Linux As File Server- Break Out From Other Thread
-
In the smb.conf file, you can disable SMB1 in the [global] section by setting
min protocol = SMB2 -
@black3dynamite said in Linux As File Server- Break Out From Other Thread:
In the smb.conf file, you can disable SMB1 in the [global] section by setting
min protocol = SMB2Thanks, yeah I knew how to do that, but the question is...SHOULD I be doing that? Is that now considered best practice?
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
I've been running a Linux file server in my own lab for a while now and permissions are pretty simple to manage for just a few users but when we get to the range of 10-20 employees, any hints on how to more effectively manage these file servers?
You can still use groups to assign permissions.
Let's say you created groups called marketing and sales. In your smb.conf file, you would do something like this.
[Marketing] path = /data/marketing guest ok = no guest only = no write list = @marketing read list = @sales valid users = @markeiting, @sales -
@black3dynamite said in Linux As File Server- Break Out From Other Thread:
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
I've been running a Linux file server in my own lab for a while now and permissions are pretty simple to manage for just a few users but when we get to the range of 10-20 employees, any hints on how to more effectively manage these file servers?
You can still use groups to assign permissions.
Let's say you created groups called marketing and sales. In your smb.conf file, you would do something like this.
[Marketing] path = /data/marketing guest ok = no guest only = no write list = @marketing read list = @sales valid users = @markeiting, @salesThat's very useful, thanks.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
@black3dynamite said in Linux As File Server- Break Out From Other Thread:
In the smb.conf file, you can disable SMB1 in the [global] section by setting
min protocol = SMB2Thanks, yeah I knew how to do that, but the question is...SHOULD I be doing that? Is that now considered best practice?
Yes, I would consider it best practice for any file servers.
-
There are some Gotchas with using SAMBA and Macs.
We have the issue here from our Macs where if users A and B are in the Marketing group... The Macs somehow mess up the File and Folder permissions when they edit files.
-
@dafyre said in Linux As File Server- Break Out From Other Thread:
There are some Gotchas with using SAMBA and Macs.
We have the issue here from our Macs where if users A and B are in the Marketing group... The Macs somehow mess up the File and Folder permissions when they edit files.
And it doesn't help even after using these settings?
create mask directory mask force directory mode inherit permissions -
I'd like to make a mention that if they are that small, do they really even need a local file server? I see more and more compelling reasons for SOHO's and SMB's to just "stick with" Google Suite or Zoho. They get easier IT management and Google ties into almost any service. Most LAN based services should depending on the sensitivity of it, consider being moved to the cloud and let go of the LAN methodology. I do appreciate how @scottalanmiller have encouraged us to take a look at what we are doing and considering moving to a LANLess design.
One thing I'm interested in is trying to show and prove that most small businesses are buying into certain services on name or reputation alone (I'm looking at you Intuit) and often while those services work, they aren't ideal anymore. I am very into decoupling services that traditionally sat in a LAN.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
@black3dynamite said in Linux As File Server- Break Out From Other Thread:
In the smb.conf file, you can disable SMB1 in the [global] section by setting
min protocol = SMB2Thanks, yeah I knew how to do that, but the question is...SHOULD I be doing that? Is that now considered best practice?
Do not use SMB1 anymore, ever. No matter what.
-
@krisleslie said in Linux As File Server- Break Out From Other Thread:
I'd like to make a mention that if they are that small, do they really even need a local file server? I see more and more compelling reasons for SOHO's and SMB's to just "stick with" Google Suite or Zoho. They get easier IT management and Google ties into almost any service. Most LAN based services should depending on the sensitivity of it, consider being moved to the cloud and let go of the LAN methodology. I do appreciate how @scottalanmiller have encouraged us to take a look at what we are doing and considering moving to a LANLess design.
One thing I'm interested in is trying to show and prove that most small businesses are buying into certain services on name or reputation alone (I'm looking at you Intuit) and often while those services work, they aren't ideal anymore. I am very into decoupling services that traditionally sat in a LAN.
While I appreciate that many on this forum like the idea of lanless design, it isn't a viable option for some and part of good design is understanding when a local file server is necessary. That was why I mentioned that this is really for those clients only, for whom a local file server is the only practical solution. I do have clients who have no need for a local server and those easily served with ODfB or Google or Nextcloud.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
What's the best approach for setting up access rules for Linux if in a workgroup?
I'd start here:
https://timothygruber.com/linux/samba-file-server-with-microsoft-ad/Minus the Active Directory stuff of course. (realmd, domian related settings in smb.conf, etc...)
It's way simpler in a non-AD environment.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
any hints on how to more effectively manage these file servers?
SaltStack.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
Most of my clients are small business owners, running in workgroup environments, and as licensing renewals/upgrades come up in discussion, most are also interested in reducing the licensing costs associated with Windows. As I slowly convert them to Hyper-V servers rather than Windows Servers running Hyper-V role, for clients for whom it makes sense to have on-premises file servers, it often might make sense to make the suggestion they move to Linux file servers (unless there are other reason why they must be running Windows).
Generally worth moving to KVM instead of Hyper-V, too. No need for the complexity and overhead of Hyper-V, especially if you don't have AD. KVM is just easier to manage in the SMB world.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
My question is, what are the recommendations/best practices when setting up Linux file servers. I guess I'm less concerned about which distro to use (I've been using Fedora more and more so that's likely my first choice) and more concerned with how you would set things up. For example, do you disable SMBv1 and only allow SMBv2 as the minimum standard? What's the best approach for setting up access rules for Linux if in a workgroup? Any gotchas or ah ha's I should know about?
Basically treat it all the same as you would with Windows. If you'd do those things with a Windows file server, do them with a Samba one, too.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
These clients mostly run Windows PCs although some have agreed to test out using Linux desktops to see if that could be a fit. The oldest version of Windows for any client is Windows 7 (but they will be upgrading to Windows 10 shortly). Some have Macs but very few.
Windows and Mac are SMB native. Linux desktops will use SMB, but it's not as elegant as moving to NFS. Anytime you can use NFS, go for it. Works so well on Linux.
-
@dafyre said in Linux As File Server- Break Out From Other Thread:
There are some Gotchas with using SAMBA and Macs.
Be sure to install vfs_fruit
-
@scottalanmiller said in Linux As File Server- Break Out From Other Thread:
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
Most of my clients are small business owners, running in workgroup environments, and as licensing renewals/upgrades come up in discussion, most are also interested in reducing the licensing costs associated with Windows. As I slowly convert them to Hyper-V servers rather than Windows Servers running Hyper-V role, for clients for whom it makes sense to have on-premises file servers, it often might make sense to make the suggestion they move to Linux file servers (unless there are other reason why they must be running Windows).
Generally worth moving to KVM instead of Hyper-V, too. No need for the complexity and overhead of Hyper-V, especially if you don't have AD. KVM is just easier to manage in the SMB world.
The only problem with this is, although I'm getting better with Linux and can manage most scenarios now, Hyper-V is the hypervisor I'm most comfortable with. KVM may be a much bigger learning curve. That's likely a topic for a different thread but things like how do I run backups/recovery from KVM for VMs, management methods/tools for KVM, etc?
-
@nashbrydges scott's reply will be "the same way you run backups on any other hypervisor".
Agent based or by simply exporting the VM on a schedule to a remote storage medium.
-
@dustinb3403 said in Linux As File Server- Break Out From Other Thread:
@nashbrydges scott's reply will be "the same way you run backups on any other hypervisor".
Agent based or by simply exporting the VM on a schedule to a remote storage medium.
"Same way" of course but tools are going to be different. I'll take this away and do some research before asking more question about using KVM.
-
@nashbrydges said in Linux As File Server- Break Out From Other Thread:
@dustinb3403 said in Linux As File Server- Break Out From Other Thread:
@nashbrydges scott's reply will be "the same way you run backups on any other hypervisor".
Agent based or by simply exporting the VM on a schedule to a remote storage medium.
"Same way" of course but tools are going to be different. I'll take this away and do some research before asking more question about using KVM.
Any agent based solution like Veeam or UrBackup etc would work here. If you needed something that was operated at the hypervisor level you'd simply export the VM.
There are also likely some scripts to do this that exist, but I don't know where they might be or how they work.
