We all know what Windows File Sharing is, sometimes known as SMB (Server Message Block) or CIFS (Common Internet File System). Samba is the equivalent and compatible server for file sharing on Linux. Samba allows you to deploy network shares that are accessible on Windows, Linux and all platforms that support CIFS (Common Internet File System) or SMB. CIFS is a dialect of SMB, but basically the same. Managing users and share permissions on Windows is almost always done via the GUI, whereas on Linux we’ll have to edit a configuration file. In this article I’ll explain how to setup a Samba share, and add users to your Linux system to safely share content and manage permissions.
Install Samba
First we need to install Samba. This is the server we’ll be running. Samba also comes with the tools needed to further setup users which we’ll need in the next step. To install Samba and make it run on startup run sudo apt install samba
and then sudo systemctl enable smbd
We will configure Samba later on. For now continue adding users.
Add new (non-login) users to Linux
Before we can tell the Samba server to give specific users permissions on shared folders we need accounts for those users. It can be confusing but it is good to know there are 2 users databases in this case: the Linux user, and the SMB user. Both need to exist to set share permissions. The first step is to add a new Linux system user. In this specific case we’ll add a non-login user (or system user). This means the user will not be able to login via SSH and has no further access to the system.
sudo adduser <username> --system --no-create-home --disabled-login
We now have a new Linux user. Notice that the system did not prompt for a password. The next step is to create a Samba user. Now we will set a password. Run the following command:
sudo smbpasswd -a <username>
Provide a password for the user when asked.
Configure Samba and create shares
Now we can setup a Samba share. Edit /etc/samba/smb.conf , and scroll to the end of the file.
Add a section like this to create a share:
[Pictures]
comment = Pictures
path = /media/Pictures
browseable = yes
read only = yes
guest ok = yes
write list = stijn
The options are self explanatory. Use the path directive to specify the location of your share. Furthermore you can use several security options to set the permissions. See the table below for the available options.
Option | Parameters | Function | Default | Scope |
---|---|---|---|---|
admin users | string (list of usernames) | Specifies a list of users who can perform operations as root. | None | Share |
valid users | string (list of usernames) | Specifies a list of users that can connect to a share. | None | Share |
invalid users | string (list of usernames) | Specifies a list of users that will be denied access to a share. | None | Share |
read list | string (list of usernames) | Specifies a list of users that have read-only access to a writable share. | None | Share |
write list | string (list of usernames) | Specifies a list of users that have read-write access to a read-only share. | None | Share |
max connections | numerical | Indicates the maximum number of connections for a share at a given time. | 0 | Share |
guest only (only guest) | boolean | Specifies that this share allows only guest access. | no | Share |
guest account | string (name of account) | Names the Unix account that will be used for guest access. | nobody | Share |
guest ok | boolean | Specifies that this share allows guest users | no | Share |
To create a share that is not accessible for guests, but only specific users use the following settings:
browseable = yes
read only = no
guest ok = no
write list = stijn
valid users = stijn
That’s it! You’re done setting up shares. If you have permission errors please make sure to check file and folder permission on the actual folder. I do not recommend this, but a quick and dirty work-around is to apply world read and write permissions on your data (chmod 777 -R /path/to/data
). This can be useful to check if your Samba server is working correctly.