Samba configuration

I started to write this post for more than a 2 years ago and because i was to busy to finish it. But now here is it, better late than never.

The Goal

The goal is simple. There is a need of having a central storage of shared and private documents for small (rarely changing) user group. We have windows and Linux PC that have to access this centralized file storage. A user-friendly access as well minimum of maintenance are also goals here. Furthermore base level of security is a goal here as well.

However the peresented configuration as I think is quite suituable for private use, small working groups and even kinds of small businesses.

The Solution

It think it's not a bad idea to have two different data spaces: private and shared. An this separation leads to simple rules of usage:

  • Every user can read own documents and documents of other users in the shared place.
  • write and delete is only permitted in user's private directory.

Let's get concrete and that is the point where Samba goes in to play. Configuration presented below where tested on Debian 5 (Lenny) and shortly on Debian 7 (Wheezy) and works from now on more than two years without any problems.

1. Install samba

 apt-get install samba

2. Backup initial configuration

cp /etc/samba/smb.conf /etc/samba/smb.conf_original  

3. Create shared spaces

 # Create new root.
mkdir /srv/samba  
 # Create mount point for documents
mkdir /srv/samba/shared  
 # Create mount point for personal
mkdir /srv/samba/private

 # Create general gorup of samba users
addgroup smbusers  
 # giv 'em some rights.
chown root:smbusers /srv/samba/shared/  
chown root:smbusers /srv/samba/private/  
# define umask
chmod 2770 /srv/samba/shared/  
chmod 770 /srv/samba/private/  

4. Change configuration file

Now edit /etc/samba/smb.conf file. Just replace the content with the following:

[global]
    server string = Samba server %v
    unix password sync = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    panic action = /usr/share/samba/panic-action %d
    idmap config * : backend = tdb

[homes]
    comment = Home Directories
    read only = No
    create mask = 0700
    directory mask = 0700
    browseable = No

[shared]
    comment = Freigabe documents
    path = /srv/samba/shared
    read only = No
    create mask = 0770
    directory mask = 0770

[private]
    comment = Freigabe privat
    path = /srv/samba/private
    read only = No

Test made configurations with:

testparm  

5. Add users

Le'ts add two users with their private places and access to the shared place. So here are Alexander and Rebecca.

useradd -g smbusers -G users alexander  
useradd -g smbusers -G users rebecca  
mkdir /srv/samba/private/alexander  
mkdir /srv/samba/private/rebecca

chmod 750 -R /srv/samba/private/  
chown alexander:smbusers /srv/samba/private/alexander/  
chown rebecca:smbusers/srv/samba/private/rebecca/  

Now don't forget to set password for Samba users with:

smbpasswd -a alexander  
smbpasswd -a rebecca  

Note the following directives in your smb.conf will cause automatically change of UNIX user password on smb password changes, So don't say i didn't warned you ;)

unix password sync = Yes  
pam password change = Yes  

Have fun!