So, in my workplace, we were building a file server and the directory distribution would work according to the groups the user is part of.  So we built  shell scripts which would automatically mount the folders for the user.

Eg: If I am the John user and I am part of the groups “HR”, “IT and “marketing”. Our script will automatically fetch the groups from the John user and create the folders “HR”, “IT and “marketing” into his user directory.

To achieve this, we built the directory tree like this:

/srv/files/groups/infrastructure,HR,IT,marketing  (here is where all the files will actually be placed, according to the groups)

/srv/files/users/john,lisa,hans/”groups for each user” (here is where all the users will be placed after they remotely connect from their CIFS clients operating systems. There will be a folder for each user and inside each user folder will be created the mounting point to the groups, according to their respective groups).

In order to achieve this all, the following samba configuration (/etc/samba/smb.conf) was used:

[global]
workgroup = Organization
server string = %h server (Samba)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
hosts allow = 127.0.0.1 192.168.
hosts deny = ALL
os level = 100
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes

[Org]
comment = Organization Foo Bar
path = /srv/files/users/%U
browseable = yes
guest ok = no
read only = no
force create mode = 0770
force directory mode = 0770
writable = yes
root preexec = bash /root/script_preexec_samba.sh %U %g

Additionally, the following script was used for the “root preexec” function from smb.conf, which means, will be executed when the user opens it’s session in the samba server:

#!/bin/bash
grupos=`groups $1 | cut -d: -f2`

if [ ! -d "/srv/files/users/$1" ]; then
 mkdir /srv/files/users/$1;
fi

umount /srv/files/users/$1/* >/dev/null

chown -R $1:$2 /srv/files/users/$1

for i in $grupos;
do
 if [ ! -d "/srv/files/users/$1/$i" ]; then
 mkdir /srv/files/users/$1/$i;
 fi

chgrp -R $i /srv/files/users/$1/$i;
 mount -o bind /srv/files/groups/$i /srv/files/users/$1/$i;
done

chmod -R 0770 /srv/files/users/$1/

exit 0

To do:

*To create a safe way to use the “postexec” function to automatically unmount and remove the user folders

 

Conclusions: This problem is certainly something more sysadmins had and this solution will certainly benefit many of them. If you find any issues, or if you haven’t understood some parts of this solution or even if you have found a better way to implement this solution, please do not hesitate to write me here in this post.