Difference between revisions of "User homes admin access"

User Home folder access by Administrators

Problem

You need to give Administrators or Power Users read access to users home folders

The solution provided below should only be used for read access.

	Warning:
	If an Administrator or Power User writes to the files in any users home folder, then those files will be given different ownership permissions and the original user will no longer be able to read or write to, those files.

	Tip:
	Above issue could be resolved by giving admin users no write access, by not giving them the write access property. A drawback is that they can not add files or create folders either, as they only have read access.

Solution

Create a new sharename by means of a custom template with modified users access rights, which allows specified users to have read access

If it does not already exist create the following folder

mkdir -p /etc/e-smith/templates-custom/etc/smb.conf

Create a new template fragment

cd /etc/e-smith/templates-custom/etc/smb.conf
pico -w 50userhomes-admin

Paste or type the following code into the template:

[userhomes]
comment = Users home directories
path = /home/e-smith/files/users/
valid users = admin root username1 username2
admin users = admin root username1 username2
write list = admin root username1 username2
browseable = yes
guest ok = no
public = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770

	Note:
	Where username1, username2 etc, are valid sme user names of Administrators or Power Users who are being granted access to the userhomes share. You can add as many usernames as required but they must be separated by a space.

	Tip:
	Since samba also supports the groups you configured through server manager you can make your life even easier by not adding individual users but by creating a group for all those users through the server-manager and add the name of the group (prepended by a @, e. g. @group) to the respective lines of the template. This would save you later modifications.

Save & exit the file

Ctrl o
Ctrl x

then expand the template

expand-template /etc/smb.conf

then restart the samba server so your template is active. Note that this will momentarily stop samba, so ensure that all users have disconnected from & stopped using all shares first

/etc/init.d/smb reload

then restart smb

/etc/init.d/smb restart

Now you should be able to browse in Windows Explorer (or similar) file sharing to

\\serverIP\userhomes

or

\\servername\userhomes

Alternatively you can download the fragment, copy it to

/etc/e-smith/templates-custom/etc/smb.conf/

and edit it to suit your usernames, following the above instructions.

http://mirror.contribs.org/smeserver/contribs//rmitchell/smeserver/contribs/userhomes-admin/

Alternative approaches

See these threads for other methods and suggested approaches

http://forums.contribs.org/index.php?topic=39006.0

http://forums.contribs.org/index.php?topic=41108

The Moodle contrib is a better all round way of dealing with this issue particularly in school environments

http://wiki.contribs.org/Moodle