Samba (smb)

Overview

Samba is a free software re-implementation of the SMB/CIFS networking protocol. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Configuration

On Ubuntu configuration file is located in /etc/samba/smb.conf. You need root privileges to edit it.

Sample file

[global]
  workgroup = WORKGROUP
  server string = servername
  unix password sync = yes
  access based share enum = yes

[homes]
  comment = Home Directories
  browseable = no
  read only = no
  writable = yes
  guest ok = no
  create mask = 0600
  directory mask = 0700
  security = user

[accounting]
  comment = Accounting Department Directory
  writable = yes
  valid users = @account
  path = /media/storage/accounting
  create mask = 0660
  directory mode = 0770
  force group = account

[public]
  comment = Public
  browsable = yes
  path = /media/storage/public
  public = yes
  read only = no
  writable = yes
  guest ok = yes
  create mask = 0666
  directory mode = 0777

You need to set public storage directory permissions to be 777 (drwxrwxrwx) and for directories shared in group 770 (drwxrwx---). Don’t forget to change group of shared directories with chown -R :groupname path.

This is how we can create group account and add bob to account.

groupadd account
adduser bob
usermod -a -G account bob
smbpasswd -a bob

Configuring anonymous public shares

[public]
  comment = Public
  browsable = yes
  path = /media/storage/public
  public = yes
  read only = no
  writable = no
  write list = bob
  guest ok = yes

This sets up a share named public which is shown when browsing the server to any user with rights to do so. You can see it is public, but not writable except for bob and that it is ok for guests to login.

[global]
  # ...
  guest account = nobody

Which defines the account to use when authenticating guests. Don’t forget to create this user using smbpasswd -an nobody. This will create the user with no password.

[global]
  #...
  map to guest = bad user

This maps any unknown username to the specified guest user, so login always succeeds.

Useful commands

• sudo service smbd restart - restarts samba server (reloads config)

Links

• Samba
• Configuring anonymous public shares with Samba 3
• Linux and Unix groupadd command
• Howto: Linux Add User To Group
• Howto: Use chmod and chown Command