Filesharing

File sharing provides files available to users in the network, allowing access to work with them, download or modify them. The protocol SMB/CIFS [4] is used in Zentyal to maintain compatibility with Microsoft clients. SMB/CIFS is also supported by most Operating Systems, including mobiles and different network devices.

[4]http://en.wikipedia.org/wiki/Server_Message_Block

Configuring a file server with Zentyal

Once the Domain Controller and File Sharing module is enabled (either as a Domain Controller or as an Additional Domain Controller), your server can act as an SMB/CIFS File server.

Warning

Take note that shares doesn’t synchronized between the domain controllers and they are linked to the controller where they were defined.

By default each LDAP user has a personal /home/<username> directory on the server. If the Users, Computers and File Sharing module is active this directory will be accessible to the specific user (and only to the user) through SMB/CIFS. Furthermore, if a Windows client host is joined to the domain this directory will be automounted as drive H:.

To create a shared directory, use File Sharing, Shares tab and click Add new.

_images/directory-07-file-sharing.png

Adding a new share

Enabled:

Leave it checked if this directory needs to be shared. Disable to stop sharing.

Share name:

The name of the shared directory.

Share path:

Directory path to be shared. You can create a sub-directory within the Zentyal specific directory /home/samba/shares, or use an existing file system pathway by selecting Filesystem path.

Comment:

A more detailed description of the shared directory simplifies management of shared assets.

Guest access:

Enabling this option allows a shared directory to be accessible without authentication. Any other access settings will be ignored.
_images/directory-08-shared-list.png

List of shares

Shared directories can be edited using Access control. By clicking on Add new, you can assign read, read/write or administration permissions to a user or group. If a user is a shared directory administrator, he/she can read, write and delete any user files within that directory.

_images/09-share-acl.png

Adding a new ACL (Access Control List)

If you want to store deleted files in a special directory called RecycleBin, you can check the Enable recycle bin box using File Sharing, Recycle bin tab. If you do not want to use this for all shared resources, then you can add exceptions using Resources excluded from Recycle Bin. Other default settings for this feature, such as the directory name, can be modified using the file /etc/zentyal/samba.conf.

_images/recycle-bin.png

Recycle bin

Also, it is possible to enable the audit mode to the shared resources. This mode allow us to have a record in the log file /var/lib/syslog with all the actions which are made in the shared resources.

_images/sharing_audit.png

Audit mode

If you are using a Commercial Edition of Zentyal, you could access to the Antivirus left menu, and then, you can enable virus analysis for your shared files. You can also add exceptions for the folders that do not need require virus check. You need the antivirus module installed and enabled to use this feature. The check is done in real time when trying to access a file, resulting in an access denied error if the file is infected.

_images/antivirus-general1.png

An Antivirus configuration example

As the previous picture shows, to forbid the access of infected files we will enable the “on-access” option. By default is included the whole /home path which includes the /home/samba/shares with the default shared of Zentyal. We added too an exclusion rule for /home/admin and an inclusion rule in order to check the files uploaded by FTP.

Furthermore, the File Sharing daemon is tightly integrated with the Kerberos subsytem (See Kerberos Authentication System on the previous chapter), meaning that if your client is joined to the domain or has acquired the Kerberos TGT by other means, the ACL explained above will be honored without any user intervention.

Deploying shares

As you have already seen, Zentyal gives you the option to deploy your shares in the default folder or in a folder of your choice. You must keep in mind that if you choose the first option, Zentyal will create the shared folder and configure the permissions. If you choose a custom folder, you will have to create and manually configure the folders.

Some tips to deploy shares:

  • A great way to configure your server is to mount a partition of a dedicated disk in the Zentyal default shares path. By choosing this option you achieve maximum flexibility and you can continue taking advantage of Zentyal’s ability to create the shares for you.
  • You could use another Ubuntu server and join it to the domain, to later configure Samba for file sharing.
  • You could deploy the shares on cloud, on S3 for instance.

Using either of the two options mentioned above will reduce the server load. In addition, this is especially useful in scenarios where you have multiple domain controllers.

Warning

Take into account that the Configuration Backup feature provided by Zentyal does not back up shares, mailboxes or user homes. For full back up you need to use the Zentyal Backup module.