A networked file share was one of the main drivers for purchasing our server in the first place, but it also proved to be the hardest part of setting up the entire machine! Anyway, it all got resolved in the end, and here’s how I did it…<\/p>\n
First, install Samba:<\/p>\n
sudo apt-get install samba<\/pre>\nAfter this, it all fell apart for me! It should be a case of creating the folder(s) and then just defining shares, using the following style, in \/etc\/samba\/smb.conf<\/strong>:<\/p>\n
[TheShareName]\r\ncomment = My share for holding files\r\npath = \/path\/to\/share\r\nhosts allow = 192.168.1.<\/pre>\nYou can then restart the service for your share(s) to become visible:<\/p>\n
service smbd restart<\/pre>\nThere are loads of different parameters you can stick into each share definition, and tutorials for this abound online<\/a>, but I was having no luck whatsoever. When I connected from our Mac or Windows boxes, sometimes the shares would appear and sometimes not, and then I’d occassionally be able to see directories but not open them, and occasionally have full write access. In the end I gave in and reinstalled Samba:<\/p>\n
sudo apt-get install -reinstall samba<\/pre>\nMy first attempt again resulted in failure, so I scoured the internet (without much hope) until I eventually stumbled across this guide on the Linux Gazette<\/a>. I decided to followe every single step, word-for-word, and thankfully it worked perfectly! The key points included a different parameter for use when defining shares, which I’d not seen before – write list<\/strong>. This gives the Linux user groups which are allowed to write to the share.<\/p>\n
[Winshare]\r\ncomment = Samba test share\r\npath = \/srv\/samba\/winshare\r\nhosts allow = 10.0.2.\r\nbrowseable = yes\r\nwrite list = +smbuser<\/pre>\nAfter setting this up, I checked it was working as expected using testparm<\/strong>, which looks for errors in smb.conf<\/strong> (just run the single testparm<\/strong> command in a terminal window). There were none, so next was user administration. The user accounts on my system are already set up, so I can just create a new user group and add the existing users:<\/p>\n
sudo groupadd smbuser\r\nsudo usermod -a -G smbuser myusername<\/pre>\nTo review the groups and their associated users, run the following:<\/p>\n
cat \/etc\/group<\/pre>\nWhen you’re happy that everyone who’ll be connecting to the share is included in the relevant security group (smbuser<\/em> in this case), you can set them a Samba password each:<\/p>\n
smbpasswd -a myusername<\/pre>\nNow that the users are created and have passwords, you can create the shared folder itself.<\/p>\n
sudo mkdir \/path\/to\/share<\/pre>\nFinally, amend the owner and permissions on the folder so that everyone in the security group we created earlier on can both view and edit files:<\/p>\n
chown .smbuser \/path\/to\/share\/\r\nchmod 2775 \/path\/to\/share\/<\/pre>\nYou can test the connection locally using the smbclient<\/strong> command-line tool:<\/p>\n
smbclient -U myusername%mypassword \/\/localhost\/thesharename<\/pre>\nA simple ls<\/strong> should show the contents of the folder. The last few steps, about creating the folder and assigning the owner and permissions, proved to be the crucial ones for me. Without the Linux Gazette article I’m not sure I would ever have got it sorted! It’s now working beautifully for us, connecting from both Windows and Mac machines.<\/p>\n
Once your Samba server is set up, you may want to think about securing it further. samba.org has a page on securing a server<\/a>, which includes the use of hosts allow and hosts deny commands to control access. For example, the following blocks access from anywhere except the local network:<\/p>\n
hosts allow = 192.168.1.
\nhosts deny = 0.0.0.0\/0<\/code><\/p>\nBy default, smb.conf<\/strong> also includes the line:<\/p>\n
security = user<\/pre>\nThis means that only people with username and passwords can connect. Remember when you’re connecting to the share that you should be using the username and password set up on the server as discussed above, rather than the username and password for the machine you’re connecting from<\/em>.<\/p>\n