usb-ssd/examples/smb-configuration/smb.conf.example

# USB-SSD Management System - SMB Configuration Example
# Optimierte Samba-Konfiguration für USB-C SSD Freigaben
#
# Installation:
# sudo cp smb.conf.example /etc/samba/smb.conf
# sudo systemctl restart smbd nmbd
# sudo smbpasswd -a $USER

# ============================================================================
# Global Configuration
# ============================================================================

[global]
    # Server-Identifikation
    workgroup = WORKGROUP
    server string = USB-SSD File Server
    netbios name = SSD-SERVER
    
    # Protokoll-Versionen (SMB2/3 für bessere Performance)
    server min protocol = SMB2
    server max protocol = SMB3
    client min protocol = SMB2
    client max protocol = SMB3
    
    # Security-Konfiguration
    security = user
    map to guest = bad user
    guest account = nobody
    
    # Logging
    log file = /var/log/samba/log.%m
    log level = 1
    max log size = 1000
    
    # Performance-Optimierungen
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
    read raw = yes
    write raw = yes
    max xmit = 65535
    dead time = 15
    getwd cache = yes
    
    # Unicode und Charset
    unix charset = UTF-8
    display charset = UTF-8
    dos charset = CP850
    
    # Erweiterte Attribute für NTFS-Kompatibilität
    ea support = yes
    store dos attributes = yes
    map archive = no
    map hidden = no
    map read only = no
    map system = no
    
    # Locking-Optimierungen
    kernel oplocks = no
    level2 oplocks = yes
    oplocks = yes
    
    # Name-Resolution
    name resolve order = lmhosts wins bcast host
    dns proxy = no
    
    # Printing (deaktiviert für SSD-Server)
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

# ============================================================================
# USB-SSD Storage Share
# ============================================================================

[ssd-storage]
    # Basis-Konfiguration
    comment = USB-C SSD Storage
    path = /mnt/ssd-storage
    browseable = yes
    writable = yes
    guest ok = no
    
    # Benutzer-Zugriff
    valid users = @ssd-users, @disk
    admin users = @ssd-admins
    write list = @ssd-users
    read list = @ssd-users, @ssd-readonly
    
    # Permissions
    create mask = 0664
    directory mask = 0775
    force create mode = 0664
    force directory mode = 0775
    force user = ssd-user
    force group = ssd-users
    
    # Performance-Optimierungen für USB-SSD
    strict allocate = yes
    allocation roundup size = 1048576
    read raw = yes
    write raw = yes
    
    # NTFS-Kompatibilität
    store dos attributes = yes
    map archive = no
    map hidden = no
    map read only = no
    map system = no
    
    # Erweiterte Attribute
    ea support = yes
    acl allow execute always = yes
    
    # Locking für Multi-User Zugriff
    oplocks = yes
    level2 oplocks = yes
    kernel oplocks = no
    locking = yes
    strict locking = no
    
    # Veto-Dateien (Systemdateien ausschließen)
    veto files = /._*/.DS_Store/Thumbs.db/desktop.ini/
    delete veto files = yes
    
    # Recycle-Bin (optional)
    # vfs objects = recycle
    # recycle:repository = .recycle
    # recycle:keeptree = yes
    # recycle:versions = yes

# ============================================================================
# Backup-spezifische Freigabe
# ============================================================================

[ssd-backup]
    comment = USB-SSD Backup Storage
    path = /mnt/ssd-storage/backup
    browseable = yes
    writable = yes
    guest ok = no
    
    # Nur Backup-Benutzer
    valid users = @backup-users
    admin users = @backup-admins
    write list = @backup-users
    
    # Restriktive Permissions
    create mask = 0640
    directory mask = 0750
    force create mode = 0640
    force directory mode = 0750
    
    # Backup-optimierte Einstellungen
    strict allocate = yes
    sync always = yes
    strict sync = yes
    
    # Audit-Logging
    full_audit:prefix = %u|%I|%S
    full_audit:success = open opendir write unlink mkdir rmdir rename
    full_audit:failure = all
    vfs objects = full_audit

# ============================================================================
# Read-Only Archive Share
# ============================================================================

[ssd-archive]
    comment = USB-SSD Archive (Read-Only)
    path = /mnt/ssd-storage/archive
    browseable = yes
    writable = no
    guest ok = yes
    
    # Read-Only Zugriff
    read only = yes
    write list = @archive-admins
    
    # Optimiert für große Dateien
    read raw = yes
    large readwrite = yes
    
    # Caching für bessere Performance
    kernel share modes = yes
    posix locking = no

# ============================================================================
# Media-Server Integration
# ============================================================================

[ssd-media]
    comment = USB-SSD Media Storage
    path = /mnt/ssd-storage/media
    browseable = yes
    writable = yes
    guest ok = yes
    
    # Media-optimierte Einstellungen
    valid users = @media-users, guest
    write list = @media-admins
    
    # Große Dateien optimiert
    read raw = yes
    write raw = yes
    large readwrite = yes
    
    # Media-spezifische Veto-Files
    veto files = /._*/.DS_Store/Thumbs.db/.@__thumb/
    delete veto files = yes
    
    # Streaming-Optimierungen
    strict allocate = no
    allocation roundup size = 4096
    
    # DLNA/UPnP Kompatibilität
    store dos attributes = no
    map archive = no
    map hidden = no

# ============================================================================
# Development Share
# ============================================================================

[ssd-dev]
    comment = USB-SSD Development Storage
    path = /mnt/ssd-storage/development
    browseable = yes
    writable = yes
    guest ok = no
    
    # Entwickler-Zugriff
    valid users = @developers
    admin users = @dev-leads
    write list = @developers
    
    # Entwickler-freundliche Permissions
    create mask = 0664
    directory mask = 0775
    force create mode = 0664
    force directory mode = 0775
    
    # Git-Repository Unterstützung
    store dos attributes = no
    map archive = no
    map hidden = no
    map read only = no
    map system = no
    
    # Symlink-Unterstützung
    follow symlinks = yes
    wide links = no
    unix extensions = yes
    
    # Case-Sensitivity für Entwicklung
    case sensitive = auto
    default case = lower
    preserve case = yes
    short preserve case = yes

# ============================================================================
# Temporäre Freigabe
# ============================================================================

[ssd-temp]
    comment = USB-SSD Temporary Storage
    path = /mnt/ssd-storage/temp
    browseable = yes
    writable = yes
    guest ok = yes
    
    # Temporärer Zugriff
    valid users = @ssd-users, guest
    
    # Temporäre Dateien
    create mask = 0666
    directory mask = 0777
    
    # Automatische Bereinigung (via Cron)
    # 0 2 * * * find /mnt/ssd-storage/temp -type f -mtime +7 -delete
    
    # Keine Attribute speichern
    store dos attributes = no
    ea support = no

# ============================================================================
# Administrative Freigabe
# ============================================================================

[ssd-admin]
    comment = USB-SSD Administrative Access
    path = /mnt/ssd-storage
    browseable = no
    writable = yes
    guest ok = no
    
    # Nur Administratoren
    valid users = @ssd-admins
    admin users = @ssd-admins
    
    # Vollzugriff
    create mask = 0664
    directory mask = 0775
    
    # Audit-Logging für Admin-Zugriffe
    full_audit:prefix = ADMIN|%u|%I|%S
    full_audit:success = all
    full_audit:failure = all
    vfs objects = full_audit
    
    # Erweiterte Funktionen
    ea support = yes
    acl allow execute always = yes
    nt acl support = yes

# ============================================================================
# Homes-Integration (optional)
# ============================================================================

[homes]
    comment = Home Directories on USB-SSD
    browseable = no
    writable = yes
    guest ok = no
    
    # Benutzer-spezifische Pfade
    path = /mnt/ssd-storage/home/%S
    valid users = %S
    
    # Standard-Permissions
    create mask = 0600
    directory mask = 0700
    
    # Privacy-Einstellungen
    hide dot files = yes
    hide files = /desktop.ini/thumbs.db/
    
    # Quota-Unterstützung (falls aktiviert)
    # preexec = /usr/local/bin/setup-user-quota.sh %S