path: root/samba/smb-shares-cafe3.conf

control:
    AddInstallable = ( samba samba_reload )
    
    #
    # Variables for shares
    # You can change the paths here and it will be changed both in
    # the conf file and in the filesystem - But once it is implemented,
    # it is not wise to change it - the data in the shares doesn't get
    # moved!
    # You can change the rights on the shares in the "directories:"
    # section.
    #
    pcprvdir    = ( "/home/%u" )
    commonsharedir  = ( /home/fsadmin )
    profilshare = ( /home/fsadmin/pc_userprofiles )
    xchngshare  = ( /home/fsadmin/pc_xchange )
    netlog      = ( "netlogon" )
    netlogtxt   = ( "Network logon" )
    netlogshare = ( /etc/samba/netlogon )
    privpctxt   = ( "Pers. PC Documents" )
    privpcshare = ( pc )
    privmac     = ( "pers_mac" )
    privmactxt  = ( "Pers. Mac Documents" )
    privmacshare    = ( mac )
    privwww     = ( "pers_www" )
    privwwwtxt  = ( "Pers. Web Documents" )
    privwwwshare    = ( public_html )
    privxchng   = ( "pers_shared" )
    privxchngtxt    = ( "Pers. Shared Documents" )
    privxchngshare  = ( xchange )
    data        = ( "docs" )
    datatxt     = ( "Shared Documents" )
    datashare   = ( /home/fsadmin/pc_doc )
    soft        = ( "software" )
    softtxt     = ( "Shared Software" )
    softshare   = ( /home/fsadmin/pc_software )
    admin       = ( "admin" )
    admintxt    = ( "Documentation and Admin Tools" )
    adminshare  = ( /home/fsadmin/pc_admin )

    #
    # Shared group
    #
    sharedgrp   = ( users )

    #
    # Administrative user and group
    #
    adminuser   = ( fsadmin )
    admingrp    = ( fsadmin )

    #
    # Misc common strings
    #
    pcvetofiles = ( "/.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/" )   
    
editfiles:
    samba::
        { /etc/samba/smb-shares-$(site).conf
        #
        # This file contains the shares common to a site.
        # We check if the proper sections are there and add them if they
        # isn't. We don't check the file line for line.
        #
        AutoCreate
        #
        # [$(netlog)]
        #
        BeginGroupIfNoLineMatching "^\[$(netlog)\]"
            Append '[$(netlog)]'
            Append '    comment = $(netlogtxt)'
            Append '    path = $(netlogshare)'
            Append '    browsable = no'
            Append '    writeable = no'
            Append '    share modes = no'
        EndGroup
        #
        # [userprofiles]
        #
        BeginGroupIfNoLineMatching "^\[userprofiles\]"
            Append '[userprofiles]'
            Append '    path = $(profilshare)'
            Append '    force user = %u'
            Append '    browsable = yes'
            Append '    writable = yes'
            Append '    root preexec = /bin/mkdir $(profilshare)/%U \'
            Append '            /bin/chown %U: $(profilshare)/%U \'
            Append '            /bin/chmod 700 $(profilshare)/%U'
        EndGroup
        #
        # [homes]
        #
        BeginGroupIfNoLineMatching "^\[homes\]"
            Append '[homes]'
            Append '    comment = $(privpctxt)'
            Append '    path = $(pcprvdir)/$(privpcshare)'
            Append '    browsable = no'
            Append '    writable = yes'
            Append '    root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \'
            Append '            /bin/chown %U: $(pcprvdir)/$(privpcshare) \'
            Append '            /bin/chmod 640 $(pcprvdir)/$(privpcshare)'
        EndGroup
        #
        # [$(privmac)]
        #
        BeginGroupIfNoLineMatching "^\[$(privmac)\]"
            Append '[$(privmac)]'
            Append '    comment = $(privmactxt)'
            Append '    path = $(pcprvdir)/$(privmacshare)'
            Append '    browsable = no'
            Append '    writable = no'
        EndGroup
        #
        # [$(privweb)]
        #
        BeginGroupIfNoLineMatching "^\[$(privwww)\]"
            Append '[$(privwww)]'
            Append '    comment = $(privwwwtxt)'
            Append '    path = $(pcprvdir)/$(privwwwshare)'
            Append '    browsable = no'
            Append '    writable = yes'
            Append '    root preexec = /bin/mkdir $(pcprvdir)/$(privwwwshare) \'
            Append '            /bin/chown %U: $(pcprvdir)/$(privwwwshare) \'
            Append '            /bin/chmod 644 $(pcprvdir)/$(privwwwshare)'
        EndGroup
        #
        # [$(privxchng)]
        #
        BeginGroupIfNoLineMatching "^\[$(privxchng)\]"
            Append '[$(privxchng)]'
            Append '    comment = $(privxchngtxt)'
            Append '    path = $(pcprvdir)/$(privxchngshare)'
            Append '    browsable = no'
            Append '    writable = yes'
            Append '    valid users = @$(sharedgrp)'
            Append '    force group = +$(sharedgrp)'
            Append '    root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \'
            Append '            /bin/chown %U:$(sharedgrp) $(pcprvdir)/$(privpcshare) \'
            Append '            /bin/chmod 644 $(pcprvdir)/$(privpcshare) \'
            Append '            /bin/rm -f $(xchngshare) \'
            Append '            /bin/ln -dfs $(pcprvdir)/$(privxchngshare) $(xchngshare)'
        EndGroup
        #
        # [$(data)]
        #
        BeginGroupIfNoLineMatching "^\[$(data)\]"
            Append '[$(data)]'
            Append '    comment = $(datatxt)'
            Append '    path = $(datashare)'
            Append '    browsable = yes'
            Append '    guest ok = no'
            Append '    writeable = yes'
            Append '    create mask = 0660'
            Append '    directory mask = 0770'
            Append '    valid users = @$(admingrp)'
            Append '    force group = +$(admingrp)'
            Append '    delete veto files = Yes'
            Append '    veto files = $(pcvetofiles)'
        EndGroup
        #
        # [$(soft)]
        #
        BeginGroupIfNoLineMatching "^\[$(soft)\]"
            Append '[$(soft)]'
            Append '    comment = $(softtxt)'
            Append '    path = $(softshare)'
            Append '    browsable = yes'
            Append '    guest ok = no'
            Append '    writeable = yes'
            Append '    create mask = 0660'
            Append '    directory mask = 0770'
            Append '    valid users = @$(admingrp)'
            Append '    force group = +$(admingrp)'
            Append '    delete veto files = Yes'
            Append '    veto files = $(pcvetofiles)'
        EndGroup
        #
        # [$(admin)]
        #
        BeginGroupIfNoLineMatching "^\[$(admin)\]"
            Append '[$(admin)]'
            Append '    comment = $(admintxt)'
            Append '    path = $(adminshare)'
            Append '    browsable = yes'
            Append '    guest ok = yes'
            Append '    writeable = no'
            Append '    valid users = @$(admingrp)'
            Append '    force group = +$(admingrp)'
        EndGroup
        DefineClasses "samba_reload"
        }

    samba_reload::
        { /etc/samba/smb-shares-$(site).conf
            LocateLineMatching "^; EDITED BY CFENGINE .*"
            ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)'
            CatchAbort
            BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*"
                Append '; EDITED BY CFENGINE $(date)'
            EndGroup
        }

directories:
    any::
    $(commonsharedir)
        mode=755
        owner=$(adminuser)
        group=$(admingrp)
    $(softshare)
        mode=775
        owner=$(adminuser)
        group=$(admingrp)
    $(datashare)
        mode=775
        owner=$(adminuser)
        group=$(admingrp)
    samba::
    $(netlogshare)
        mode=755
        owner=root
        group=root
    $(xchngshare)
        mode=755
        owner=root
        group=root
    $(profilshare)
        mode=775
        owner=$(adminuser)
        group=$(admingrp)
    $(adminshare)
        mode=755
        owner=$(adminuser)
        group=$(admingrp)

processes:
    "smbd"  restart "/etc/init.d/samba restart"

shellcommands:
    samba_reload::
    "/etc/init.d/samba force-reload"