc/samba/gendir.sh looks somewhat like this:

#!/bin/bash 
DIRECTORY=/storage/BACKUP/$1
if [ ! -d "$DIRECTORY" ]; then
   mkdir $DIRECTORY
fi

Depending on your requirements, add chown and/or chmod statements to the script.

Related Solutions

Samba log in Guest always asked

Something to keep in mind is that Windows cleverly will only authenticate with one username per server, so if you have other shares on that server, you must have the same username and password for all of the shares on the server.

Samba Permissions – I’m going to throw it!

This might help. I do something similar, but only one share is open to the group's users. Other shares are read-only except for a single maintainer user. The [global] section of my smb.conf is almost identical to yours, except I don't use the force create/directory mode directives (in my case, they'd interfere with the other shares).

Here's the share definition:

[shared stuff]
        comment = blah, blah, etc
        path = /path/to/share
        write list = @sambagroup
        force group = +sambagroup
        read only = yes
        directory mask = 0775
        create mask = 0664
        guest ok = yes
        invalid users = root
        case sensitive = True
        default case = lower
        preserve case = yes
        short preserve case = yes

The important stuff here are these:

read only = yes -- by default, read only.
guest ok = yes -- guests can browse.
write list = @sambagroup -- Authenticated members of sambagroup can write.
force group = +sambagroup -- The + means that the force only applies to existing members of sambagroup. They're already the only ones who can write. I think, without the +, guest is given sambagroup credentials, which is not wanted (particularly with the write list directive above).
directory mask = 0775
create mask = 0664

These do exactly what you want yours to do: "drwxrwxr-x" on directories, "rwxrwxr-x" on files, and newly created files are owned by the user and sambagroup. The maintainers of the other shares get the same permissions as everyone else when working in shared stuff, and permissions & groups are normal when they work in the other shares.

My smb.conf has been working with only minor tweaks through several different versions of Samba, and currently is used with Samba 3.2.5. I never had it running on Ubuntu 8.04, but it ran on Ubuntu 7.04 for a long time before getting migrated to a recent Debian Lenny install.

Best Answer

Related Solutions

Samba log in Guest always asked

Samba Permissions – I’m going to throw it!

Related Topic