welcome: please sign in
location: FileSurfer


Moved to: https://osmium.morningside.edu/confluence/x/AoC6AQ

FileSurfer is the central file server on campus. This page are some quick instructions for administrators needing to manipulate various aspects of it.

Common Shares


A "Share" is defined as a folder directly accessible from \\fs\<sharename>.

These are defined in a samba configuration and can be auto-generated by using the program,

  # gencommon.py 

gencommon.py configuration directives in /etc/samba/conf.d/<sharename>.conf

A symbolic link can be manually created by:

  # ln -s /absolute/path/to/folder /home/(username)/_<sharename>

Symbolic links can also be automatically created with:

  # linkcommon [-d] <commonname> [groupname]

  1. mkcommon

  2. linkcommon

commonadm (in /usr/local/bin) is an all-in-one program that can

  1. Add/remove users from a group
  2. Create a group
  3. Link the common share
  4. Create the share directory

[root@filesurfervm ~]# commonadm
Expecting one and only one commonshare to be specified.
usage: commonadm [options] <commonshare>

  -h, --help            show this help message and exit
  -y, --yes             Actually make changes.
  -g GROUP, --group=GROUP
                        Group (if different from directory name.)
  -p PATH, --path=PATH  Path (if different from /common/<group>.)
  -a USERS_TO_ADD, --add-user=USERS_TO_ADD
                        Add a given user to the group. (May be specified
                        multiple times.)
                        Remove a given user from the group. (May be specified
                        mulitple times.)

Creating a Common Share

Shaun Meyer - Feb, 2009

This is distinguished from Common Directory because it creates an actual "share", that is, \\fs\<share-name>. A Common Directory is only accessible from a home-drive (or other network-accessible share) via soft-link.

  1. Create and populate an AD group in the Filesurfer-Groups OU to control share access. Make sure and document the samba path in the group description (eg, "\\fs\(common folder")


Changed users must logout/login before Active Directory group changes will take effect.

  1. SSH into Filesurfer...
  2. Create the common directory:
    • mkdir /common/name-of-directory

  3. Set folder permissions and the sticky bit 1:

    • chmod g+rwxs /common/name-of-directory

  4. Set folder group:
    • chgrp "name-of-ad-group" /common/name-of-directory

  5. Determine if this will be a "Share" or a "Symlink"
  6. Enjoy

Filesurfer Permissions

Quick Reference

External Howto

Common Shares

The preferred method for any share which must be accessed by more than one person is to create a folder in /common/ representing the name of a specifically-created group all members share. The group is allowed write permission and the folder is set to inherit these qualities.

Guest Access to Shares

Samba has been configured to allow guest access on shares which have the "public = yes" directive defined in the share's .conf file.

# 2009-08-18
path = /common/avg
comment = Automagically generated share
writeable = yes
browseable = yes
public = yes

To enable guest access in the samba global config, these two lines were necessary:

# Used for guest access
map to guest = Bad User
guest account = nobody

Where the guest account is a valid unix account (in our case, a winbind account would have work also).

Manual Procedures (Don't really need these with the helper programs above.)

Creating the directory...

#mkdir /common/(directory name)

Setting the group...(assuming you've created the appropriate group in AD!)

#chgrp (groupname) (directory)

"ChangePermissions" to Group +Sticky [inheritance], Read, Write, Execute

#chmod g+srwx (directory)

Make the user the owner

In special instances where one person needs write abilities while everyone else is read-only something like the following would work:

#chown (user) (file)

Give the user Read, Write, and Execute permissions (if he doesn't already have them)

#chmod u+rwx (file)

Remove write permissions for the group

#chmod g-w (file)

Verify your changes...

#ls -l /path/to/file

Output, beginning D is a Directory and each set of rwx represents the presence of Read, Write, and Execute permissions In order: Owner, Group, Others. The presence of a + represents extended attributes (getfacl <file>) to view.

Next is the size, owners name, group name, size on disc, modification date, and filename.

drwxrwx--x+ 2 scratch domain users 4096 Jan  3 13:22 www


Display a given users quota

[root@filesurfervm ~]# shquota meyersh
                       Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
meyersh   --  544180 3246060 3246060            836     0     0    

Adjust a users home quota

[root@filesurfervm bin]# homequota
Usage: /usr/local/bin/homequota <username> [newquota in GB]

Clear a file lock

If a file is locked through samba (that is, there is no lock-file around to delete), you must clear the samba file lock.


Killing the wrong process ID here can interrupt other service, or worse, kill the entire Samba server until it is restarted.

First: Find the ID of the process that is locked

You will need the ID of the locked process, this is available through the command smbstatus. To see all locked files, run smbstatus -L.

The first column lists the Pid (or Process Id), which is the number you need.

Second: Verify this process.

Before killing the process, it is good to see everything that will be effected. Check for other locks on the same process with the following command:

smbstatus -L | grep -I "^<Pid>"

Third: Kill the offending process.

To kill the process, we use the kill command:

kill <Pid>

CategoryServers CategoryServices

  1. Sticky bit causes all subdirectories to be owned by the parent folders' group (1)

FileSurfer (last edited 2018-01-10 14:28:11 by colej)