control: AddInstallable = ( samba samba_reload ) # # Variables for shares # You can change the paths here and it will be changed both in # the conf file and in the filesystem - But once it is implemented, # it is not wise to change it - the data in the shares doesn't get # moved! # You can change the rights on the shares in the "directories:" # section. # pcprvdir = ( "/home/%u" ) commonsharedir = ( /home/fsadmin ) profilshare = ( /home/fsadmin/pc_userprofiles ) xchngshare = ( /home/fsadmin/pc_xchange ) netlog = ( "netlogon" ) netlogtxt = ( "Network logon" ) netlogshare = ( /etc/samba/netlogon ) privpctxt = ( "Pers. PC Documents" ) privpcshare = ( pc ) privmac = ( "pers_mac" ) privmactxt = ( "Pers. Mac Documents" ) privmacshare = ( mac ) privwww = ( "pers_www" ) privwwwtxt = ( "Pers. Web Documents" ) privwwwshare = ( public_html ) privxchng = ( "pers_shared" ) privxchngtxt = ( "Pers. Shared Documents" ) privxchngshare = ( xchange ) data = ( "docs" ) datatxt = ( "Shared Documents" ) datashare = ( /home/fsadmin/pc_doc ) soft = ( "software" ) softtxt = ( "Shared Software" ) softshare = ( /home/fsadmin/pc_software ) admin = ( "admin" ) admintxt = ( "Documentation and Admin Tools" ) adminshare = ( /home/fsadmin/pc_admin ) # # Shared group # sharedgrp = ( users ) # # Administrative user and group # adminuser = ( fsadmin ) admingrp = ( fsadmin ) # # Misc common strings # pcvetofiles = ( "/.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/" ) editfiles: samba:: { /etc/samba/smb-shares-$(site).conf # # This file contains the shares common to a site. # We check if the proper sections are there and add them if they # isn't. We don't check the file line for line. # AutoCreate # # [$(netlog)] # BeginGroupIfNoLineMatching "^\[$(netlog)\]" Append '[$(netlog)]' Append ' comment = $(netlogtxt)' Append ' path = $(netlogshare)' Append ' browsable = no' Append ' writeable = no' Append ' share modes = no' EndGroup # # [userprofiles] # BeginGroupIfNoLineMatching "^\[userprofiles\]" Append '[userprofiles]' Append ' path = $(profilshare)' Append ' force user = %u' Append ' browsable = yes' Append ' writable = yes' Append ' root preexec = /bin/mkdir $(profilshare)/%U \' Append ' /bin/chown %U: $(profilshare)/%U \' Append ' /bin/chmod 700 $(profilshare)/%U' EndGroup # # [homes] # BeginGroupIfNoLineMatching "^\[homes\]" Append '[homes]' Append ' comment = $(privpctxt)' Append ' path = $(pcprvdir)/$(privpcshare)' Append ' browsable = no' Append ' writable = yes' Append ' root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \' Append ' /bin/chown %U: $(pcprvdir)/$(privpcshare) \' Append ' /bin/chmod 640 $(pcprvdir)/$(privpcshare)' EndGroup # # [$(privmac)] # BeginGroupIfNoLineMatching "^\[$(privmac)\]" Append '[$(privmac)]' Append ' comment = $(privmactxt)' Append ' path = $(pcprvdir)/$(privmacshare)' Append ' browsable = no' Append ' writable = no' EndGroup # # [$(privweb)] # BeginGroupIfNoLineMatching "^\[$(privwww)\]" Append '[$(privwww)]' Append ' comment = $(privwwwtxt)' Append ' path = $(pcprvdir)/$(privwwwshare)' Append ' browsable = no' Append ' writable = yes' Append ' root preexec = /bin/mkdir $(pcprvdir)/$(privwwwshare) \' Append ' /bin/chown %U: $(pcprvdir)/$(privwwwshare) \' Append ' /bin/chmod 644 $(pcprvdir)/$(privwwwshare)' EndGroup # # [$(privxchng)] # BeginGroupIfNoLineMatching "^\[$(privxchng)\]" Append '[$(privxchng)]' Append ' comment = $(privxchngtxt)' Append ' path = $(pcprvdir)/$(privxchngshare)' Append ' browsable = no' Append ' writable = yes' Append ' valid users = @$(sharedgrp)' Append ' force group = +$(sharedgrp)' Append ' root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \' Append ' /bin/chown %U:$(sharedgrp) $(pcprvdir)/$(privpcshare) \' Append ' /bin/chmod 644 $(pcprvdir)/$(privpcshare) \' Append ' /bin/rm -f $(xchngshare) \' Append ' /bin/ln -dfs $(pcprvdir)/$(privxchngshare) $(xchngshare)' EndGroup # # [$(data)] # BeginGroupIfNoLineMatching "^\[$(data)\]" Append '[$(data)]' Append ' comment = $(datatxt)' Append ' path = $(datashare)' Append ' browsable = yes' Append ' guest ok = no' Append ' writeable = yes' Append ' create mask = 0660' Append ' directory mask = 0770' Append ' valid users = @$(admingrp)' Append ' force group = +$(admingrp)' Append ' delete veto files = Yes' Append ' veto files = $(pcvetofiles)' EndGroup # # [$(soft)] # BeginGroupIfNoLineMatching "^\[$(soft)\]" Append '[$(soft)]' Append ' comment = $(softtxt)' Append ' path = $(softshare)' Append ' browsable = yes' Append ' guest ok = no' Append ' writeable = yes' Append ' create mask = 0660' Append ' directory mask = 0770' Append ' valid users = @$(admingrp)' Append ' force group = +$(admingrp)' Append ' delete veto files = Yes' Append ' veto files = $(pcvetofiles)' EndGroup # # [$(admin)] # BeginGroupIfNoLineMatching "^\[$(admin)\]" Append '[$(admin)]' Append ' comment = $(admintxt)' Append ' path = $(adminshare)' Append ' browsable = yes' Append ' guest ok = yes' Append ' writeable = no' Append ' valid users = @$(admingrp)' Append ' force group = +$(admingrp)' EndGroup DefineClasses "samba_reload" } samba_reload:: { /etc/samba/smb-shares-$(site).conf LocateLineMatching "^; EDITED BY CFENGINE .*" ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' CatchAbort BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" Append '; EDITED BY CFENGINE $(date)' EndGroup } directories: any:: $(commonsharedir) mode=755 owner=$(adminuser) group=$(admingrp) $(softshare) mode=775 owner=$(adminuser) group=$(admingrp) $(datashare) mode=775 owner=$(adminuser) group=$(admingrp) samba:: $(netlogshare) mode=755 owner=root group=root $(xchngshare) mode=755 owner=root group=root $(profilshare) mode=775 owner=$(adminuser) group=$(admingrp) $(adminshare) mode=755 owner=$(adminuser) group=$(admingrp) processes: "smbd" restart "/etc/init.d/samba restart" shellcommands: samba_reload:: "/etc/init.d/samba force-reload"