it@Plan-FileSrv:~$ tail /etc/passwd nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin libuuid:x:100:101::/var/lib/libuuid: syslog:x:101:104::/home/syslog:/bin/false messagebus:x:102:106::/var/run/dbus:/bin/false bind:x:103:113::/var/cache/bind:/bin/false landscape:x:104:114::/var/lib/landscape:/bin/false sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin avahi:x:106:115:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false colord:x:107:117:colord colour management daemon,,,:/var/lib/colord:/bin/false it:x:1000:1000:IT,,,:/home/it:/bin/bash it@Plan-FileSrv:~$ sudo su [sudo] password for it: root@Plan-FileSrv:/home/it# groupadd accounting -g 10000 root@Plan-FileSrv:/home/it# groupadd hrd -g 20000 root@Plan-FileSrv:/home/it# groupadd l2e -g 30000 root@Plan-FileSrv:/home/it# tail /etc/group ssh:x:112: bind:x:113: landscape:x:114: avahi:x:115: winbindd_priv:x:116: colord:x:117: it:x:1000: accounting:x:10000: hrd:x:20000: l2e:x:30000:
Kemudian buatkan Home Directory bagi group-group tersebut dan atur kepemilikan / owner folder-folder tersebut sesuai dengan groupnya.
root@Plan-FileSrv:/home/it# mkdir /home/accounting root@Plan-FileSrv:/home/it# mkdir /home/hrd root@Plan-FileSrv:/home/it# mkdir /home/l2e root@Plan-FileSrv:/home/it# ls -lF /home/ total 16 drwxr-xr-x 2 root root 4096 Mar 25 15:58 accounting/ drwxr-xr-x 2 root root 4096 Mar 25 15:58 hrd/ drwxr-xr-x 3 it it 4096 Mar 24 15:54 it/ drwxr-xr-x 2 root root 4096 Mar 25 15:58 l2e/ root@Plan-FileSrv:/home/it# chown -R root.accounting /home/accounting root@Plan-FileSrv:/home/it# chown -R root.hrd /home/hrd root@Plan-FileSrv:/home/it# chown -R root.l2e /home/l2e root@Plan-FileSrv:/home/it# ls -lF /home/ total 16 drwxr-xr-x 2 root accounting 4096 Mar 25 15:58 accounting/ drwxr-xr-x 2 root hrd 4096 Mar 25 15:58 hrd/ drwxr-xr-x 3 it it 4096 Mar 24 15:54 it/ drwxr-xr-x 2 root l2e 4096 Mar 25 15:58 l2e/
Kemudian selanjutnya mari kita menambahkan user-user berdasarkan group-group yang telah dibuat sebelumnya.
root@Plan-FileSrv:/home/it# useradd kanazawa -m -d /home/accounting/kanazawa -u 10001 -g 10000 root@Plan-FileSrv:/home/it# useradd ferry -m -d /home/accounting/ferry -u 10002 -g 10000 root@Plan-FileSrv:/home/it# useradd aan -m -d /home/accounting/aan -u 10003 -g 10000 root@Plan-FileSrv:/home/it# useradd nurhapsah -m -d /home/accounting/nurhapsah -u 10004 -g 10000 root@Plan-FileSrv:/home/it# useradd susi -m -d /home/accounting/susi -u 10005 -g 10000 root@Plan-FileSrv:/home/it# useradd shelly -m -d /home/accounting/shelly -u 10006 -g 10000 root@Plan-FileSrv:/home/it# useradd yuliana -m -d /home/accounting/yuliana -u 10007 -g 10000 root@Plan-FileSrv:/home/it# useradd iin -m -d /home/accounting/iin -u 10008 -g 10000 root@Plan-FileSrv:/home/it# useradd zefnemi -m -d /home/accounting/zefnemy -u 10009 -g 10000
root@Plan-FileSrv:/home/it# useradd akiu -m -d /home/hrd/akiu -u 20001 -g 20000 root@Plan-FileSrv:/home/it# useradd nunus -m -d /home/hrd/nunus -u 20002 -g 20000 root@Plan-FileSrv:/home/it# useradd ika -m -d /home/hrd/ika -u 20003 -g 20000 root@Plan-FileSrv:/home/it# useradd ozy -m -d /home/hrd/ozy -u 20004 -g 20000 root@Plan-FileSrv:/home/it# useradd ana -m -d /home/hrd/ana -u 20005 -g 20000 root@Plan-FileSrv:/home/it# useradd emy -m -d /home/hrd/emy -u 20006 -g 20000 root@Plan-FileSrv:/home/it# useradd wawan -m -d /home/hrd/wawan -u 20007 -g 20000 root@Plan-FileSrv:/home/it# useradd nurmala -m -d /home/hrd/nurmala -u 20008 -g 20000
root@Plan-FileSrv:/home/it# useradd indra -m -d /home/l2e/indra -u 30001 -g 30000 root@Plan-FileSrv:/home/it# useradd anca -m -d /home/l2e/anca -u 30002 -g 30000 root@Plan-FileSrv:/home/it# useradd lia -m -d /home/l2e/lia -u 30003 -g 30000 root@Plan-FileSrv:/home/it# useradd rifqy -m -d /home/l2e/rifqy -u 30004 -g 30000
Perintah diatas akan membuat user sekaligus akan meng-create Home Directory User tersebut jika belum exist, serta sekaligus menentukan uid-nya dan menggabungkan user tersebut kedalam group yang telah disebutkan gid-nya (parameter "-g groupid"). Setelah proses ini, mari kita me-review hak akses Home Directory user-user tersebut.
root@Plan-FileSrv:/home/it# ls -l /home/accounting/ total 36 drwxr-xr-x 2 aan accounting 4096 Mar 25 16:05 aan drwxr-xr-x 2 ferry accounting 4096 Mar 25 16:05 ferry drwxr-xr-x 2 iin accounting 4096 Mar 25 16:09 iin drwxr-xr-x 2 kanazawa accounting 4096 Mar 25 16:04 kanazawa drwxr-xr-x 2 nurhapsah accounting 4096 Mar 25 16:06 nurhapsah drwxr-xr-x 2 shelly accounting 4096 Mar 25 16:09 shelly drwxr-xr-x 2 susi accounting 4096 Mar 25 16:07 susi drwxr-xr-x 2 yuliana accounting 4096 Mar 25 16:09 yuliana drwxr-xr-x 2 zefnemi accounting 4096 Mar 25 16:10 zefnemy root@Plan-FileSrv:/home/it# ls -l /home/hrd/ total 32 drwxr-xr-x 2 akiu hrd 4096 Mar 25 16:28 akiu drwxr-xr-x 2 ana hrd 4096 Mar 25 16:30 ana drwxr-xr-x 2 emy hrd 4096 Mar 25 16:30 emy drwxr-xr-x 2 ika hrd 4096 Mar 25 16:29 ika drwxr-xr-x 2 nunus hrd 4096 Mar 25 16:28 nunus drwxr-xr-x 2 nurmala hrd 4096 Mar 25 16:32 nurmala drwxr-xr-x 2 ozy hrd 4096 Mar 25 16:29 ozy drwxr-xr-x 2 wawan hrd 4096 Mar 25 16:30 wawan root@Plan-FileSrv:/home/it# ls -l /home/l2e/ total 16 drwxr-xr-x 2 anca l2e 4096 Mar 25 16:39 anca drwxr-xr-x 2 indra l2e 4096 Mar 25 16:39 indra drwxr-xr-x 2 lia l2e 4096 Mar 25 16:39 lia drwxr-xr-x 2 rifqy l2e 4096 Mar 25 16:40 rifqy
Ternyata user other dan group memiliki hak akses r-x (read & execute). Ini artinya user-user lain selain pemilik folder dapat membuka file-file dan folder orang lain, dapat membaca dan meng-copy data-data didalamnya. Tentunya ini tidak dikehendaki. Kita menginginkan masing-masing user hanya bisa mengakses foldernya (Home Directory) sendiri dan tidak bisa mengakses Home Directory orang lain walaupun mereka berada dalam group yang sama.
root@Plan-FileSrv:/home/it# chmod -R 0740 /home/accounting/* root@Plan-FileSrv:/home/it# ls -l /home/accounting/ total 36 drwxr----- 2 aan accounting 4096 Mar 25 16:05 aan drwxr----- 2 ferry accounting 4096 Mar 25 16:05 ferry drwxr----- 2 iin accounting 4096 Mar 25 16:09 iin drwxr----- 2 kanazawa accounting 4096 Mar 25 16:04 kanazawa drwxr----- 2 nurhapsah accounting 4096 Mar 25 16:06 nurhapsah drwxr----- 2 shelly accounting 4096 Mar 25 16:09 shelly drwxr----- 2 susi accounting 4096 Mar 25 16:07 susi drwxr----- 2 yuliana accounting 4096 Mar 25 16:09 yuliana drwxr----- 2 zefnemi accounting 4096 Mar 25 16:10 zefnemy root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/akiu/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/ana/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/emy/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/ika/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/nunus/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/nurmala/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/ozy/ root@Plan-FileSrv:/home/it# chmod -R 0740 /home/hrd/wawan/ root@Plan-FileSrv:/home/it# ls -l /home/hrd/ total 32 drwxr----- 2 akiu hrd 4096 Mar 25 16:28 akiu drwxr----- 2 ana hrd 4096 Mar 25 16:30 ana drwxr----- 2 emy hrd 4096 Mar 25 16:30 emy drwxr----- 2 ika hrd 4096 Mar 25 16:29 ika drwxr----- 2 nunus hrd 4096 Mar 25 16:28 nunus drwxr----- 2 nurmala hrd 4096 Mar 25 16:32 nurmala drwxr----- 2 ozy hrd 4096 Mar 25 16:29 ozy drwxr----- 2 wawan hrd 4096 Mar 25 16:30 wawan root@Plan-FileSrv:/home/it# chmod -R 0740 /home/l2e/* root@Plan-FileSrv:/home/it# ls -l /home/l2e/ total 16 drwxr----- 2 anca l2e 4096 Mar 25 16:39 anca drwxr----- 2 indra l2e 4096 Mar 25 16:39 indra drwxr----- 2 lia l2e 4096 Mar 25 16:39 lia drwxr----- 2 rifqy l2e 4096 Mar 25 16:40 rifqy
Selanjutnya adalah membuat password Samba bagi user-user tersebut.
root@Plan-FileSrv:/home/it# smbpasswd -a aan New SMB password: Retype new SMB password: Added user aan. root@Plan-FileSrv:/home/it# smbpasswd -a ferry New SMB password: Retype new SMB password: Added user ferry. root@Plan-FileSrv:/home/it# smbpasswd -a iin New SMB password: Retype new SMB password: Added user iin. root@Plan-FileSrv:/home/it# smbpasswd -a kanazawa New SMB password: Retype new SMB password: Added user kanazawa. root@Plan-FileSrv:/home/it# smbpasswd -a nurhapsah New SMB password: Retype new SMB password: Added user nurhapsah. root@Plan-FileSrv:/home/it# smbpasswd -a shelly New SMB password: Retype new SMB password: Added user shelly. root@Plan-FileSrv:/home/it# smbpasswd -a susi New SMB password: Retype new SMB password: Added user susi. root@Plan-FileSrv:/home/it# smbpasswd -a yuliana New SMB password: Retype new SMB password: Added user yuliana. root@Plan-FileSrv:/home/it# smbpasswd -a zefnemi New SMB password: Retype new SMB password: Added user zefnemi. root@Plan-FileSrv:/home/it# smbpasswd -a akiu New SMB password: Retype new SMB password: Added user akiu. root@Plan-FileSrv:/home/it# smbpasswd -a ana New SMB password: Retype new SMB password: Added user ana. root@Plan-FileSrv:/home/it# smbpasswd -a emy New SMB password: Retype new SMB password: Added user emy. root@Plan-FileSrv:/home/it# smbpasswd -a ika New SMB password: Retype new SMB password: Added user ika. root@Plan-FileSrv:/home/it# smbpasswd -a nunus New SMB password: Retype new SMB password: Added user nunus. root@Plan-FileSrv:/home/it# smbpasswd -a nurmala New SMB password: Retype new SMB password: Added user nurmala. root@Plan-FileSrv:/home/it# smbpasswd -a ozy New SMB password: Retype new SMB password: Added user ozy. root@Plan-FileSrv:/home/it# smbpasswd -a wawan New SMB password: Retype new SMB password: Added user wawan. root@Plan-FileSrv:/home/it# smbpasswd -a anca New SMB password: Retype new SMB password: Added user anca. root@Plan-FileSrv:/home/it# smbpasswd -a indra New SMB password: Retype new SMB password: Added user indra. root@Plan-FileSrv:/home/it# smbpasswd -a lia New SMB password: Retype new SMB password: Added user lia. root@Plan-FileSrv:/home/it# smbpasswd -a rifqy New SMB password: Retype new SMB password: Added user rifqy.
Kita juga akan menyediakan folder "public" yang bebas diakses oleh semua user. Pada folder public ini kita akan mengaktifkan "sticky bit", fungsinya adalah agar folder yang di-create oleh user a hanya bisa di-delete oleh user a sendiri dan tidak bisa di-delete oleh user b, user c atau user-user lainnya, begitu juga sebaliknya.
root@Plan-FileSrv:/home/it# mkdir /home/public root@Plan-FileSrv:/home/it# chmod -R 0777 /home/public root@Plan-FileSrv:/home/it# ls -l /home/ total 20 drwxr-xr-x 11 root accounting 4096 Mar 25 16:56 accounting drwxr-xr-x 10 root hrd 4096 Mar 25 16:38 hrd drwxr-xr-x 3 it it 4096 Mar 24 15:54 it drwxr-xr-x 6 root l2e 4096 Mar 25 16:40 l2e drwxrwxrwx 2 root root 4096 Mar 25 17:02 public root@Plan-FileSrv:/home/it# chmod +t /home/public/ root@Plan-FileSrv:/home/it# ls -l /home/ total 20 drwxr-xr-x 11 root accounting 4096 Mar 25 16:56 accounting drwxr-xr-x 10 root hrd 4096 Mar 25 16:38 hrd drwxr-xr-x 3 it it 4096 Mar 24 15:54 it drwxr-xr-x 6 root l2e 4096 Mar 25 16:40 l2e drwxrwxrwt 2 root root 4096 Mar 25 17:02 public
Nah, lihatlah perbedaannya, sebelum perintah "chmod +t /home/public/" hak akses folder public adalah "rwxrwxrwx", namun setelah perintah "chmod +t /home/public/" hak aksesnya berubah menjadi "rwxrwxrwt". Huruf "t" diposisi akhir menandakan sticky bit aktif pada folder ini.
Kemudian edit file konfigurasi samba sehingga hasilnya seperti dibawah ini.
root@Plan-FileSrv:/home/it# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[printers]" Processing section "[print$]" Processing section "[Public]" Processing section "[Accounting]" Processing section "[hrd]" Processing section "[l2e]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = ACC-FILESERVER netbios name = FILESERVER-ACCOUNTING server string = %h server (Samba, Ubuntu) server role = standalone server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [Public] comment = Writeable Public File Sharing path = /home/public #force user = public #force group = public read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes [Accounting] comment = Accounting Dept path = /home/accounting valid users = aan, ferry, iin, kanazawa, nurhapsah, shelly, susi, yuliana, zefnemy force group = accounting read only = No force create mode = 0740 force directory mode = 0740 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ [hrd] comment = HRD Dept path = /home/hrd valid users = akiu, ana, emy, ika, nunus, nurmala, ozy, wawan force group = hrd read only = No force create mode = 0740 force directory mode = 0740 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/ [l2e] comment = L2E Dept path = /home/l2e valid users = indra, anca, lia, rifqy force group = l2e read only = No force create mode = 0740 force directory mode = 0740 inherit permissions = Yes delete veto files = Yes veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
Kemudian restart samba.
root@Plan-FileSrv:/home/it# service smbd restart smbd stop/waiting smbd start/running, process 1812 root@Plan-FileSrv:/home/it# service nmbd restart nmbd stop/waiting nmbd start/running, process 1829
Selanjutnya kita akan mengimplementasikan ACL. Dengan ACL kita bisa mengkhususkan satu atau lebih user terhadap hak akses folder/file milik orang lain. Misalnya didalam Group accounting, setiap user hanya bisa mengakses Home Folder nya masing-masing, namun kita menginginkan manager Accounting bisa mengakses seluruh folder yang ada di dalam departement / group nya (/home/accounting). Ikuti langkah-langkah berikut ini untuk mengimplementasikan ACL.
it@Plan-FileSrv:/home/public$ ls -l /home/accounting/ total 36 drwxr----- 2 aan accounting 4096 Mar 25 16:05 aan drwxr----- 2 ferry accounting 4096 Mar 25 16:05 ferry drwxr----- 2 iin accounting 4096 Mar 25 16:09 iin drwxr----- 3 kanazawa accounting 4096 Mar 25 17:40 kanazawa drwxr----- 2 nurhapsah accounting 4096 Mar 25 16:06 nurhapsah drwxr----- 2 shelly accounting 4096 Mar 25 16:09 shelly drwxr----- 2 susi accounting 4096 Mar 25 16:07 susi drwxr----- 2 yuliana accounting 4096 Mar 25 16:09 yuliana drwxr----- 2 zefnemi accounting 4096 Mar 25 16:56 zefnemi it@Plan-FileSrv:/home/public$ sudo setfacl -m u:kanazawa:rx /home/accounting/* it@Plan-FileSrv:/home/public$ ls -l /home/accounting/ total 36 drwxr-x---+ 2 aan accounting 4096 Mar 25 16:05 aan drwxr-x---+ 2 ferry accounting 4096 Mar 25 16:05 ferry drwxr-x---+ 2 iin accounting 4096 Mar 25 16:09 iin drwxr-x---+ 3 kanazawa accounting 4096 Mar 25 17:40 kanazawa drwxr-x---+ 2 nurhapsah accounting 4096 Mar 25 16:06 nurhapsah drwxr-x---+ 2 shelly accounting 4096 Mar 25 16:09 shelly drwxr-x---+ 2 susi accounting 4096 Mar 25 16:07 susi drwxr-x---+ 2 yuliana accounting 4096 Mar 25 16:09 yuliana drwxr-x---+ 2 zefnemi accounting 4096 Mar 25 16:56 zefnemi it@Plan-FileSrv:/home/public$ getfacl /home/accounting/aan/ getfacl: Removing leading '/' from absolute path names # file: home/accounting/aan/ # owner: aan # group: accounting user::rwx user:kanazawa:r-x group::r-- mask::r-x other::--- it@Plan-FileSrv:/home/public$ ls -l /home/hrd/ total 32 drwxr----- 2 akiu hrd 4096 Mar 25 16:28 akiu drwxr----- 2 ana hrd 4096 Mar 25 16:30 ana drwxr----- 2 emy hrd 4096 Mar 25 16:30 emy drwxr----- 2 ika hrd 4096 Mar 25 16:29 ika drwxr----- 2 nunus hrd 4096 Mar 25 16:28 nunus drwxr----- 2 nurmala hrd 4096 Mar 25 16:32 nurmala drwxr----- 2 ozy hrd 4096 Mar 25 16:29 ozy drwxr----- 2 wawan hrd 4096 Mar 25 16:30 wawan it@Plan-FileSrv:/home/public$ sudo setfacl -m u:akiu:rx /home/hrd/* it@Plan-FileSrv:/home/public$ ls -l /home/hrd/ total 32 drwxr-x---+ 2 akiu hrd 4096 Mar 25 16:28 akiu drwxr-x---+ 2 ana hrd 4096 Mar 25 16:30 ana drwxr-x---+ 2 emy hrd 4096 Mar 25 16:30 emy drwxr-x---+ 2 ika hrd 4096 Mar 25 16:29 ika drwxr-x---+ 2 nunus hrd 4096 Mar 25 16:28 nunus drwxr-x---+ 2 nurmala hrd 4096 Mar 25 16:32 nurmala drwxr-x---+ 2 ozy hrd 4096 Mar 25 16:29 ozy drwxr-x---+ 2 wawan hrd 4096 Mar 25 16:30 wawan it@Plan-FileSrv:/home/public$ getfacl /home/hrd/wawan/ getfacl: Removing leading '/' from absolute path names # file: home/hrd/wawan/ # owner: wawan # group: hrd user::rwx user:akiu:r-x group::r-- mask::r-x other::--- it@Plan-FileSrv:/home/public$ ls -l /home/l2e/ total 16 drwxr----- 2 anca l2e 4096 Mar 25 16:39 anca drwxr----- 2 indra l2e 4096 Mar 25 16:39 indra drwxr----- 3 lia l2e 4096 Mar 25 17:31 lia drwxr----- 2 rifqy l2e 4096 Mar 25 16:40 rifqy it@Plan-FileSrv:/home/public$ sudo setfacl -m u:akiu:rx /home/l2e/* it@Plan-FileSrv:/home/public$ getfacl /home/l2e/indra/ getfacl: Removing leading '/' from absolute path names # file: home/l2e/indra/ # owner: indra # group: l2e user::rwx user:akiu:r-x group::r-- mask::r-x other::--- it@Plan-FileSrv:/home/public$ sudo setfacl -b /home/l2e/* it@Plan-FileSrv:/home/public$ ls -l /home/l2e/ total 16 drwxr----- 2 anca l2e 4096 Mar 25 16:39 anca drwxr----- 2 indra l2e 4096 Mar 25 16:39 indra drwxr----- 3 lia l2e 4096 Mar 25 17:31 lia drwxr----- 2 rifqy l2e 4096 Mar 25 16:40 rifqy it@Plan-FileSrv:/home/public$ sudo setfacl -m u:indra:rx /home/l2e/* it@Plan-FileSrv:/home/public$ ls -l /home/l2e/ total 16 drwxr-x---+ 2 anca l2e 4096 Mar 25 16:39 anca drwxr-x---+ 2 indra l2e 4096 Mar 25 16:39 indra drwxr-x---+ 3 lia l2e 4096 Mar 25 17:31 lia drwxr-x---+ 2 rifqy l2e 4096 Mar 25 16:40 rifqy it@Plan-FileSrv:/home/public$ getfacl /home/l2e/anca/ getfacl: Removing leading '/' from absolute path names # file: home/l2e/anca/ # owner: anca # group: l2e user::rwx user:indra:r-x group::r-- mask::r-x other::---
Selanjutnya kita akan mengimplementasikan Quota. Pertama install dan konfigurasi Quota seperti perintah berikut ini.
root@Plan-FileSrv:/home/it# apt-get install quota root@Plan-FileSrv:/home/it# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 314G 1.5G 297G 1% / none 4.0K 0 4.0K 0% /sys/fs/cgroup udev 487M 4.0K 487M 1% /dev tmpfs 100M 1016K 99M 1% /run none 5.0M 0 5.0M 0% /run/lock none 498M 0 498M 0% /run/shm none 100M 0 100M 0% /run/user root@Plan-FileSrv:/home/it# cp /etc/fstab /etc/fstab.asli root@Plan-FileSrv:/home/it# cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=040538d3-bd4d-47ba-892b-57532f1ad78e / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=6f85289d-024c-4639-901d-ec972269688a none swap sw 0 0 root@Plan-FileSrv:/home/it# vim /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation #UUID=040538d3-bd4d-47ba-892b-57532f1ad78e / ext4 errors=remount-ro 0 1 UUID=040538d3-bd4d-47ba-892b-57532f1ad78e / ext4 rw,relatime,errors=remount-ro,acl,user_xattr,barrier=1,data=ordered,usrquota,grpquota 1 1 # swap was on /dev/sda5 during installation UUID=6f85289d-024c-4639-901d-ec972269688a none swap sw 0 0 root@Plan-FileSrv:/home/it# reboot it@Plan-FileSrv:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 314G 1.5G 297G 1% / none 4.0K 0 4.0K 0% /sys/fs/cgroup udev 487M 4.0K 487M 1% /dev tmpfs 100M 1016K 99M 1% /run none 5.0M 0 5.0M 0% /run/lock none 498M 0 498M 0% /run/shm none 100M 0 100M 0% /run/user
Aktifkan Quota dengan perintah berikut ini.
root@Plan-FileSrv:/home/it# quotacheck -cugm / quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file. Please turn quotas off or use -f to force checking. root@Plan-FileSrv:/home/it# quotaoff Bad number of arguments. quotaoff: Usage: quotaoff [-guvp] [-F quotaformat] [-x state] -a quotaoff [-guvp] [-F quotaformat] [-x state] filesys ... -a, --all turn quotas off for all filesystems -f, --off turn quotas off -u, --user operate on user quotas -g, --group operate on group quotas -p, --print-state print whether quotas are on or off -x, --xfs-command=cmd perform XFS quota command -F, --format=formatname operate on specific quota format -v, --verbose print more messages -h, --help display this help text and exit -V, --version display version information and exit root@Plan-FileSrv:/home/it# quotaoff -a root@Plan-FileSrv:/home/it# quotacheck -cugm / root@Plan-FileSrv:/home/it# ls -l /aquota.* -rw------- 1 root root 18432 Mar 30 12:13 /aquota.group -rw------- 1 root root 19456 Mar 30 12:13 /aquota.user root@Plan-FileSrv:/home/it# quotaon -guva /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e [/]: group quotas turned on /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e [/]: user quotas turned on
Set kapasitas storage (quota) untuk user kunkun sebesar 10GB.
root@Plan-FileSrv:/home/it# setquota -u kunkun 10000000 10240000 0 0 -a / root@Plan-FileSrv:/home/it# repquota -ug / *** Report for user quotas on device /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1464752 0 0 68562 0 0 daemon -- 64 0 0 4 0 0 man -- 1216 0 0 153 0 0 lp -- 5408 0 0 1 0 0 nobody -- 12 0 0 3 0 0 libuuid -- 24 0 0 2 0 0 syslog -- 1056 0 0 4 0 0 bind -- 8 0 0 2 0 0 landscape -- 4 0 0 2 0 0 colord -- 8 0 0 2 0 0 it -- 28 0 0 8 0 0 kanazawa -- 20 0 0 5 0 0 ferry -- 16 0 0 4 0 0 aan -- 16 0 0 4 0 0 nurhapsah -- 16 0 0 4 0 0 susi -- 16 0 0 4 0 0 shelly -- 16 0 0 4 0 0 yuliana -- 16 0 0 4 0 0 iin -- 16 0 0 4 0 0 nunus -- 16 0 0 4 0 0 ika -- 16 0 0 4 0 0 ozy -- 16 0 0 4 0 0 ana -- 16 0 0 4 0 0 emy -- 16 0 0 4 0 0 wawan -- 16 0 0 4 0 0 nurmala -- 16 0 0 4 0 0 akiu -- 16 0 0 4 0 0 indra -- 16 0 0 4 0 0 anca -- 16 0 0 4 0 0 lia -- 20 0 0 5 0 0 rifqy -- 16 0 0 4 0 0 zefnemi -- 16 0 0 4 0 0 kunkun -- 16 10000000 10240000 4 0 0 ristanto -- 16 0 0 4 0 0 tianur -- 16 0 0 4 0 0 triyanta -- 16 0 0 4 0 0 jhonyst -- 16 0 0 4 0 0 amy -- 16 0 0 4 0 0 arifrh -- 16 0 0 4 0 0 aay -- 16 0 0 4 0 0 welly -- 16 0 0 4 0 0 agus -- 16 0 0 4 0 0 wahyu -- 16 0 0 4 0 0 andi -- 16 0 0 4 0 0 ica -- 16 0 0 4 0 0 nurhadi -- 16 0 0 4 0 0 *** Report for group quotas on device /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e Block grace time: 7days; Inode grace time: 7days Block limits File limits Group used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1462308 0 0 68621 0 0 daemon -- 68 0 0 5 0 0 adm -- 1252 0 0 16 0 0 tty -- 36 0 0 2 0 0 lp -- 5444 0 0 10 0 0 mail -- 36 0 0 3 0 0 dip -- 356 0 0 5 0 0 shadow -- 132 0 0 7 0 0 utmp -- 560 0 0 4 0 0 staff -- 76 0 0 19 0 0 nogroup -- 12 0 0 3 0 0 libuuid -- 24 0 0 2 0 0 crontab -- 40 0 0 2 0 0 syslog -- 4 0 0 1 0 0 fuse -- 4 0 0 1 0 0 messagebus -- 304 0 0 1 0 0 ssl-cert -- 8 0 0 2 0 0 lpadmin -- 20 0 0 2 0 0 sambashare -- 4 0 0 1 0 0 mlocate -- 1484 0 0 2 0 0 ssh -- 280 0 0 1 0 0 bind -- 36 0 0 9 0 0 colord -- 8 0 0 2 0 0 it -- 52 0 0 14 0 0 accounting -- 152 0 0 38 0 0 hrd -- 136 0 0 34 0 0 l2e -- 72 0 0 18 0 0 planning -- 36 0 0 9 0 0 plantation -- 20 0 0 5 0 0 harvesting -- 68 0 0 17 0 0 wm -- 68 0 0 17 0 0 marketing -- 48 0 0 12 0 0 root@Plan-FileSrv:/home/it# repquota -u / | grep kunkun kunkun -- 16 10000000 10240000 4 0 0 root@Plan-FileSrv:/home/it# quota kunkun Disk quotas for user kunkun (uid 40001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0
Set juga quota sebesar 10GB untuk user triyanta, aay dan andi. Cara yang paling gampang adalah dengan meng-cloning quota dari user kunkun, caranya seperti baris perintah berikut ini.
root@Plan-FileSrv:/home/it# edquota -p kunkun -u triyanta aay andi root@Plan-FileSrv:/home/it# quota triyanta Disk quotas for user triyanta (uid 60001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0 root@Plan-FileSrv:/home/it# repquota -u / | grep triyanta triyanta -- 16 10000000 10240000 4 0 0 root@Plan-FileSrv:/home/it# repquota -u / | grep aay aay -- 16 10000000 10240000 4 0 0 root@Plan-FileSrv:/home/it# repquota -u / | grep andi andi -- 16 10000000 10240000 4 0 0 root@Plan-FileSrv:/home/it# quota -u kunkun triyanta aay andi Disk quotas for user kunkun (uid 40001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0
Disk quotas for user triyanta (uid 60001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0
Disk quotas for user aay (uid 70001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0
Disk quotas for user andi (uid 80001): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 10000000 10240000 4 0 0
Selanjutnya, set kapasitas penyimpanan bagi user ristanto sebesar 5GB. Set juga kapasitas storage yang sama bagi user arifrh jhonyst amy tianur agus wahyu welly ica nurhadi.
root@Plan-FileSrv:/home/it# setquota -u ristanto 5000000 5120000 0 0 -a / root@Plan-FileSrv:/home/it# quota ristanto Disk quotas for user ristanto (uid 40002): Filesystem blocks quota limit grace files quota limit grace /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e 16 5000000 5120000 4 0 0 root@Plan-FileSrv:/home/it# edquota -p ristanto -u arifrh jhonyst amy tianur agus wahyu welly ica nurhadi root@Plan-FileSrv:/home/it# repquota -u / *** Report for user quotas on device /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1464788 0 0 68562 0 0 daemon -- 64 0 0 4 0 0 man -- 1216 0 0 153 0 0 lp -- 5408 0 0 1 0 0 nobody -- 12 0 0 3 0 0 libuuid -- 24 0 0 2 0 0 syslog -- 1056 0 0 4 0 0 bind -- 8 0 0 2 0 0 landscape -- 4 0 0 2 0 0 colord -- 8 0 0 2 0 0 it -- 28 0 0 8 0 0 kanazawa -- 20 0 0 5 0 0 ferry -- 16 0 0 4 0 0 aan -- 16 0 0 4 0 0 nurhapsah -- 16 0 0 4 0 0 susi -- 16 0 0 4 0 0 shelly -- 16 0 0 4 0 0 yuliana -- 16 0 0 4 0 0 iin -- 16 0 0 4 0 0 nunus -- 16 0 0 4 0 0 ika -- 16 0 0 4 0 0 ozy -- 16 0 0 4 0 0 ana -- 16 0 0 4 0 0 emy -- 16 0 0 4 0 0 wawan -- 16 0 0 4 0 0 nurmala -- 16 0 0 4 0 0 akiu -- 16 0 0 4 0 0 indra -- 16 0 0 4 0 0 anca -- 16 0 0 4 0 0 lia -- 20 0 0 5 0 0 rifqy -- 16 0 0 4 0 0 zefnemi -- 16 0 0 4 0 0 kunkun -- 16 10000000 10240000 4 0 0 ristanto -- 16 5000000 5120000 4 0 0 tianur -- 16 5000000 5120000 4 0 0 triyanta -- 16 10000000 10240000 4 0 0 jhonyst -- 16 5000000 5120000 4 0 0 amy -- 16 5000000 5120000 4 0 0 arifrh -- 16 5000000 5120000 4 0 0 aay -- 16 10000000 10240000 4 0 0 welly -- 16 5000000 5120000 4 0 0 agus -- 16 5000000 5120000 4 0 0 wahyu -- 16 5000000 5120000 4 0 0 andi -- 16 10000000 10240000 4 0 0 ica -- 16 5000000 5120000 4 0 0 nurhadi -- 16 5000000 5120000 4 0 0
Set juga quota untuk user-user yang lainnya.
root@Plan-FileSrv:/home/it# edquota -p kunkun -u kanazawa akiu indra root@Plan-FileSrv:/home/it# edquota -p ristanto -u ferry aan nurhapsah shelly zefnemi yuliana iin ozy ika susi ana wawan nurmala emy nunus anca lia rifqy root@Plan-FileSrv:/home/it# repquota -u / *** Report for user quotas on device /dev/disk/by-uuid/040538d3-bd4d-47ba-892b-57532f1ad78e Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1464788 0 0 68562 0 0 daemon -- 64 0 0 4 0 0 man -- 1216 0 0 153 0 0 lp -- 5408 0 0 1 0 0 nobody -- 12 0 0 3 0 0 libuuid -- 24 0 0 2 0 0 syslog -- 1056 0 0 4 0 0 bind -- 8 0 0 2 0 0 landscape -- 4 0 0 2 0 0 colord -- 8 0 0 2 0 0 it -- 28 0 0 8 0 0 kanazawa -- 20 10000000 10240000 5 0 0 ferry -- 16 5000000 5120000 4 0 0 aan -- 16 5000000 5120000 4 0 0 nurhapsah -- 16 5000000 5120000 4 0 0 susi -- 16 5000000 5120000 4 0 0 shelly -- 16 5000000 5120000 4 0 0 yuliana -- 16 5000000 5120000 4 0 0 iin -- 16 5000000 5120000 4 0 0 nunus -- 16 5000000 5120000 4 0 0 ika -- 16 5000000 5120000 4 0 0 ozy -- 16 5000000 5120000 4 0 0 ana -- 16 5000000 5120000 4 0 0 emy -- 16 5000000 5120000 4 0 0 wawan -- 16 5000000 5120000 4 0 0 nurmala -- 16 5000000 5120000 4 0 0 akiu -- 16 10000000 10240000 4 0 0 indra -- 16 10000000 10240000 4 0 0 anca -- 16 5000000 5120000 4 0 0 lia -- 20 5000000 5120000 5 0 0 rifqy -- 16 5000000 5120000 4 0 0 zefnemi -- 16 5000000 5120000 4 0 0 kunkun -- 16 10000000 10240000 4 0 0 ristanto -- 16 5000000 5120000 4 0 0 tianur -- 16 5000000 5120000 4 0 0 triyanta -- 16 10000000 10240000 4 0 0 jhonyst -- 16 5000000 5120000 4 0 0 amy -- 16 5000000 5120000 4 0 0 arifrh -- 16 5000000 5120000 4 0 0 aay -- 16 10000000 10240000 4 0 0 welly -- 16 5000000 5120000 4 0 0 agus -- 16 5000000 5120000 4 0 0 wahyu -- 16 5000000 5120000 4 0 0 andi -- 16 10000000 10240000 4 0 0 ica -- 16 5000000 5120000 4 0 0 nurhadi -- 16 5000000 5120000 4 0 0
Alhamdulillah selesai sudah konfigurasi yang kita lakukan. Sekarang file server samba yang kita miliki sudah bisa membatasi akses file/folder secara spesifik dan juga bisa membatasi besar kapasitas penyimpanan bagi setiap user maupun group. O..iya sebelum menutup tutorial ini, adapun cara menerapkan ACL untuk group dapat melihat pada baris perintah berikut ini.
root@Plan-FileSrv:/home/it# setfacl -m g:wm:r /home/marketing/* root@Plan-FileSrv:/home/it# setfacl -m g:harvesting:r /home/harvesting/* root@Plan-FileSrv:/home/it# setfacl -m g:planning:r /home/planning/* root@Plan-FileSrv:/home/it# setfacl -m g:plantation:r /home/plantation/* root@Plan-FileSrv:/home/it# setfacl -m g:wm:r /home/wm/* root@Plan-FileSrv:/home/it# setfacl -b /home/marketing/* root@Plan-FileSrv:/home/it# setfacl -m g:marketing:r /home/marketing/* root@Plan-FileSrv:/home/it# setfacl -m u:andi:rx /home/marketing/* root@Plan-FileSrv:/home/it# setfacl -m g:: /home/wm/* setfacl: Option -m incomplete root@Plan-FileSrv:/home/it# setfacl -m g::r /home/wm/* root@Plan-FileSrv:/home/it# getfacl /home/wm/agus/ getfacl: Removing leading '/' from absolute path names # file: home/wm/agus/ # owner: agus # group: wm user::rwx user:aay:r-x group::r-- group:wm:r-- mask::r-x other::--- root@Plan-FileSrv:/home/it# getfacl /home/planning/ristanto/ getfacl: Removing leading '/' from absolute path names # file: home/planning/ristanto/ # owner: ristanto # group: planning user::rwx user:kunkun:r-x group::r-x group:planning:r-- mask::r-x other::--- root@Plan-FileSrv:/home/it# setfacl -m g::r /home/planning/* root@Plan-FileSrv:/home/it# setfacl -m g::r /home/plantation/* root@Plan-FileSrv:/home/it# setfacl -m g::r /home/harvesting/*
Sampai jumpa di tutorial berikutnya.
halo kakk, maaf izin bertanya.. kalo misalkan nih kapasitasnya udah mau habis, bisa ditambah ngga ya? kalo bisa kayak gimana? apakah harus diset dulu kapasitasnya jadi 0? semoga dijawab ya, lagi butuh buat project.. terimakasih hehe >_<
BalasHapus