Linux Mint » Shearing

h1. My file setup

<pre>

[global]

   server min protocol = SMB3

   server max protocol = SMB3

   ntlm auth = ntlmv2-only

   server role = standalone server

   obey pam restrictions = yes

   unix password sync = yes

   passwd program = /usr/bin/passwd %u

   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = never

   encrypt passwords = yes

   security = user

[SHARE_NAME]

   path = /srv/data

   browseable = yes

   read only = no

   smb encrypt = mandatory

   ; Enforces encryption for the share (requires SMB3 clients)

   valid users = username1, username2

   force group = group_name

   create mask = 0660

   directory mask = 0770

</pre>

This is a solid for a secure and functional setup. Key points include:

1. **Strong Protocols and Authentication**:

   - Enforcing SMB3 and NTLMv2-only authentication enhances security.

2. **Server Role and User Management**:

   - Configured as a standalone server with PAM (Pluggable Authentication Modules) restrictions and UNIX password synchronization.

3. **Share Configuration**:

   - The share is well-configured with mandatory SMB encryption, making it secure for SMB3 clients.

4. force group ensures that files and folders created within the share belong to the "nextcloud" group.

5. create mask and directory mask define the permissions for new files and directories created in the share.

Overall, this configuration promotes strong security practices while ensuring functionality. Just ensure that your network environment and all clients are compatible with these settings.