#My Samba Share with Public+Private Share (Ubuntu)
 
su
apt-get install samba acl
 
cat > /etc/samba/smb.conf << SMBCONF
 [global]
 server min protocol = SMB2_02
 server max protocol = SMB3
 server string = fileserver
 workgroup = WORKGROUP
 netbios name = fileserver
 wins support = yes
 local master = yes
 preferred master = yes
 time server = yes
 security = auto
 unix extensions = yes
 name resolve order = lmhosts host wins bcast
 include = /etc/samba/shares.conf
SMBCONF
 
 
cat > /etc/samba/shares.conf << SHARECONF
 [Public]
 path = /storage/share/samba/public_files/
 force group = smbgroup
 create mask = 0750
 force create mode = 0750
 directory mask = 0750
 force directory mode = 0750
 public = yes
 writable = yes
 hide unreadable = Yes
 access based share enum = Yes
 nt acl support = yes
 inherit acls = no
SHARECONF
 
 
useradd -s /bin/false smbadmin
smbpasswd -a smbadmin
groupadd smbgroup
 
useradd -s /bin/false user1
smbpasswd -a user1
 
mkdir -p /storage/share/samba/public_files/all
mkdir -p /storage/share/samba/public_files/exchange
mkdir -p /storage/share/samba/public_files/privat/
 
chown smbadmin:smbgroup /storage/share/samba/public_files
chown smbadmin:smbgroup /storage/share/samba/public_files/all
chown smbadmin:smbgroup /storage/share/samba/public_files/exchange
chown smbadmin:smbadmin /storage/share/samba/public_files/privat/
 
chmod -R ugo-rwx /storage/share/samba/public_files/
chmod u+rwx,g+rxs,o+rx /storage/share/samba/public_files/
chmod u+rwx,g+rwxs,o+rx /storage/share/samba/public_files/all
 
chmod u+rwx,g+rxs,o+rx /storage/share/samba/public_files/exchange
setfacl -m u:user1:rwx /storage/share/samba/public_files/exchange
 
chmod u-rwx,g-rwxs,o-rwx /storage/share/samba/public_files/privat/
chmod -R u+rwx,g+rwx-s,o-rwx /storage/share/samba/public_files/privat/
setfacl -m u:user1:rwx /storage/share/samba/public_files/privat/
 
#remove permission when need
#setfacl -x u:user1 /storage/share/samba/public_files/privat/
 
touch /storage/share/samba/public_files/all/.lock
chmod go-rwx /storage/share/samba/public_files/all/.lock
chattr +i /storage/share/samba/public_files/all/.lock
 
touch /storage/share/samba/public_files/exchange/.lock
chmod go-rwx /storage/share/samba/public_files/exchange/.lock
chattr +i /storage/share/samba/public_files/exchange/.lock
 
touch /storage/share/samba/public_files/privat/.lock
chmod go-rwx /storage/share/samba/public_files/privat/.lock
chattr +i /storage/share/samba/public_files/privat/.lock
 
systemctl restart smbd
systemctl restart nmbd