# USB-SSD Management System - SMB Configuration Example # Optimierte Samba-Konfiguration für USB-C SSD Freigaben # # Installation: # sudo cp smb.conf.example /etc/samba/smb.conf # sudo systemctl restart smbd nmbd # sudo smbpasswd -a $USER # ============================================================================ # Global Configuration # ============================================================================ [global] # Server-Identifikation workgroup = WORKGROUP server string = USB-SSD File Server netbios name = SSD-SERVER # Protokoll-Versionen (SMB2/3 für bessere Performance) server min protocol = SMB2 server max protocol = SMB3 client min protocol = SMB2 client max protocol = SMB3 # Security-Konfiguration security = user map to guest = bad user guest account = nobody # Logging log file = /var/log/samba/log.%m log level = 1 max log size = 1000 # Performance-Optimierungen socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 read raw = yes write raw = yes max xmit = 65535 dead time = 15 getwd cache = yes # Unicode und Charset unix charset = UTF-8 display charset = UTF-8 dos charset = CP850 # Erweiterte Attribute für NTFS-Kompatibilität ea support = yes store dos attributes = yes map archive = no map hidden = no map read only = no map system = no # Locking-Optimierungen kernel oplocks = no level2 oplocks = yes oplocks = yes # Name-Resolution name resolve order = lmhosts wins bcast host dns proxy = no # Printing (deaktiviert für SSD-Server) load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # ============================================================================ # USB-SSD Storage Share # ============================================================================ [ssd-storage] # Basis-Konfiguration comment = USB-C SSD Storage path = /mnt/ssd-storage browseable = yes writable = yes guest ok = no # Benutzer-Zugriff valid users = @ssd-users, @disk admin users = @ssd-admins write list = @ssd-users read list = @ssd-users, @ssd-readonly # Permissions create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 force user = ssd-user force group = ssd-users # Performance-Optimierungen für USB-SSD strict allocate = yes allocation roundup size = 1048576 read raw = yes write raw = yes # NTFS-Kompatibilität store dos attributes = yes map archive = no map hidden = no map read only = no map system = no # Erweiterte Attribute ea support = yes acl allow execute always = yes # Locking für Multi-User Zugriff oplocks = yes level2 oplocks = yes kernel oplocks = no locking = yes strict locking = no # Veto-Dateien (Systemdateien ausschließen) veto files = /._*/.DS_Store/Thumbs.db/desktop.ini/ delete veto files = yes # Recycle-Bin (optional) # vfs objects = recycle # recycle:repository = .recycle # recycle:keeptree = yes # recycle:versions = yes # ============================================================================ # Backup-spezifische Freigabe # ============================================================================ [ssd-backup] comment = USB-SSD Backup Storage path = /mnt/ssd-storage/backup browseable = yes writable = yes guest ok = no # Nur Backup-Benutzer valid users = @backup-users admin users = @backup-admins write list = @backup-users # Restriktive Permissions create mask = 0640 directory mask = 0750 force create mode = 0640 force directory mode = 0750 # Backup-optimierte Einstellungen strict allocate = yes sync always = yes strict sync = yes # Audit-Logging full_audit:prefix = %u|%I|%S full_audit:success = open opendir write unlink mkdir rmdir rename full_audit:failure = all vfs objects = full_audit # ============================================================================ # Read-Only Archive Share # ============================================================================ [ssd-archive] comment = USB-SSD Archive (Read-Only) path = /mnt/ssd-storage/archive browseable = yes writable = no guest ok = yes # Read-Only Zugriff read only = yes write list = @archive-admins # Optimiert für große Dateien read raw = yes large readwrite = yes # Caching für bessere Performance kernel share modes = yes posix locking = no # ============================================================================ # Media-Server Integration # ============================================================================ [ssd-media] comment = USB-SSD Media Storage path = /mnt/ssd-storage/media browseable = yes writable = yes guest ok = yes # Media-optimierte Einstellungen valid users = @media-users, guest write list = @media-admins # Große Dateien optimiert read raw = yes write raw = yes large readwrite = yes # Media-spezifische Veto-Files veto files = /._*/.DS_Store/Thumbs.db/.@__thumb/ delete veto files = yes # Streaming-Optimierungen strict allocate = no allocation roundup size = 4096 # DLNA/UPnP Kompatibilität store dos attributes = no map archive = no map hidden = no # ============================================================================ # Development Share # ============================================================================ [ssd-dev] comment = USB-SSD Development Storage path = /mnt/ssd-storage/development browseable = yes writable = yes guest ok = no # Entwickler-Zugriff valid users = @developers admin users = @dev-leads write list = @developers # Entwickler-freundliche Permissions create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 # Git-Repository Unterstützung store dos attributes = no map archive = no map hidden = no map read only = no map system = no # Symlink-Unterstützung follow symlinks = yes wide links = no unix extensions = yes # Case-Sensitivity für Entwicklung case sensitive = auto default case = lower preserve case = yes short preserve case = yes # ============================================================================ # Temporäre Freigabe # ============================================================================ [ssd-temp] comment = USB-SSD Temporary Storage path = /mnt/ssd-storage/temp browseable = yes writable = yes guest ok = yes # Temporärer Zugriff valid users = @ssd-users, guest # Temporäre Dateien create mask = 0666 directory mask = 0777 # Automatische Bereinigung (via Cron) # 0 2 * * * find /mnt/ssd-storage/temp -type f -mtime +7 -delete # Keine Attribute speichern store dos attributes = no ea support = no # ============================================================================ # Administrative Freigabe # ============================================================================ [ssd-admin] comment = USB-SSD Administrative Access path = /mnt/ssd-storage browseable = no writable = yes guest ok = no # Nur Administratoren valid users = @ssd-admins admin users = @ssd-admins # Vollzugriff create mask = 0664 directory mask = 0775 # Audit-Logging für Admin-Zugriffe full_audit:prefix = ADMIN|%u|%I|%S full_audit:success = all full_audit:failure = all vfs objects = full_audit # Erweiterte Funktionen ea support = yes acl allow execute always = yes nt acl support = yes # ============================================================================ # Homes-Integration (optional) # ============================================================================ [homes] comment = Home Directories on USB-SSD browseable = no writable = yes guest ok = no # Benutzer-spezifische Pfade path = /mnt/ssd-storage/home/%S valid users = %S # Standard-Permissions create mask = 0600 directory mask = 0700 # Privacy-Einstellungen hide dot files = yes hide files = /desktop.ini/thumbs.db/ # Quota-Unterstützung (falls aktiviert) # preexec = /usr/local/bin/setup-user-quota.sh %S