Frequently Asked Questions: Difference between revisions
(added example) |
|||
Line 117: | Line 117: | ||
# ls -ld /home/storage |
# ls -ld /home/storage |
||
drwxrwsr-x 47 root dom_users 4096 Jan 31 08:09 /home/storage |
drwxrwsr-x 47 root dom_users 4096 Jan 31 08:09 /home/storage |
||
if you create a new file 'abc' as user 'foo' who has the primary group 'users' the file is created as |
|||
# ls -ld /home/storage/* |
|||
drwxrwsr-x 47 foo dom_users 4096 Jan 31 08:09 /home/storage/abc |
|||
==guest access== |
==guest access== |
Revision as of 17:45, 25 April 2006
What are tdb files?
Answered by Jerry Carter on samba@lists.samba.org [1]
Samba uses a lightweight database called Trivial Database
(tdb). Here's the list (john, we should really document
this somewhere).
(*) information persistent across restarts (but not necessarily important to backup).
account_policy.tdb* | NT account policy settings such as pw expiration, etc... |
brlock.tdb | byte range locks |
browse.dat | browse lists |
connections.tdb | share connections (used to enforce max connections, etc...) |
gencache.tdb | generic caching db |
group_mapping.tdb* | group mapping information |
lang_en.tdb | Language encodings (i think). |
locking.tdb | share modes & oplocks |
login_cache.tdb* | bad pw attempts |
messages.tdb | Samba messaging system |
netsamlogon_cache.tdb* | cache of user net_info_3 struct from net_samlogon() request (as a domain member) |
ntdrivers.tdb* | installed printer drivers |
ntforms.tdb* | installed printer forms |
ntprinters.tdb* | installed printer information |
printing/ | directory containing tdb per print queue of cached lpq output |
registry.tdb | Windows registry skeleton (connect via regedit.exe) |
sessionid.tdb | session information (e.g. support for 'utmp = yes') |
share_info.tdb* | share acls |
unexpected.tdb | unexpected packet queue needed to support windows clients that respond on a difference port that the originating request) (i could be wrong on this one). |
winbindd_cache.tdb | winbindd's cache of user lists, etc... |
winbindd_idmap.tdb* | winbindd's local idmap db |
wins.dat* | wins database when 'wins support = yes' |
In the private subdirectory we have two more tdb files:
secrets.tdb* | Private information like workstation passwords, the ldap admin dn and trust account information |
passdb.tdb* | User account information if passdb backend = tdbsam is used |
The following tdb's should be backed up IMO:
nt*.tdb
account_policy.tdb
group_mapping.tdb
share_info.tdb
winbindd_idmap.tdb
secrets.tdb
passdb.tdb
vfs objects = recycle recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP recycle:exclude_dir= /tmp,/temp,/cache recycle:repository = .recycle/.recycle.%u recycle:noversions = *.doc,*.xls,*.ppt #hide files = /.recycle.*/.recycle/ #veto files = /.recycle.*/.recycle/
inherit permissions
Use the UNIX form of setgid to make all files and subdirectories belong to the enclosing group.
For example: the root directory for a samba share appears as:
# ls -ld /home/storage drwxrwxr-x 47 root dom_users 4096 Jan 31 08:09 /home/storage
change the directory so all files & subdirectories created will belong to 'dom_users' group:
# chmod g+s /home/storage
verify the results:
# ls -ld /home/storage drwxrwsr-x 47 root dom_users 4096 Jan 31 08:09 /home/storage
if you create a new file 'abc' as user 'foo' who has the primary group 'users' the file is created as
# ls -ld /home/storage/* drwxrwsr-x 47 foo dom_users 4096 Jan 31 08:09 /home/storage/abc
guest access
The Guest account of the windows world is mapped to the user nobody in the unix world. This can be changed with the global option guest account which defaults to nobody. Also the guest ok parameter on every share deafult to no. The unix account nobody must exist in your account database. If the Guest has read or write access to the share depends on the mode bits of the path and wether the share has read only = no set.
To enable guest access to a share you need the following parameters in your smb.conf:
[global] security = user map to guest = Bad Password [share_definition] guest ok = yes
The other way to get public access is to use security = share. Then all access is mapped to the guest account. But this is not a good choice since you cant distinguish between authorized users and anonymous users.