Goal: enable net usershares by default at build time, with a limit of 100, and update the corresponding documentation Fixes: Debian bug #443230 Authors: Mathias Gug , Steve Langasek Status wrt upstream: Debian-specific Index: samba-3.0.26a/docs/manpages/smb.conf.5 =================================================================== --- samba-3.0.26a.orig/docs/manpages/smb.conf.5 +++ samba-3.0.26a/docs/manpages/smb.conf.5 @@ -253,7 +253,7 @@ .PP usershare path .RS 3n -Points to the directory containing the user defined share definitions. The filesystem permissions on this directory control who can create user defined shares. +Points to the directory containing the user-defined share definitions. The filesystem permissions on this directory control who can create user-defined shares. .RE .PP usershare prefix allow list @@ -271,32 +271,7 @@ Names a pre-existing share used as a template for creating new usershares. All other share parameters not specified in the user defined share definition are copied from this named share. .RE .PP -To allow members of the UNIX group -foo -to create user defined shares, create the directory to contain the share definitions as follows: -.PP -Become root: - -.nf - -mkdir /usr/local/samba/lib/usershares -chgrp foo /usr/local/samba/lib/usershares -chmod 1770 /usr/local/samba/lib/usershares - -.fi -.PP -Then add the parameters - -.sp - -.nf - - usershare path = /usr/local/samba/lib/usershares - usershare max shares = 10 # (or the desired number of shares) - -.fi -to the global section of your -\fIsmb.conf\fR. Members of the group foo may then manipulate the user defined shares using the following commands. +Members of the \fBsambashare\fR group can manipulate the user-defined shares using the following commands: .PP net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] .RS 3n @@ -6964,9 +6939,9 @@ .PP usershare path (G) .RS 3n -This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user defined shares are allowed. +This parameter specifies the absolute path of the directory on the filesystem used to store the user-defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user-defined shares are allowed. .sp -For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows. +For example, on Debian the default usershare directory of /var/lib/samba/usershares is set up as follows. .sp @@ -6974,16 +6949,16 @@ .nf - ls -ld /usr/local/samba/lib/usershares/ - drwxrwx--T 2 root power_users 4096 2006-05-05 12:27 /usr/local/samba/lib/usershares/ + ls -ld /var/lib/samba/usershares/ + drwxrwx--T 2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/ .fi .sp -In this case, only members of the group "power_users" can create user defined shares. +In this case, only members of the group "sambashare" can create user defined shares. .sp Default: -\fB\fIusershare path\fR = NULL \fR +\fB\fIusershare path\fR = /var/lib/samba/usershares \fR .RE .PP usershare prefix allow list (G) Index: samba-3.0.26a/docs/manpages/net.8 =================================================================== --- samba-3.0.26a.orig/docs/manpages/net.8 +++ samba-3.0.26a/docs/manpages/net.8 @@ -675,9 +675,9 @@ Store a secret for the sepcified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server. .SS "USERSHARE" .PP -Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands. +Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user-defined shares to be exported using the "net usershare" commands. .PP -To set this up, first set up your smb.conf by adding to the [global] section : usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops". Set the permissions on /usr/local/samba/lib/usershares to 01770. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file). Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb.conf a line such as : usershare max shares = 100. To allow 100 usershare definitions. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below. +Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below. .PP The usershare commands are: .IP "" 3n Index: samba-3.0.26a/source/param/loadparm.c =================================================================== --- samba-3.0.26a.orig/source/param/loadparm.c +++ samba-3.0.26a/source/param/loadparm.c @@ -1676,7 +1676,7 @@ pstrcat(s, "/usershares"); string_set(&Globals.szUsersharePath, s); string_set(&Globals.szUsershareTemplateShare, ""); - Globals.iUsershareMaxShares = 0; + Globals.iUsershareMaxShares = 100; /* By default disallow sharing of directories not owned by the sharer. */ Globals.bUsershareOwnerOnly = True; /* By default disallow guest access to usershares. */ Index: samba-3.0.26a/docs/htmldocs/manpages/smb.conf.5.html =================================================================== --- samba-3.0.26a.orig/docs/htmldocs/manpages/smb.conf.5.html +++ samba-3.0.26a/docs/htmldocs/manpages/smb.conf.5.html @@ -164,8 +164,8 @@ their own share definitions has been added. This capability is called usershares and is controlled by a set of parameters in the [global] section of the smb.conf. The relevant parameters are : -

usershare allow guests

Controls if usershares can permit guest access.

usershare max shares

Maximum number of user defined shares allowed.

usershare owner only

If set only directories owned by the sharing user can be shared.

usershare path

Points to the directory containing the user defined share definitions. - The filesystem permissions on this directory control who can create user defined shares.

usershare prefix allow list

Comma-separated list of absolute pathnames restricting what directories +

usershare allow guests

Controls if usershares can permit guest access.

usershare max shares

Maximum number of user defined shares allowed.

usershare owner only

If set only directories owned by the sharing user can be shared.

usershare path

Points to the directory containing the user-defined share definitions. + The filesystem permissions on this directory control who can create user-defined shares.

usershare prefix allow list

Comma-separated list of absolute pathnames restricting what directories can be shared. Only directories below the pathnames in this list are permitted.

usershare prefix deny list

Comma-separated list of absolute pathnames restricting what directories can be shared. Directories below the pathnames in this list are prohibited.

usershare template share

Names a pre-existing share used as a template for creating new usershares. All other share parameters not specified in the user defined share definition @@ -4509,25 +4509,25 @@

Default: usershare owner only = True

usershare path (G)

This parameter specifies the absolute path of the directory on the - filesystem used to store the user defined share definition files. + filesystem used to store the user-defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create - usershares. If this parameter is undefined then no user defined + usershares. If this parameter is undefined then no user-defined shares are allowed.

- For example, a valid usershare directory might be /usr/local/samba/lib/usershares, - set up as follows. + For example, on Debian the default usershare directory of + /var/lib/samba/usershares is set up as follows. 

-	ls -ld /usr/local/samba/lib/usershares/
-	drwxrwx--T  2 root power_users 4096 2006-05-05 12:27 /usr/local/samba/lib/usershares/
+	ls -ld /var/lib/samba/usershares/
+	drwxrwx--T  2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/

- In this case, only members of the group "power_users" can create user defined shares. -

Default: usershare path = NULL + In this case, only members of the group "sambashare" can create user defined shares. +

Default: usershare path = /var/lib/samba/usershares

usershare prefix allow list (G)

This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions. Index: samba-3.0.26a/docs/htmldocs/manpages/net.8.html =================================================================== --- samba-3.0.26a.orig/docs/htmldocs/manpages/net.8.html +++ samba-3.0.26a/docs/htmldocs/manpages/net.8.html @@ -249,30 +249,10 @@ that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server.

USERSHARE

Starting with version 3.0.23, a Samba server now supports the ability for -non-root users to add user define shares to be exported using the "net usershare" +non-root users to add user-defined shares to be exported using the "net usershare" commands.

-To set this up, first set up your smb.conf by adding to the [global] section : - -usershare path = /usr/local/samba/lib/usershares - -Next create the directory /usr/local/samba/lib/usershares, change the owner to root and -set the group owner to the UNIX group who should have the ability to create usershares, -for example a group called "serverops". - -Set the permissions on /usr/local/samba/lib/usershares to 01770. - -(Owner and group all access, no access for others, plus the sticky bit, -which means that a file in that directory can be renamed or deleted only -by the owner of the file). - -Finally, tell smbd how many usershares you will allow by adding to the [global] -section of smb.conf a line such as : - -usershare max shares = 100. - -To allow 100 usershare definitions. Now, members of the UNIX group "serverops" -can create user defined shares on demand using the commands below. +Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below.

The usershare commands are:

net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.
net usershare delete sharename - to delete a user defined share.
net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.
net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.