Never forget that your system running Samba is a file server, likely containing confidential information. As such, it is imperative that you put in appropriate controls to limit access to files and directives. If your server is only a fle server and does not grant any shell access, then your job is relatively easy: Almost all of the work can be done using Samba security controls. If the server also grants shell access (via Telnet, SSH, etc.) then your job becomes much more difficult.
The process recommended by both the book and myself. It begins with the Rings of Security model at the file system level, and will work with any POSIX compliant file system (ext2, ext3, XFS, reiserfs, JFS, etc.).
The default behavior for most UNIX systems is to place users in User Private Groups (see UNIX02/User Accounts And Groups) from UNIX02). This can be fine for systems which have a small number of users, however may not be such a good idea for larger systems. Sometimes it is more desirable to assign every user on the system some common group (such as 'user') or to perform some subdivision amongst the users (such as groups for 'pr', 'sales', 'lab', etc).
File and Directory Masks for Shares
When setting up paths for the shares via Samba, remember to never share the root directory. If you do, you are just asking for trouble. Additionally, you may wish to have whatever sub-directory houses your Samba shares to be on a seperate partition such that, if it fills up, the system will still function.
There are two general types of Samba shares. In one type, you want to allow
