Top > FreeBSD > samba 3.6 chroot minitree 9.0-Release
samba 3.6 を jail minitree で動作する環境を構築できなかったので、chroot minitree として導入した備忘的まとめです
samba jail minitree 7.2
maintenance ShellScript
[FreeBSD] libiconv 1.14のEXTRA_PATCHESパッチ
libiconv-1.14 日本語パッチ
Samba-JP > マニュアル > smb.conf
以上のサイトを参考にさせていただいております
基本的にjail fulltree環境での作業になります
事前に /root/maintenance に maintenace ShellScript環境を用意しておきます
# vi /usr/ports/converters/libiconv/Makefile.local PATCH_SITES+= http://apolloron.org/software/libiconv-1.14-ja/ PATCHFILES+= libiconv-1.14-ja-1.patch PATCH_DIST_STRIP+= -p1 NO_CHECKSUM= yes
# cd /usr/ports/net/samba36 # make config オプションメニュー LDAP With LDAP support ADS With Active Directory support CUPS With CUPS printing support WINBIND With WinBIND support SWAT With SWAT WebGUI ACL_SUPPORT With ACL support AIO_SUPPORT With Asyncronous IO support FAM_SUPOORT With File Alteration Monitor SYSLOG With Syslog support QUOTAS With Disk quota support UTMP With UTMP accounting support PAM_SMBPASS With PAM authentication vs passdb backends DNSUPDATE With dynamic DNS update(require ADS) AVAHI With Bonjour service discovery support EXP_MODULES With experimental modules PORT With system-wide PORT library IPV6 With IPv6 support MAX_DEBUG With maximum debugging SMBTORTURE With smbtorture
# pkg_replace -vcCN net/samba36
# cd /root/maintenance/Config_file # vi samba36.txt # samba /usr/local/sbin/nmbd /usr/local/sbin/smbd /usr/local/bin/pdbedit /usr/local/etc/smb.conf /usr/local/etc/smb.conf.sample # miniroot /etc/group /etc/host.conf /etc/hosts /etc/localtime /etc/master.passwd /etc/passwd /etc/printcap /etc/pwd.db /etc/resolv.conf /etc/spwd.db /usr/sbin/nologin # library /libexec/ld-elf.so.1 # directory #mkdir /dev #mkdir /tmp #mkdir /usr/local/etc/samba #mkdir /usr/local/private #mkdir /var/db/samba #mkdir /var/log/samba #mkdir /var/run/samba # share directory #mkdir /var/samba
# ../makembeddedtree.sh samba36.txt /tmp/samba36
# vipw -d /tmp/samba36/etc root:*:0:0::0:0:Charlie &:/root:/usr/sbin/nologin toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
# vi /tmp/samba36/etc/group wheel:*:0:root daemon:*:1: nobody:*:65534:
echo 'ALL : ALL : deny' > /tmp/samba36/etc/hosts.allow
# vi /tmp/samba36/usr/local/etc/smb.conf [global] workgroup = WORKGROUP netbios name = SAMBA server string = Samba %v hosts allow = 192.168.1. interfaces = lo0 192.168.1.255/24 socket address = 192.168.1.251 # bind interfaces only = Yes security = user encrypt passwords = Yes domain logons = yes domain master = yes local master = yes wins support = yes preferred master = yes os level = 65 dos charset = eucjp-ms unix charset = UTF-8 display charset = UTF-8 create mask = 0770 directory mask = 0770 passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 100 [samba] path=/var/samba writeable = Yes
/usr/sbin/pw -V /tmp/samba36/etc groupadd samba -g 20000 /usr/sbin/pw -V /tmp/samba36/etc useradd tail -u 29999 -g 20000 -s /usr/sbin/nologin -d /nonexistent
# exit # zfs create -o mountpoint=/home/samba36 tank0/jail/samba36 # mv /home/mainte90/tmp/samba36/* /home/samba36
# mount -t devfs devfs /home/samba36/dev # jail /home/samba36 test.localdomain 192.168.1.200 /usr/local/sbin/nmbd # ls -la /home/samba36/var/log/samba
# cd /home/samba36/var # chmod 770 samba # chown root:20000 samba
nmbd smbd の順番で起動するように設定します
# vi /usr/local/etc/rc.d/020.jail_samba36.sh #!/bin/sh Type="chroot" #--------------------------------------- PsName="samba36" ChRoot="/home/samba36" MTdpnf="$ChRoot/dev" NtwkIF="" IPAdrs="" BDcast="" NTmask="" #jail----------------------------------- Jid="" Secu="" BrdgIF="" EprIF="" HsFQDN="" # ------------------------------------- BFsrtJ="" AFsrtJ="" BFstpJ="" AFstpJ="" Jstcom="" #chroot--------------------------------- GrpID="" UsrID="" # ------------------------------------- BFsrtC="" AFsrtC="/sbin/devfs rule -s 40 delset /sbin/devfs rule -s 40 add hide /sbin/devfs rule -s 40 add path null unhide /sbin/devfs -m $ChRoot/dev rule -s 40 applyset" BFstpC="pkill -F $ChRoot/var/run/samba/smbd.pid pkill -F $ChRoot/var/run/samba/nmbd.pid /sbin/devfs rule -s 40 delset /sbin/devfs rule -s 40 add unhide /sbin/devfs -m $ChRoot/dev rule -s 40 applyset" AFstpC="" Cstcom="/usr/local/sbin/nmbd -D -s /usr/local/etc/smb.conf /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf" #--------------------------------------- . /usr/local/etc/rc.d/common_Vjailstp.file jailstartop $1
# vi smbuser.sh #!/bin/sh smbDir=/home/samba36 smbGroup=20000 case "$1" in add) /usr/sbin/pw -V /home/samba36/etc useradd -n $2 -u $3 -g $smbGroup -s /usr/sbin/nologin -d /nonexistent chroot $smbDir /usr/local/bin/pdbedit -a -u $2 ;; del) chroot $smbDir /usr/local/bin/pdbedit -x -u $2 /usr/sbin/pw -V /home/samba36/etc userdel -n $2 ;; chpw) chroot $smbDir /usr/local/bin/pdbedit -x -u $2 chroot $smbDir /usr/local/bin/pdbedit -a -u $2 *) echo " usage: $0 add username uid" echo " $0 del username" echo " $0 chpw username" esac
アップグレードはこちらを参照してください