UHS4 – Samba file server

Written by Haydn Williams

A networked file share was one of the main drivers for purchasing our server in the first place, but it also proved to be the hardest part of setting up the entire machine! Anyway, it all got resolved in the end, and here’s how I did it…

First, install Samba:

sudo apt-get install samba

After this, it all fell apart for me! It should be a case of creating the folder(s) and then just defining shares, using the following style, in /etc/samba/smb.conf:

[TheShareName]
comment = My share for holding files
path = /path/to/share
hosts allow = 192.168.1.

You can then restart the service for your share(s) to become visible:

service smbd restart

There are loads of different parameters you can stick into each share definition, and tutorials for this abound online, but I was having no luck whatsoever. When I connected from our Mac or Windows boxes, sometimes the shares would appear and sometimes not, and then I’d occassionally be able to see directories but not open them, and occasionally have full write access. In the end I gave in and reinstalled Samba:

sudo apt-get install -reinstall samba

My first attempt again resulted in failure, so I scoured the internet (without much hope) until I eventually stumbled across this guide on the Linux Gazette. I decided to followe every single step, word-for-word, and thankfully it worked perfectly! The key points included a different parameter for use when defining shares, which I’d not seen before – write list. This gives the Linux user groups which are allowed to write to the share.

[Winshare]
comment = Samba test share
path = /srv/samba/winshare
hosts allow = 10.0.2.
browseable = yes
write list = +smbuser

After setting this up, I checked it was working as expected using testparm, which looks for errors in smb.conf (just run the single testparm command in a terminal window). There were none, so next was user administration. The user accounts on my system are already set up, so I can just create a new user group and add the existing users:

sudo groupadd smbuser
sudo usermod -a -G smbuser myusername

To review the groups and their associated users, run the following:

cat /etc/group

When you’re happy that everyone who’ll be connecting to the share is included in the relevant security group (smbuser in this case), you can set them a Samba password each:

smbpasswd -a myusername

Now that the users are created and have passwords, you can create the shared folder itself.

sudo mkdir /path/to/share

Finally, amend the owner and permissions on the folder so that everyone in the security group we created earlier on can both view and edit files:

chown .smbuser /path/to/share/
chmod 2775 /path/to/share/

You can test the connection locally using the smbclient command-line tool:

smbclient -U myusername%mypassword //localhost/thesharename

A simple ls should show the contents of the folder. The last few steps, about creating the folder and assigning the owner and permissions, proved to be the crucial ones for me. Without the Linux Gazette article I’m not sure I would ever have got it sorted! It’s now working beautifully for us, connecting from both Windows and Mac machines.

Once your Samba server is set up, you may want to think about securing it further. samba.org has a page on securing a server, which includes the use of hosts allow and hosts deny commands to control access. For example, the following blocks access from anywhere except the local network:

hosts allow = 192.168.1.
hosts deny = 0.0.0.0/0

By default, smb.conf also includes the line:

security = user

This means that only people with username and passwords can connect. Remember when you’re connecting to the share that you should be using the username and password set up on the server as discussed above, rather than the username and password for the machine you’re connecting from.

There’s more detailed information regarding rules and their application on the Configuration page of samba.org