Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459
E: enquiries@precedence.co.uk
Shared-CIFS

Jump To: Support > KB > NetManager > Shared > CIFS

CIFS file shares

CIFS (a.k.a. SMB) is the file sharing mechanism used by Microsoft Windows. NetManager allows you to share directories to Windows machines just like a Windows Server, but with a little more flexibility:

  • Shares can be marked as hidden without having to rename them (in Windows you need to put a $ on the end which breaks any existing access)
  • Any file-type can be hidden and thus make inaccessible

By default, every users' home area is shared as their username (e.g. \\netmanager\jsmith). This allows easy access to their personal webpages. There are also two automatically created shares:

  • The main intranet webpages served by the NetManager can be accessed using a share called Webpages. Access to this share is granted only to administrators.
  • The area containing all users' home areas is shared as Pupils. This allows read/write access (by default) to administrators and members of the staff group while ensuring that permissions on any created files will be correct. Any home areas at the top level (i.e. in /usr/export/home because of being in the default users group) will be hidden from view as will users in the groups staff or governors. A side-effect of the hiding mechanism is that any sub-folders named the same as those hidden at the top level will also be hidden; specifically, this means that www folders in home areas for personal webpages will also be hidden. As such, the Pupils share is 'not designed for general administrative use, it is to grant staff access to pupils' areas. For administrative access to all home areas, we recommend creating a new share specifically for this purpose accessible only by administrators.

N.B. if you manually create shares called Webpages or Pupils, the automatic shares will be disabled.

If you use Active Directory (AD) on your network, you should join the NetManager to your domain to allow seamless access.

Certain AD users can be mapped to user root on NetManager to give full access. By default, this is just the user called administrator. You can edit this list by going to the Global Options tab on Filesystem > Sharing in webadmin.

Access permissions for the Webpages share.

The root user is the only user given access to the Webpages share by default. As described above, certain AD users can be mapped to root.

If you do not want to grant full root access to users who need to edit webpages (and we recommend that you do not!), you have a couple of options:

  • Create a new share called, for example, intranet which gives access to the same area but allows you to specify the users. In fact, you can call it Webpages if you wish - it will automatically replace the standard share if you do so.
  • Edit samba_webpages_users in the Central Configuration File to grant other users access. There is no webadmin front-end for this at the time of writing.

Configuring the Pupils share

There are a number of settings that can be changed for the Pupils share in the Central Configuration File:

  • samba_share_pupilro determine whether the pupils share is read-write (the default) or read-only. Set to y to make read-only
  • samba_share_pupilgroup contains a space-separated list of extra groups that are given access to the pupil home areas (in addition to administrator and the staff group). These groups will have their home areas hidden from view automatically.
  • samba_share_pupilhide contains a space-separated list of extra directories to hide from view in the pupils share, generally this will be a list of other groups

Create/Edit a CIFS Shared Area

To create or edit a CIFS shared area, go to Filesystem > Sharing in webadmin. The default Configure Shares tab is the one you need. To create a new share, enter a name in the box and click Add. To edit an existing one, locate the share in the list underneath and click Edit/Rename/Delete/Disable/Enable as appropriate.

There are a number of important settings to consider when setting up a share. On NetManager you will tend to not use file permissions to control access, but rather set the permissions on the share. Settings required:

  • Name of share
  • Share Description to be shown when browsing (optional)
  • Path on NetManager to share
  • Browseable? This means whether it is hidden when browsing the network. N.B. unlike Windows you can make a share hidden or unhidden without renaming it
  • Writable by: List of users or groups who can write to the share (everyone is also an option)
  • Accessible by: List of users or groups who can access (i.e. read from) the share (everyone is also an option)
  • Inherit owner - whether new files and directories have the same owner as the parent directory they are created in. In Windows, new files generally inherit permissions, but in Unix (i.e. NetManager) they do not.
  • Force access as user - on earlier versions this was known as Force ownership. Controls whether to override the user when access/creating files. If not selected, all access will be done as the user you are logged on as (i.e. the file permissions must allow you access). If selected, then the specified user will be used instead. This may allow wider access to be granted (e.g. root would give access to all files even if they were set to be readable only by the owner). If no user is specified, then the owner of the path being shared will be used instead. When new files or directories are created, then they will be created as this user (unless Inherit owner is enabled). This can cause problems on a share that is written to by multiple users (e.g. a shared resource area).

Worked examples:

Shared Resources accessible by everyone, but writable only by Staff

  1. Type Resources into the share name box and click Add
  2. The standard file location for generic shares is /usr/shares so type /usr/shares/resources into the Path: field
  3. Click Validate Path
  4. A warning The path you have entered does not exist. will be displayed. Click on Create Directory.
  5. You will be asked to specify the permissions and ownership of the new directory. Type ncadmin as the Owner and leave the permissions tickboxes as they are.
  6. Click on Create Directory'. You will be returned to the main edit page
  7. Tick the Browseable? box
  8. Select Specified Users/Groups in the Writable by: section
  9. Enter root in the Users: box (so that administrator has access)
  10. Select the groupname staff in the Groups: box below
  11. Make sure Everyone is checked alongside Accessible by:
  12. Leave the Users: and Groups: sections alone
  13. Leave the Inherit ownership box unticked
  14. Tick the Force access as user: box
  15. Don't enter a username alongside Force access as user:. The user to use will be automatically determined
  16. Click on Add Share

Main webpage area writeable and accessible only by a certain list of users

  1. Type Intranet into the share name box and click Add
  2. Type www into the Path: field. As this is not a full path, it will be taken to mean the home area of this user (the webpages are held in user www's home area)
  3. Click Validate Path and the full path (/usr/export/home/www) will be entered. A message The path is valid. will be displayed.
  4. Leave the Browseable? box unticked
  5. Select Everyone in the Writable by: section
  6. Leave the Users: and Groups: sections alone
  7. Make sure Specified Users/Groups is checked alongside Accessible by:
  8. Enter the list of users separated by spaces in the Users: section
  9. Leave all the groups unselected
  10. Leave the Inherit ownership box unticked
  11. Tick the Force access as user: box
  12. Don't enter a username alongside Force access as user:. The user to use will be automatically determined
  13. Click on Add Share
© Copyright Precedence Technologies 1999-2017
Page last modified on March 18, 2016, at 12:13 PM by sborrill