Well I glad that everything is helping you move in the right direction, file sharing always takes quite a bit of trial and error until it is perfect, especially with large networks with lots of users needing complex sharing permissions. I'm not expert at Samba yet, still quite new myself, but I have used it enough to at least confuse you more. kidding
This is partially why I recommended 0770, even possibly 0777, because this will help you figure out if any users can access it the way you have it now. It is better/easier to have it open and slowly lock it down then do the reverse. 0640 would be really great in the end, keeping "group" permissions at read/write won't hurt either, especially if you add users to multiple groups and what not. You can leave it at 0640 to play it safe while you work things out too.
I have noticed that when working some file types in a share that leaving file execution on at least for the owner is nice, executing is not just for running a program. You can leave it off until or if you notice issues.
I suggested the setting of "browseable to no" because I had noticed before that if I set it to "yes" then inside the share drive/partition that it shows the home folder as well. But since using "%S" as valid users only allows the actual user signed in to see their home folder (/home/user1 for example) it seems wasteful to have them open the home folder to see only their shared folder. Does this make sense? What it does is make the top folder "home" with the user folder inside of it. No need to show the "home" folder, just the one the user cares about. You can change it if your folder structure changes and it is worthwhile.
You are correct that adduser does create a group for the user named after the user. This helps with when you create the user "scanner" because then you don't have to manually create a "scanner group". You can always add a user to more groups if needed and even create new groups to fit your need. If you don't know how, below is an example.
sudo addgroup scanner
sudo adduser user1 scanner (sudo adduser "username" "groupname")
You can also add the name of a user in the smb.conf after the "valid users =" for specific shares too.
You may only want to have scanner only with write access, because if it may allow user1 to also read user2's files.
If you haven't checked these resources out, I recommend you do, sorry I should have linked them earlier.
Official Ubuntu Server Guide- Samba portions
HowTo: Setup Samba thread by Stormbringer
I have enjoyed working with Ubuntu Server + Samba, quite more then working 1000+ users with 1000+ groups, folders, etc on Win Server 2003, although I only use Samba at home for my 8 computer network.
Bookmarks