File Sharing¶
File sharing provides files available to users in the network, allowing access to work with them, download or modify them. The protocol SMB/CIFS [4] is used in Zentyal to maintain compatibility with Microsoft clients. SMB/CIFS is also supported by most Operating Systems, including mobiles and different network devices.
| [4] | http://en.wikipedia.org/wiki/Server_Message_Block |
Configuring a file server with Zentyal¶
Once the Domain Controller and File Sharing module is enabled (either as a Domain Controller or as an Additional Domain Controller), your server can act as an SMB/CIFS File server.
Warning
Take note that shares doesn’t synchronized between the domain controllers and they are linked to the controller where they were defined.
By default each LDAP user has a personal /home/<username> directory on the server. If the Users, Computers and File Sharing module is active this directory will be accessible to the specific user (and only to the user) through SMB/CIFS. Furthermore, if a Windows client host is joined to the domain this directory will be automounted as drive H:.
To create a shared directory, use File Sharing, Shares tab and click Add new.
Adding a new share
Enabled:
Leave it checked if this directory needs to be shared. Disable to stop sharing.
Share name:
The name of the shared directory.
Share path:
Directory path to be shared. You can create a sub-directory within the Zentyal specific directory /home/samba/shares, or use an existing file system pathway by selecting Filesystem path.
Comment:
A more detailed description of the shared directory simplifies management of shared assets.
Guest access:
Enabling this option allows a shared directory to be accessible without authentication. Any other access settings will be ignored.
List of shares
Shared directories can be edited using Access control. By clicking on Add new, you can assign read, read/write or administration permissions to a user or group. If a user is a shared directory administrator, he/she can read, write and delete any user files within that directory.
Adding a new ACL (Access Control List)
If you want to store deleted files in a special directory called RecycleBin, you can check the Enable recycle bin box using File Sharing, Recycle bin tab. If you do not want to use this for all shared resources, then you can add exceptions using Resources excluded from Recycle Bin. Other default settings for this feature, such as the directory name, can be modified using the file /etc/zentyal/samba.conf.
Recycle bin
Also, it is possible to enable the audit mode to the shared resources. This mode allow us to have a record in the log file /var/lib/syslog with all the actions which are made in the shared resources.
Audit mode
If you are using a Commercial Edition of Zentyal, you could access to the Antivirus left menu, and then, you can enable virus analysis for your shared files. You can also add exceptions for the folders that do not need require virus check. You need the antivirus module installed and enabled to use this feature. The check is done in real time when trying to access a file, resulting in an access denied error if the file is infected.
An Antivirus configuration example
As the previous picture shows, to forbid the access of infected files we will enable the “on-access” option. By default is included the whole /home path which includes the /home/samba/shares with the default shared of Zentyal. We added too an exclusion rule for /home/admin and an inclusion rule in order to check the files uploaded by FTP.
Furthermore, the File Sharing daemon is tightly integrated with the Kerberos subsytem (See Kerberos Authentication System on the previous chapter), meaning that if your client is joined to the domain or has acquired the Kerberos TGT by other means, the ACL explained above will be honored without any user intervention.