Samba configuration

Posted by & filed under Linux, Software.

  • DZone
  • Reddit
  • HackerNews
  • Twitter
  • Facebook
  • Google Plus
  • Pinterest
  • StumbleUpon
  • LinkedIn
  • Tumblr
  • BlinkList
  • Mister Wong
  • Add to favorites
  • Email

This post was began for more than a 2 years ago and because i was to busy to finish it. But now here is it, better late than never.

The Goal

The goal is simple. There is a need of having a central storage of shared and private documents for small (rarely changing) user group. We have windows and Linux PC that have to access this centralized file storage. A user-friendly access as well minimum of maintenance are also goals here. Furthermore base level of security is a goal here as well.

However the peresented configuration as I think is quite suituable for private use, small working groups and even kinds of small businesses.

The Solution

Abstract

It think it’s not a bad idea to have two different data spaces: private and shared. An this separation leads to simple rules of usage:

  • Every user can read own documents and documents of other users in the shared place.
  • write and delete is only permitted in user’s private directory.

Concrete

Let’s get concrete and that is the point where Samba goes in to play. Configuration presented below where tested on Debian 5 (Lenny) and shortly on Debian 7 (Wheezy) and works from now on more than two years without any problems.

1. Install samba.

 apt-get install samba

2. Backup initial configuration

cp /etc/samba/smb.conf /etc/samba/smb.conf_original

3. Create shared spaces

 # Create new root.
mkdir /srv/samba
 # Create mount point for documents
mkdir /srv/samba/shared
 # Create mount point for personal
mkdir /srv/samba/private

 # Create general gorup of samba users
addgroup smbusers
 # giv 'em some rights.
chown root:smbusers /srv/samba/shared/
chown root:smbusers /srv/samba/private/
# define umask
chmod 2770 /srv/samba/shared/
chmod 770 /srv/samba/private/

4. Change configuration file.

Now edit /etc/samba/smb.conf file. Just replace the content with the following:

[global]
	server string = Samba server %v
	unix password sync = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb

[homes]
	comment = Home Directories
	read only = No
	create mask = 0700
	directory mask = 0700
	browseable = No

[shared]
	comment = Freigabe documents
	path = /srv/samba/shared
	read only = No
	create mask = 0770
	directory mask = 0770

[private]
	comment = Freigabe privat
	path = /srv/samba/private
	read only = No

Test made configurations with:

testparm

5. Add users

Le’ts add two users with their private places and access to the shared place. So here are Alexander and Rebecca.

useradd -g smbusers -G users alexander
useradd -g smbusers -G users rebecca
mkdir /srv/samba/private/alexander
mkdir /srv/samba/private/rebecca

chmod 750 -R /srv/samba/private/
chown alexander:smbusers /srv/samba/private/alexander/
chown rebecca:smbusers/srv/samba/private/rebecca/

Now don’t forget to set password for Samba users with:

smbpasswd -a alexander
smbpasswd -a rebecca

Note the following directives in your smb.conf will cause automatically change of UNIX user password on smb password changes, So don’t say i didn’t warned you ;) 

	unix password sync = Yes
	pam password change = Yes

More

Please let me know about your issues and ideas on this topic.

Resources: Samba Man pages

0 comments
  Livefyre
Newest | Oldest